About security policies
To give people instructions for reporting security vulnerabilities in your project, you can add a SECURITY.md file to your repository's root, docs, or .github folder. When someone creates an issue in your repository, they will see a link to your project's security policy.
You can create a default security policy for your organization or user account. For more information, see "Creating a default community health file."
Tip: To help people find your security policy, you can link to your SECURITY.md file from other places in your repository, such as your README file. For more information, see "About READMEs."
After someone reports a security vulnerability in your project, you can use GitHub Security Advisories to disclose, fix, and publish information about the vulnerability. For more information about the process of reporting and disclosing vulnerabilities in GitHub, see "About coordinated disclosure of security vulnerabilities." For more information about GitHub Security Advisories, see "About GitHub Security Advisories."
您也可以加入 GitHub Security Lab,以便浏览安全主题并参与安全工具和项目。
Adding a security policy to your repository
-
在 GitHub.com 上,导航到仓库的主页面。
-
在仓库名称下,单击 Security(安全)。
-
In the left sidebar, click Security policy.
-
Click Start setup.
-
In the new SECURITY.md file, add information about supported versions of your project and how to report a vulnerability.
-
在页面底部,输入一条简短、有意义的提交消息,描述您对文件所作的更改。 您可以在提交消息中将提交归于多个作者。 更多信息请参阅“创建有多个合作作者的提交”。
-
If you have more than one email address associated with your account on GitHub.com, click the email address drop-down menu and select the email address to use as the Git author email address. 只有经过验证的电子邮件地址才会出现在此下拉菜单中。 如果您启用了电子邮件地址隐私保护,则
<username>@users.noreply.github.com为默认的提交作者电子邮件地址。 更多信息请参阅“设置提交电子邮件地址”。
-
在提交消息字段下面,确定是要将提交添加到当前分支还是新分支。 如果当前分支是默认分支,则应选择为提交创建新分支,然后创建拉取请求。 更多信息请参阅“创建新的拉取请求”。
-
单击 Propose file change(提议文件更改)。
