Provide public security contact information

Tier: Free, Premium, Ultimate Offering: Self-managed
History

Organizations can facilitate the responsible disclosure of security issues by providing public contact information. GitLab supports using a security.txt file for this purpose.

Administrators can add a security.txt file using the GitLab UI or the REST API. Any content added is made available at https://gitlab.example.com/.well-known/security.txt. Authentication is not required to view this file.

To configure a security.txt file:

  1. On the left sidebar, at the bottom, select Admin Area.
  2. Select Settings > General.
  3. Expand Add security contact information.
  4. In Content for security.txt, enter security contact information in the format documented at https://securitytxt.org/.
  5. Select Save changes.

For information about how to respond if you receive a report, see Responding to security incidents.

Example security.txt file

The format of this information is documented at https://securitytxt.org/. An example security.txt file is:

Contact: mailto:security@example.com
Expires: 2024-12-31T23:59Z