fix: Added security mailbox

Author: marianoao

.github/workflows/sonar-cloud-analysis.yml

@@ -7,8 +7,8 @@ concurrency:
 on:
   workflow_dispatch:
   pull_request:
-    types: [closed]
-    branches: ['master']
+    types: [ closed ]
+    branches: [ 'master' ]
   release:
     types:
       - published
@@ -18,9 +18,9 @@ jobs:
     name: SonarCloud / Unit Tests
     timeout-minutes: 30
     if: ${{ ((github.event.pull_request.merged == true && github.base_ref == 'master') ||
-        (github.event_name == 'workflow_dispatch' ||
-        github.event_name == 'release'))
-        && vars.IS_INDITEXTECH_REPO == 'true' }}
+      (github.event_name == 'workflow_dispatch' ||
+      github.event_name == 'release'))
+      && vars.IS_INDITEXTECH_REPO == 'true' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
@@ -61,7 +61,7 @@ jobs:
           echo "github-repository=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2)" >> "$GITHUB_OUTPUT"
 
       - name: SonarCloud / Run SonarCloud action
-        uses: sonarsource/sonarqube-scan-action@v4
+        uses: SonarSource/sonarqube-scan-action@aa494459d7c39c106cc77b166de8b4250a32bb97 # v5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -77,4 +77,4 @@ jobs:
             -Dsonar.verbose=true
             -Dsonar.token=${SONAR_TOKEN}
             -Dsonar.python.version=3.10
-            -Dsonar.python.coverage.reportPaths=coverage*.xml
+            -Dsonar.python.coverage.reportPaths=coverage*.xml

SECURITY.md

@@ -14,7 +14,7 @@ We take the security of MCP Teams Server seriously. If you believe you have foun
 
 **Please do not report security vulnerabilities through public GitHub issues.**
 
-Instead, please report them via email to [INSERT SECURITY EMAIL]. You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
+Instead, please report them via email to [[email protected]](mailto:[email protected]). You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
 
 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: