From a6d45262c021e51038cb25dbab6d51c7d75e774d Mon Sep 17 00:00:00 2001
From: Peter Hanssens <phanssens1@gmail.com>
Date: Fri, 22 May 2026 21:54:00 +1000
Subject: [PATCH] docs: add note about active CI monitoring in SECURITY.md

---
 ui/SECURITY.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ui/SECURITY.md b/ui/SECURITY.md
index 9eb9ce0..ed2455e 100644
--- a/ui/SECURITY.md
+++ b/ui/SECURITY.md
@@ -88,3 +88,6 @@ Optional hardening: Socket.dev, `npm ci --ignore-scripts`, Dependabot/Renovate g
 ## Contacts
 
 Security issues in SQLForge core: follow the org’s responsible disclosure process. For UI-only dependency concerns, include `package-lock.json` diff and `npm audit` output in the PR.
+
+Note: Every PR touching the `ui/` directory is automatically analyzed by the UI supply chain CI workflow.
+