Provide public security contact information

Tier: Free, Premium, Ultimate Offering: Self-managed

Organizations can facilitate the responsible disclosure of security issues by providing public contact information. GitLab supports using a security.txt file for this purpose.

Administrators can add a security.txt file using the GitLab UI or the REST API. Any content added is made available at Authentication is not required to view this file.

To configure a security.txt file:

  1. On the left sidebar, at the bottom, select Admin Area.
  2. Select Settings > General.
  3. Expand Add security contact information.
  4. In Content for security.txt, enter security contact information in the format documented at
  5. Select Save changes.

For information about how to respond if you receive a report, see Responding to security incidents.

Example security.txt file

The format of this information is documented at An example security.txt file is:

Expires: 2024-12-31T23:59Z