chore: Update security notice

jmgate · jmgate · commit b1019531ebf7 · 2025-03-11T11:48:13.000-06:00
The Best Practices Badge App suggests we should document what users can
expect from our project in terms of security.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,8 +1,16 @@
-# Security Vulnerabilities
+# Security
 
-If you discover a security vulnerability in `staged-script`, please head on
-over to the [Security Advisories page][advisories] and
-draft a new advisory.  We thank you in advance for helping to improve the
-security of this package.
+We run the [`flake8-bandit`][bandit] security scanner via `pre-commit`,
+and require it to pass, to ensure known security vulnerabilities don't
+make it into our code base.
+
+[bandit]:  https://pypi.org/project/flake8-bandit/
+
+## Security Vulnerabilities
+
+If you discover a security vulnerability in `staged-script`, please head
+on over to the [Security Advisories page][advisories] and draft a new
+advisory.  We thank you in advance for helping to improve the security
+of this package.
 
 [advisories]:  https://github.com/sandialabs/staged-script/security/advisories
