Add a Security Policy
github-learning-lab opened this issue · 0 comments
Adding a security policy
Just like most repositories have a README.md file to provide instructions on how to contribute to the repository, a SECURITY.md file highlights security related information and instructions on how to handle security related issues and best practices.
This gives collaborators the important security information they need, but it also documents a place where maintainers can think about how they should deal with security disclosures, updates, and general security practices within this repository.
What should I include in my security policy?
Just like a README.md file, it really depends on your repository and the requirements and workflows. Here are a few common topics that are documented in a security policy:
- Supported versions
- How to responsibly report a security vulnerability
- Security related configuration
- Known security gaps and future enhancements
Step 6: Add a SECURITY.md file
- Navigate to the Security tab
- Click on Security Policy located in the left sidebar
- Click the Start Setup button
- Commit the template security policy to the new branch as selected
ntrogh-patch-1 - Commit the new file and create the pull request
Alternatively, you could also create a new file in the root directory called SECURITY.md, write up a quick security policy, and open a pull request.