jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity
Files
42d5f37abd0610bff60174aadb0febb5168db9dc
docs/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md
mc 42d5f37abd Private vulnerability reporting (beta) (#32124) 
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Robert Thorpe II <rthorpeii@github.com>
2022-11-03 09:43:32 +00:00

3.9 KiB
Raw Blame History

title, intro, redirect_from, versions, type, topics, shortTitle
title intro redirect_from versions type topics shortTitle
Adding a security policy to your repository You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository.
/articles/adding-a-security-policy-to-your-repository
/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository
/github/code-security/security-advisories/adding-a-security-policy-to-your-repository
fpt ghes ghae ghec
* * * *
how_to
Security policies
Vulnerabilities
Repositories
Health
Add a security policy

About security policies

To give people instructions for reporting security vulnerabilities in your project,{% ifversion fpt or ghes or ghec %} you can add a SECURITY.md file to your repository's root, docs, or .github folder.{% else %} you can add a SECURITY.md file to your repository's root, or docs folder.{% endif %} When someone creates an issue in your repository, they will see a link to your project's security policy.

{% ifversion not ghae %}

You can create a default security policy for your organization or personal account. For more information, see "Creating a default community health file." {% endif %}

{% tip %}

Tip: To help people find your security policy, you can link to your SECURITY.md file from other places in your repository, such as your README file. For more information, see "About READMEs."

{% endtip %}

{% ifversion fpt or ghec %} After someone reports a security vulnerability in your project, you can use {% data variables.product.prodname_security_advisories %} to disclose, fix, and publish information about the vulnerability. For more information about the process of reporting and disclosing vulnerabilities in {% data variables.product.prodname_dotcom %}, see "About coordinated disclosure of security vulnerabilities." For more information about repository security advisories, see "About repository security advisories."

{% data reusables.repositories.github-security-lab %} {% endif %} {% ifversion ghes or ghae %}

By making security reporting instructions clearly available, you make it easy for your users to report any security vulnerabilities they find in your repository using your preferred communication channel. {% endif %}

Adding a security policy to your repository

{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %} 3. In the left sidebar, click Security policy. Security policy tab 4. Click Start setup. Start setup button 5. In the new SECURITY.md file, add information about supported versions of your project and how to report a vulnerability. {% data reusables.files.write_commit_message %} {% data reusables.files.choose-commit-email %} {% data reusables.files.choose_commit_branch %} {% data reusables.files.propose_file_change %}

Further reading

Reference in New Issue View Git Blame Copy Permalink