3.7 KiB
title, intro, redirect_from, versions, type, topics, shortTitle
| title | intro | redirect_from | versions | type | topics | shortTitle | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Adding a security policy to your repository | You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository. |
|
|
how_to |
|
Add a security policy |
About security policies
To give people instructions for reporting security vulnerabilities in your project,{% ifversion fpt or ghes or ghec %} you can add a SECURITY.md file to your repository's root, docs, or .github folder.{% else %} you can add a SECURITY.md file to your repository's root, or docs folder.{% endif %} When someone creates an issue in your repository, they will see a link to your project's security policy.
{% ifversion not ghae %}
You can create a default security policy for your organization or personal account. For more information, see "AUTOTITLE." {% endif %}
{% tip %}
Tip: To help people find your security policy, you can link to your SECURITY.md file from other places in your repository, such as your README file. For more information, see "AUTOTITLE."
{% endtip %}
{% ifversion fpt or ghec %} After someone reports a security vulnerability in your project, you can use {% data variables.product.prodname_security_advisories %} to disclose, fix, and publish information about the vulnerability. For more information about the process of reporting and disclosing vulnerabilities in {% data variables.product.prodname_dotcom %}, see "AUTOTITLE." For more information about repository security advisories, see "AUTOTITLE."
{% data reusables.repositories.github-security-lab %} {% endif %} {% ifversion ghes or ghae %}
By making security reporting instructions clearly available, you make it easy for your users to report any security vulnerabilities they find in your repository using your preferred communication channel. {% endif %}
Adding a security policy to your repository
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %}
- In the left sidebar, under "Reporting", click {% octicon "law" aria-hidden="true" %} Policy.
- Click Start setup.
- In the new
SECURITY.mdfile, add information about supported versions of your project and how to report a vulnerability. {% data reusables.files.write_commit_message %} {% data reusables.files.choose-commit-email %} {% data reusables.files.choose_commit_branch %} {% data reusables.files.propose_file_change %}