Adds dependabot, maven build PR CI and SECURITY.md

Author: emmartins

.github/dependabot.yml

@@ -0,0 +1,18 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in the
+    # default location of `.github/workflows`
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/maven.yml

@@ -0,0 +1,34 @@
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Project CI
+
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  build:
+
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 90
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest ]
+        java: ['11', '17']
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK ${{ matrix.java }}
+      uses: actions/setup-java@v3
+      with:
+        java-version: ${{ matrix.java }}
+        distribution: 'temurin'
+        cache: 'maven'
+    - name: Build with Maven - ${{ matrix.os }} - JDK ${{ matrix.java }}
+      run: mvn -B clean install

.gitignore

@@ -4,4 +4,5 @@ target
 .classpath
 .idea
 *.iml
+.DS_Store
 

SECURITY.md

@@ -0,0 +1,23 @@
+# Reporting of CVEs and Security Issues
+
+## The WildFly community and our sponsor, Red Hat, take security bugs very seriously
+
+We aim to take immediate action to address serious security-related problems that involve our projects. 
+
+Note that we will only fix such issues in the most recent minor release of WildFly.
+
+## Reporting of Security Issues
+
+When reporting a security vulnerability it is important to not accidentally broadcast to the world that the issue exists, as this makes it easier for people to exploit it. The software industry uses the term <a href="https://www.redhat.com/en/blog/security-embargoes-red-hat">embargo</a> to describe the time a security issue is known internally until it is public knowledge.
+
+Our preferred way of reporting security issues in WildFly and its related projects is listed below.
+
+### Email the mailing list
+
+The list at <a href="mailto:[email protected]">[email protected]</a> is the preferred mechanism for outside users to report security issues. A member of the WildFly team will open the required issues.
+
+### Other considerations
+
+If you would like to work with us on a fix for the security vulnerability, please include your GitHub username in the above email, and we will provide you access to a temporary private fork where we can collaborate on a fix without it being disclosed publicly, **including in your own publicly visible git repository**.
+
+Do not open a public issue, send a pull request, or disclose any information about the suspected vulnerability publicly, **including in your own publicly visible git repository**. If you discover any publicly disclosed security vulnerabilities, please notify us immediately through <a href="mailto:[email protected]">[email protected]</a>