caaee7a124
* Add back changes from prior to purge * Manually fix some invalid Liquid * Updoot render-content * Improve test messages to show correct output * Run el scripto * Pass the remaining test
2.5 KiB
title, intro, redirect_from, versions
| title | intro | redirect_from | versions | |||
|---|---|---|---|---|---|---|
| Adding a security policy to your repository | You can give instructions for how to responsibly report a security vulnerability in your project by adding a security policy to your repository. |
|
|
About security policies
To give people instructions for responsibly reporting security vulnerabilities in your project, you can add a SECURITY.md file to your repository's root, docs, or .github folder. When someone creates an issue in your repository, they will see a link to your project's security policy.
You can create a default security policy for your organization or user account. For more information, see "Creating a default community health file."
{% tip %}
Tip: To help people find your security policy, you can link to your SECURITY.md file from other places in your repository, such as your README file. For more information, see "About READMEs."
{% endtip %}
After someone reports a security vulnerability in your project, you can use {% data variables.product.prodname_security_advisories %} to disclose, fix, and publish information about the vulnerability. For more information, see "About {% data variables.product.prodname_security_advisories %}."
{% data reusables.repositories.github-security-lab %}
Adding a security policy to your repository
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
3. In the left sidebar, click Policy.
4. Click Start setup.
5. In the new SECURITY.md file, add information about supported versions of your project and how to report a vulnerability.
{% data reusables.files.write_commit_message %}
{% data reusables.files.choose-commit-email %}
{% data reusables.files.choose_commit_branch %}
{% data reusables.files.propose_file_change %}
Further reading
- "About securing your repository"
- "Setting up your project for healthy contributions"
- [{% data variables.product.prodname_security %}]({% data variables.product.prodname_security_link %})