Tiryoh · Tiryoh · Apr 6, 2026
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,35 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | :white_check_mark: |
+
+Only the latest release is supported with security updates.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, please report it through [GitHub Security Advisories](https://github.com/Tiryoh/actions-mkdocs/security/advisories/new).
+
+### Before Reporting
+
+- **Search existing advisories** to ensure the issue has not already been reported.
+- **Verify the vulnerability** by providing a clear proof of concept or reproduction steps.
+- **One report per vulnerability** — please do not submit multiple reports for the same or closely related issues.
+
+### What to Include
+
+- A clear description of the vulnerability
+- Steps to reproduce the issue
+- The potential impact
+- Suggested fix (if any)
+
+### What to Expect
+
+- If you do not receive any response within 3 days, please open a public issue to let us know that you have submitted a security advisory. Do not include vulnerability details in the issue — just notify us that a report is pending.
+- Duplicate, AI-generated, or low-quality reports without a valid proof of concept may be closed without further response.
+
+## Scope
+
+This security policy covers the `actions-mkdocs` GitHub Action itself. Vulnerabilities in upstream dependencies (e.g., MkDocs, mkdocs-material) should be reported to their respective projects.