Add security guidance (#1845)

2024-05-30 17:00:13 +10:00 · 2024-05-30 17:00:13 +10:00 · a7e8fc6e84
--- a/docs/concepts/security.md
+++ b/docs/concepts/security.md
@ -0,0 +1,41 @@
+# Security guidance
+
+!!! Abstract
+    The following is information provides consolidated guidance for customers on security when using PSRule.
+
+## PowerShell usage guidance
+
+PSRule supports and recommends using PowerShell security features to secure your environment.
+Additionally from PSRule v3.0.0, supports:
+
+- **Disabling PowerShell rules** &mdash; However this will impact rules modules that implement PowerShell rules.
+  For details on disabling PowerShell rules see [Execution.RestrictScriptSource][2].
+
+Continue reading [PowerShell security features][1] to learn more about how to secure your PowerShell environment.
+
+  [1]: https://learn.microsoft.com/powershell/scripting/security/security-features?view=powershell-7.4
+  [2]: PSRule/en-US/about_PSRule_Options.md#executionrestrictscriptsource
+
+## Software Bill of Materials (SBOM)
+
+Beginning with v2.1.0, PSRule contains a Software Bill of Materials (SBOM).
+The SBOM can be found at `_manifest/spdx_2.2/manifest.spdx.json` within the module root.
+
+Things to note:
+
+- When installing the module using `Install-Module` or `Update-Module`,
+  PowerShell creates a metadata file `PSGetModuleInfo.xml` in the module root.
+  This file is used to keep track of when and where the module was installed from.
+  As a result, this file is not included in the SBOM.
+  The `PSGetModuleInfo.xml` file is not required for the module to function.
+
+For more information about this initiative,
+see the blog post [Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft][3].
+
+  [3]: https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/
+
+## Reporting security issues
+
+If you have a security issue to report please see our [security policy][4].
+
+  [4]: https://github.com/microsoft/PSRule/security/policy
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -83,10 +83,6 @@ nav:
          - Deprecations: deprecations.md
          - Changes and versioning: versioning.md
      - Support: support.md
-    # - Setup:
-    #   - Configuring options: setup/configuring-options.md
-    #   - Configuring rule defaults: setup/configuring-rules.md
-    #   - Configuring expansion: setup/configuring-expansion.md
  - Reference:
      - PowerShell cmdlets:
          - Assert-PSRule: commands/PSRule/en-US/Assert-PSRule.md
@ -108,6 +104,7 @@ nav:
      - Keywords: keywords/PSRule/en-US/about_PSRule_Keywords.md
      - Options: concepts/PSRule/en-US/about_PSRule_Options.md
      - Rules: concepts/PSRule/en-US/about_PSRule_Rules.md
+      - Security guidance: concepts/security.md
      - Selectors: concepts/PSRule/en-US/about_PSRule_Selectors.md
      - Suppression Groups: concepts/PSRule/en-US/about_PSRule_SuppressionGroups.md
      - Variables: concepts/PSRule/en-US/about_PSRule_Variables.md
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@ -1,9 +1,9 @@
-mkdocs==1.5.3
-mkdocs-material==9.5.17
-pymdown-extensions==10.7.1
-mike==2.0.0
+mkdocs==1.6.0
+mkdocs-material==9.5.25
+pymdown-extensions==10.8.1
+mike==2.1.1
 mkdocs-simple-hooks==0.1.5
-mkdocs-git-revision-date-localized-plugin==1.2.4
+mkdocs-git-revision-date-localized-plugin==1.2.5
 mkdocs-git-committers-plugin-2==2.3.0
 mdx-truly-sane-lists==1.3
 mkdocs-redirects==1.2.1