image

Security.txt is a simple way to have information regarding your security reporting process available for any researcher who may have found a vulnerability in your project.

It involves adding a file, security.txt, to the .well-known directory of your project. If your project is on GitHub Pages you must do things a little differently to make it viewable in the browser.

First of create a file security.txt and put in the root directory of your project.

Edit security.txt and add the following as the header.

---
layout: none
permalink: .well-known/security.txt
---

Below the header add the suggested information as per the security.txt website.

Save your file and publish it as per your normal means. You will now have your security contact conveniently located at yourdomain.com/.well-known/security.txt