You enter a room bristling with security measures. Locks, shields, and security monitors surround you. A stern voice declares: “Secure your code to proceed!”
Your Mission
Enable Dependabot alerts for your repository.
Add a security policy to your repository.
Run a code scanning alert using GitHub Actions (if your repository is public).
Instructions
Go to your repository’s “Settings” tab.
Click on “Security & analysis” in the left sidebar.
Enable Dependabot alerts.
In your repository, create a new file at .github/SECURITY.md.
Add basic security guidelines to this file.
If your repository is public, enable code scanning in the “Security & analysis” settings.
Important: Always be cautious when dealing with security settings. Make sure you understand each feature before enabling it.
Example Security Policy
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability within this project, please send an e-mail to security@example.com
. All security vulnerabilities will be promptly addressed.
Supported Versions
Use this section to tell people about which versions of your project are currently being supported with security updates.
Version
Supported
5.1.x
:white_check_mark:
5.0.x
:x:
4.0.x
:white_check_mark:
< 4.0
:x:
After setting up your security policy, what email address did you specify for reporting vulnerabilities? Enter it below:
Well done, security expert! You’ve fortified your repository. On to the final challenge!