Add security guidance (#1845)

docs/concepts/security.md

@@ -0,0 +1,41 @@
+# Security guidance
+
+!!! Abstract
+    The following is information provides consolidated guidance for customers on security when using PSRule.
+
+## PowerShell usage guidance
+
+PSRule supports and recommends using PowerShell security features to secure your environment.
+Additionally from PSRule v3.0.0, supports:
+
+- **Disabling PowerShell rules** — However this will impact rules modules that implement PowerShell rules.
+  For details on disabling PowerShell rules see [Execution.RestrictScriptSource][2].
+
+Continue reading [PowerShell security features][1] to learn more about how to secure your PowerShell environment.
+
+  [1]: https://learn.microsoft.com/powershell/scripting/security/security-features?view=powershell-7.4
+  [2]: PSRule/en-US/about_PSRule_Options.md#executionrestrictscriptsource
+
+## Software Bill of Materials (SBOM)
+
+Beginning with v2.1.0, PSRule contains a Software Bill of Materials (SBOM).
+The SBOM can be found at `_manifest/spdx_2.2/manifest.spdx.json` within the module root.
+
+Things to note:
+
+- When installing the module using `Install-Module` or `Update-Module`,
+  PowerShell creates a metadata file `PSGetModuleInfo.xml` in the module root.
+  This file is used to keep track of when and where the module was installed from.
+  As a result, this file is not included in the SBOM.
+  The `PSGetModuleInfo.xml` file is not required for the module to function.
+
+For more information about this initiative,
+see the blog post [Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft][3].
+
+  [3]: https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/
+
+## Reporting security issues
+
+If you have a security issue to report please see our [security policy][4].
+
+  [4]: https://github.com/microsoft/PSRule/security/policy

mkdocs.yml

@@ -83,10 +83,6 @@ nav:
           - Deprecations: deprecations.md
           - Changes and versioning: versioning.md
       - Support: support.md
-    # - Setup:
-    #   - Configuring options: setup/configuring-options.md
-    #   - Configuring rule defaults: setup/configuring-rules.md
-    #   - Configuring expansion: setup/configuring-expansion.md
   - Reference:
       - PowerShell cmdlets:
           - Assert-PSRule: commands/PSRule/en-US/Assert-PSRule.md
@@ -108,6 +104,7 @@ nav:
       - Keywords: keywords/PSRule/en-US/about_PSRule_Keywords.md
       - Options: concepts/PSRule/en-US/about_PSRule_Options.md
       - Rules: concepts/PSRule/en-US/about_PSRule_Rules.md
+      - Security guidance: concepts/security.md
       - Selectors: concepts/PSRule/en-US/about_PSRule_Selectors.md
       - Suppression Groups: concepts/PSRule/en-US/about_PSRule_SuppressionGroups.md
       - Variables: concepts/PSRule/en-US/about_PSRule_Variables.md

requirements-docs.txt

@@ -1,9 +1,9 @@
-mkdocs==1.5.3
+mkdocs==1.6.0
-mkdocs-material==9.5.17
+mkdocs-material==9.5.25
-pymdown-extensions==10.7.1
+pymdown-extensions==10.8.1
-mike==2.0.0
+mike==2.1.1
 mkdocs-simple-hooks==0.1.5
-mkdocs-git-revision-date-localized-plugin==1.2.4
+mkdocs-git-revision-date-localized-plugin==1.2.5
 mkdocs-git-committers-plugin-2==2.3.0
 mdx-truly-sane-lists==1.3
 mkdocs-redirects==1.2.1