From 6dadf4bd7a8d040c154a0f2fc75eda8437652118 Mon Sep 17 00:00:00 2001
From: Adam DeHaven <2229946+adamdehaven@users.noreply.github.com>
Date: Tue, 21 Jan 2025 10:08:08 -0500
Subject: [PATCH] docs(security): approvals (#497)

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 1db4fc1d..de49de8e 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ Kong's open-source, Vue icon component library, partially sourced from [Google's
   - [Testing](#testing)
   - [Build for production](#build-for-production)
   - [Committing Changes](#committing-changes)
+  - [Approvals](#approvals)
   - [Package Publishing](#package-publishing)
 
 ## Usage
@@ -231,6 +232,14 @@ This will trigger the Commitizen interactive prompt for building your commit mes
 
 Additionally, CI will use `commitlint` to validate the commits associated with a PR in the `Lint and Validate` job.
 
+### Approvals
+
+- All pull requests require review and approval from authorized team members.
+- Automated approvals through workflows are strictly prohibited.
+  - There is an exception for automated pull request approvals originating from generated dependency updates that satisfy status checks and other requirements.
+- Protected branches require at least one approval from code owners.
+- All status checks must pass before a pull request may be merged.
+
 ### Package Publishing
 
 This repository utilizes [Semantic Release](https://github.com/semantic-release/semantic-release) for automated package publishing and version updates.