Project
SecurityTemplate is a static website template for security pages, powered by Jekyll. It's easy to get started. Clone this repo, edit the configuration files and content to your liking, and publish with GitHub Pages or on your own server platform.
You can set up a local environment to test your SecurityTemplate static site, and push to GitHub if desired.
This project is a rapidly evolving work in progress. We value contributions from the public. Interested in checking out a live demo? Visit securitytemplate.site.
Structure
The template directory structure is as follows:
.
├── 404.html # 404 page.
├── advisories.md # Security advisories list.
├── assets # Page assets.
│ ├── css
│ │ └── styles.css
│ └── images
│ └── icon.png
├── _config.yml # Config file with all your variables.
├── _drafts
├── Gemfile
├── Gemfile.lock
├── hof.md # Hall of fame page.
├── _includes
│ └── advisory-list.html
├── index.md # Security policy.
├── _layouts
│ ├── default.html
│ └── post.html
├── LICENSE
├── _posts
│ └── 2017-07-22-cve-2017-0914.md # Example security advisory.
├── README.md
└── report.md
config.yml
company_name— replace this with your organization nameemail— replace this with your security contact addressbugcrowd_id— replace this with your Bugcrowd ID, if applicablehackerone_urlandbugcrowd_url— the /report URL will redirect to one of these, if specified.
index.md
The index file is where your security policy lives. To learn more about writing good security policies, please refer to https://support.hackerone.com/hc/en-us/articles/205624665-How-do-we-write-a-good-policy-.
advisories.md
This is where you can list your security advisories. The list is updated every time you add a security advisory to the _posts folder.
report.md
This file should contain contact information for security researchers to use when reporting a security vulnerability. If a HackerOne or Bugcrowd URL is specified in config.yml, users will be redirected automatically. You can also use an embedded Bugcrowd submission form. Just uncomment the form, and add your Bugcrowd embed token under bugcrowd_id in _config.yml.
hof.md
This is your security acknowledgements page. List the details of security researchers that reported valid security issues (and wish to be listed publicly).
.well-known/security.txt
security-template contains a security.txt template file. security.txt defines a standard to help organizations define the process for security researchers to safely disclose vulnerabilities via a simple text file. For more on this, please refer to https://securitytxt.org/.
Contributing
We welcome contributions from the public.
Using the issue tracker 💡
The issue tracker is the preferred channel for bug reports and features requests.
Issues and labels 🏷
The bug tracker utilizes several labels to help organize and identify issues.
Guidelines for bug reports 🐛
Use the GitHub issue search — check if the issue has already been reported.
Donations
If you would like to support this project, you can use any of the addresses below:
Liberapay: https://liberapay.com/EdOverflow
Bitcoin: 1E2fZRNrrkCKPnWpKZAsJzByBoyoBURADN
Ethereum: 0xe98FC23fB4A8762d700c0354979dA5Db6c29Acc3