Provide public security contact information
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
Organizations can facilitate the responsible disclosure of security issues by
providing public contact information. GitLab supports using a
security.txt file for this purpose.
Administrators can add a security.txt file using the GitLab UI or the
REST API.
Any content added is made available at
https://gitlab.example.com/.well-known/security.txt. Authentication is not
required to view this file.
To configure a security.txt file:
- On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select your avatar and then select Admin.
- Select Settings > General.
- Expand Add security contact information.
- In Content for security.txt, enter security contact information in the format documented at https://securitytxt.org/.
- Select Save changes.
For information about how to respond if you receive a report, see Responding to security incidents.
Example security.txt file
The format of this information is documented at https://securitytxt.org/.
An example security.txt file is:
Contact: mailto:security@example.com
Expires: 2024-12-31T23:59Z