Added SECURITY.md

2026-03-11 17:15:38 +00:00 · 2025-08-04 14:18:30 -04:00 · 2025-08-04 14:18:30 -04:00 · 34d30ef1e1
commit 34d30ef1e1
parent 7fd2021936
2 changed files with 11 additions and 0 deletions
--- a/docs/README.md
+++ b/docs/README.md
@ -156,6 +156,12 @@

 <h2>FAQ</h2>
 <p>
+  <h3>Is Blue Marble malware?</h3>
+  <p><b>A:</b> Blue Marble does not contain malicious code. The Blue Marble code can be found in the <code>src/</code> folder. If you worry about Blue Marble being malware, you can read the code, then bundle it yourself using the tools in <code>build/</code>.
+
+  <h3>How can Blue Marble place pixels for me?</h3>
+  <p><b>A:</b> Unfortunatly, Blue Marble will not support the automatic placement of pixels without user interaction.
+
  <h3>How do I hide the overlay?</h3>
  <p><b>A:</b> Turn the userscript off and refresh the page.</p>

--- a/docs/SECURITY.md
+++ b/docs/SECURITY.md
@ -0,0 +1,5 @@
+<h1>Reporting A Security Vulnerability</h1>
+<a href="" target="_blank" rel="noopener noreferrer"><img alt="CodeQL" src="https://github.com/SwingTheVine/Wplace-BlueMarble/actions/workflows/github-code-scanning/codeql/badge.svg"></a>
+<p>
+  Since this is a userscript, there will not be many vulnerabilities. The user is in charge of their own security, by choosing which scripts to run. Regardless, if you do find a security vulnerability in Blue Marble, please report it on the GitHub Security Advisory <a href="https://github.com/SwingTheVine/Wplace-BlueMarble/security/advisories/new">"Report a Vulnerability"</a> tab.
+</p>