Provide public security contact information
Introduced in GitLab 16.7.
Organizations can facilitate the responsible disclosure of security issues by
providing public contact information. GitLab supports using a
security.txt
file for this purpose.
Administrators can add a security.txt
file using the GitLab UI or the
REST API.
Any content added is made available at
https://gitlab.example.com/.well-known/security.txt
. Authentication is not
required to view this file.
To configure a security.txt
file:
- On the left sidebar, select Search or go to.
- Select Admin Area.
- Select Settings > General.
- Expand the Add security contact information section.
- In Content for security.txt, enter security contact information in the format documented at https://securitytxt.org/.
- Select Save changes.
For information about how to respond if you receive a report, see Responding to security incidents.
Example security.txt
file
The format of this information is documented at https://securitytxt.org/.
An example security.txt
file is:
Contact: mailto:security@example.com
Expires: 2024-12-31T23:59Z