Just like most repositories have a README.md file to provide instructions on how to contribute to the repository, a SECURITY.md file highlights security related information and instructions on how to handle security related issues and best practices.
This gives collaborators the important security information they need, but it also documents a place where maintainers can think about how they should deal with security disclosures, updates, and general security practices within this repository.
What should I include in my security policy?
Just like a README.md file, it really depends on your repository and the requirements and workflows. Here are a few common topics that are documented in a security policy:
Supported versions
How to responsibly report a security vulnerability
Adding a security policy
Just like most repositories have a
README.mdfile to provide instructions on how to contribute to the repository, aSECURITY.mdfile highlights security related information and instructions on how to handle security related issues and best practices.This gives collaborators the important security information they need, but it also documents a place where maintainers can think about how they should deal with security disclosures, updates, and general security practices within this repository.
What should I include in my security policy?
Just like a
README.mdfile, it really depends on your repository and the requirements and workflows. Here are a few common topics that are documented in a security policy:Step 6: Add a SECURITY.md file
LAGRANJ-patch-1Alternatively, you could also create a new file in the root directory called
SECURITY.md, write up a quick security policy, and open a pull request.I'll respond in your pull request with next steps.