Create Security Policy for Jenkins-X project

Set up the GitHub security policy

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+The Jenkins X project takes security seriously. We make every possible effort to ensure users can adequately secure their automation infrastructure. To that end, we work with Jenkins X platform and app developers, as well as security researchers, to fix security vulnerabilities in Jenkins X in a timely manner, and to improve the security of Jenkins X in general.
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.0.x   | :white_check_mark: |
+
+
+## Reporting a Vulnerability
+
+If you find a vulnerability in Jenkins X, please report it in the Jenkins CI issue tracker under the [SECURITY](https://issues.jenkins-ci.org/browse/SECURITY) project. **Please do not report security issues in the github tracker.**
+This project is configured in such a way that only the reporter and the security team can see the details. By restricting access to this potentially sensitive information, we can work on a fix and deliver it before the method of attack becomes well-known.
+
+If you are unable to report using the above issue tracker, you can also send your report to the private Jenkins Security Team mailing list: [email protected]
+
+## Vulnerabilities in Apps
+
+Whilst the Jenkins X team is not responsible for the quality of third party apps, please still use the above reporting mechanism and we will co-ordinate with the app developer to ensure a fix in a secure maner.