Skip to main content

Adding a security policy to your repository

You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository.

About security policies

To give people instructions for reporting security vulnerabilities in your project, you can add a SECURITY.md file to your repository's root, docs, or .github folder. When someone creates an issue in your repository, they will see a link to your project's security policy.

You can create a default security policy for your organization or personal account. For more information, see "Creating a default community health file."

Tip: To help people find your security policy, you can link to your SECURITY.md file from other places in your repository, such as your README file. For more information, see "About READMEs."

By making security reporting instructions clearly available, you make it easy for your users to report any security vulnerabilities they find in your repository using your preferred communication channel.

Adding a security policy to your repository

  1. On your GitHub Enterprise Server instance, navigate to the main page of the repository.

  2. 在存储库名称下,单击“ 安全性”。 “安全”选项卡

  3. In the left sidebar, click Security policy. Security policy tab

  4. Click Start setup. Start setup button

  5. In the new SECURITY.md file, add information about supported versions of your project and how to report a vulnerability.

  6. 在页面底部,输入一条简短、有意义的提交消息,描述您对文件所作的更改。 您可以在提交消息中将提交归于多个作者。 有关详细信息,请参阅“创建具有多个共同作者的提交”。 更改的提交消息

  7. 在提交消息字段下面,确定是要将提交添加到当前分支还是新分支。 如果当前分支是默认分支,则应选择为提交创建新分支,然后创建拉取请求。 有关详细信息,请参阅“创建新的拉取请求”。 提交分支选项

  8. 单击“提议文件更改”。 提议文件更改按钮

Further reading