Create SECURITY.md file for each github repo

[btylerburton]

User Story

In order to be in compliance and follow best practices, datagovteam wants to create a SECURITY.md file for each github repo.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

• GIVEN [a contextual precondition]
  [AND optionally another precondition]
  WHEN [a triggering event] happens
  THEN [a verifiable outcome]
  [AND optionally another verifiable outcome]

Background

Related to:

• Security Policy violation SECURITY.md #4946
• Security Policy violation SECURITY.md #4956

Security Considerations (required)

[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!]

Sketch

• Review Github security policy guidelines to determine appropriate contents for SECURITY.md: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
  • Should it just borrow this text? https://github.com/GSA/https/blob/8271c90458204ca79220ea266fa88d6ed2c8515c/SECURITY.md?plain=1#L4
• Add the SECURITY.md file to each of the repos below:
  • https://github.com/GSA/data.gov
  • https://github.com/GSA/resources.data.gov
  • https://github.com/GSA/catalog.data.gov
  • https://github.com/GSA/ckanext-datagovtheme
  • https://github.com/GSA/ckanext-datajson
  • https://github.com/GSA/ckanext-metrics_dashboard
  • https://github.com/GSA/datagov-11ty
  • https://github.com/GSA/ckanext-geodatagov
  • https://github.com/GSA/datagov-ssb
  • https://github.com/GSA/inventory-app
  • https://github.com/GSA/datagov-logstack
  • https://github.com/GSA/data-strategy