Skip to main content
Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security Policy

A Security Policy is a repository’s `SECURITY.MD` file which describes everything auditors and users need to report a potential vulnerability.

The recommendation is that every repository containing code has a Security.md file.

Examples

image of security policy with text

image of security policy with table

Create a policy

To create a security policy from the template

  1. Navigate to your repository on GitHub
  2. Click on the “Security” tab
    Security tab
  3. Click on “Setup a security policy”
    Security policy template

Return to Guides