Skip to content

Provide public security contact information (FREE SELF)

Introduced in GitLab 16.7.

Organizations can facilitate the responsible disclosure of security issues by providing public contact information. GitLab supports using a security.txt file for this purpose.

Administrators can add a security.txt file using the GitLab UI or the REST API. Any content added is made available at https://gitlab.example.com/.well-known/security.txt. Authentication is not required to view this file.

To configure a security.txt file:

  1. On the left sidebar, select Search or go to.
  2. Select Admin Area.
  3. Select Settings > General.
  4. Expand the Add security contact information section.
  5. In Content for security.txt, enter security contact information in the format documented at https://securitytxt.org/.
  6. Select Save changes.

For information about how to respond if you receive a report, see Responding to security incidents.

Example security.txt file

The format of this information is documented at https://securitytxt.org/. An example security.txt file is:

Contact: mailto:security@example.com
Expires: 2024-12-31T23:59Z