Publicamos atualizações frequentes em nossa documentação, e a tradução desta página ainda pode estar em andamento. Para obter as informações mais recentes, acesse a documentação em inglês. Se houver problemas com a tradução desta página, entre em contato conosco.

Free, Pro, & Team

Português do Brasil

Adding a security policy to your repository

Neste artigo

About security policies

Adding a security policy to your repository

Further reading

You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository.

About security policies

To give people instructions for reporting security vulnerabilities in your project, you can add a SECURITY.md file to your repository's root, docs, or .github folder. When someone creates an issue in your repository, they will see a link to your project's security policy.

You can create a default security policy for your organization or user account. For more information, see "Creating a default community health file."

Tip: To help people find your security policy, you can link to your SECURITY.md file from other places in your repository, such as your README file. For more information, see "About READMEs."

After someone reports a security vulnerability in your project, you can use Aviso de Segurança do GitHub to disclose, fix, and publish information about the vulnerability. For more information about the process of reporting and disclosing vulnerabilities in GitHub, see "About coordinated disclosure of security vulnerabilities." For more information about Aviso de Segurança do GitHub, see "About Aviso de Segurança do GitHub."

Você também pode participar de Laboratório de Segurança GitHub para pesquisar tópicos relacionados a segurança e contribuir com ferramentas e projetos de segurança.