[Task]: Update SECURITY.md (#9)

* Created stale.yml bot

* Create cla-check.yaml

* Update SECURITY.md

---------

Co-authored-by: Shonster88 <[email protected]>

.github/workflows/cla-check.yaml

@@ -0,0 +1,14 @@
+name: CLA check
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened, closed, synchronize]
+
+jobs:
+  cla-workflow:
+    uses: pimcore/workflows-collection-public/.github/workflows/[email protected]
+    if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+    secrets:
+      CLA_ACTION_ACCESS_TOKEN: ${{ secrets.CLA_ACTION_ACCESS_TOKEN }}

.github/workflows/stale.yml

@@ -0,0 +1,10 @@
+name: Handle stale issues
+
+on:
+  workflow_dispatch:
+  schedule:
+      - cron: '37 7 * * *'
+
+jobs:
+  call-stale-workflow:
+    uses: pimcore/workflows-collection-public/.github/workflows/[email protected]

SECURITY.md

@@ -0,0 +1,22 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you think that you have found a security issue, 
+don’t use the bug tracker and don’t publish it publicly. 
+Instead, all security issues must be reported via a private vulnerability report.
+
+Please follow the [instructions](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) to submit a private report.
+
+
+## Resolving Process
+Every submitted security issue is handled with top priority by following these steps: 
+
+1. Confirm the vulnerability
+2. Determine the severity
+3. Contact reporter
+4. Work on a patch
+5. Get a CVE identification number (may be done by the reporter or a security service provider)
+6. Patch reviewing 
+7. Tagging a new release for supported versions
+8. Publish security announcement