1.2.1 Ensure all public repositories contain a SECURITY.md file

ID

cis_sscs/contain_security_md

Severity

critical

Category

source_code/repository

Levels

Optional

false

Tags

policy, security, supply-chain

Description

A SECURITY.md file is a security policy file that offers instruction on reporting security vulnerabilities in a project.

Rationale

A SECURITY.md file provides users with crucial security information. It can also serve an important role in project maintenance, encouraging users to think ahead about how to properly handle potential security issues, updates and general security practices.

Verification

For each repository in use, verify that it has a SECURITY.md file in the documents or root directory of the repository.

Remediation

For each repository in use, create a SECURITY.md file and save it in the documents or root directory of the repository.