3e19e9539b
* Create new articles, update index * Update links to changed filename * Add "GitHub security features" article * Add "Securing your repository" guide * Add versioning for article link * Update intro * Add "Securing your organization" guide * add missing liquid tag * fix failing tests * add reviewer feedback * Update index to use `children` frontmatter * Add dependency review to "securing your org" * Update AE versioning * Add dependency review to "securing your repo" * Clarify where a button is located * Update links to renamed article * Move dependency graph info * Add table of security features * Remove full stops from list items * Remove table of security features * update versioning
4.0 KiB
title, intro, redirect_from, versions, topics
| title | intro | redirect_from | versions | topics | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Adding a security policy to your repository | You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository. |
|
|
|
About security policies
To give people instructions for reporting security vulnerabilities in your project,{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} you can add a SECURITY.md file to your repository's root, docs, or .github folder.{% else %} you can add a SECURITY.md file to your repository's root, or docs folder.{% endif %} When someone creates an issue in your repository, they will see a link to your project's security policy.
{% if currentVersion != 'github-ae@next' %}
You can create a default security policy for your organization or user account. For more information, see "Creating a default community health file." {% endif %}
{% tip %}
Tip: To help people find your security policy, you can link to your SECURITY.md file from other places in your repository, such as your README file. For more information, see "About READMEs."
{% endtip %}
{% if currentVersion == "free-pro-team@latest" %} After someone reports a security vulnerability in your project, you can use {% data variables.product.prodname_security_advisories %} to disclose, fix, and publish information about the vulnerability. For more information about the process of reporting and disclosing vulnerabilities in {% data variables.product.prodname_dotcom %}, see "About coordinated disclosure of security vulnerabilities." For more information about {% data variables.product.prodname_security_advisories %}, see "About {% data variables.product.prodname_security_advisories %}."
{% data reusables.repositories.github-security-lab %} {% endif %} {% if currentVersion ver_gt "enterprise-server@3.0" or currentVersion == 'github-ae@next' %}
By making security reporting instructions clearly available, you make it easy for your users to report any security vulnerabilities they find in your repository using your preferred communication channel. {% endif %}
Adding a security policy to your repository
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
3. In the left sidebar, click Security policy.
4. Click Start setup.
5. In the new SECURITY.md file, add information about supported versions of your project and how to report a vulnerability.
{% data reusables.files.write_commit_message %}
{% data reusables.files.choose-commit-email %}
{% data reusables.files.choose_commit_branch %}
{% data reusables.files.propose_file_change %}
Further reading
- "Securing your repository"{% if currentVersion != 'github-ae@next' %}
- "Setting up your project for healthy contributions"{% endif %}{% if currentVersion == "free-pro-team@latest" %}
- [{% data variables.product.prodname_security %}]({% data variables.product.prodname_security_link %}){% endif %}