diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..99a2517
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## General
+
+This project doesn't provide any original application - it only provides container images, which are always built with latest available versions of RPM packages.
+Because of that, when a vulnerability is detected, I can only wait for the Rocky distribution maintainers to fix the packages on their repos.
+
+I'm working on making weekly builds of the image. In case of emergency, I'll trigger a manual build, to fix any critical vulerabilities ASAP.
+
+## Reporting a Vulnerability
+
+If you find a vulnerability in the container image, please open up an issue or email me at artur.borys13@gmail.com