SecurityTemplate is a static website template for security pages, powered by Jekyll. It's easy to get started. Clone this repo, edit the configuration files and content to your liking, and publish with GitHub Pages or on your own server platform.

You can set up a local environment to test your SecurityTemplate static site, and push to GitHub if desired.

This project is a rapidly evolving work in progress. We value contributions from the public.

The template directory structure is as follows:

.
├── 404.html # 404 page.
├── advisories.md # Security advisories list.
├── assets # Page assets.
│   ├── css
│   │   └── styles.css
│   └── images
│       └── icon.png
├── _config.yml # Config file with all your variables.
├── _drafts
├── Gemfile
├── Gemfile.lock
├── hof.md # Hall of fame page.
├── _includes
│   └── advisory-list.html
├── index.md # Security policy.
├── _layouts
│   ├── default.html
│   └── post.html
├── LICENSE
├── _posts
│   └── 2017-07-22-cve-2017-0914.md # Example security advisory.
├── README.md
└── report.md

• company_name — replace this with your organization name
• email — replace this with your security contact address
• bugcrowd_id — replace this with your Bugcrowd ID, if applicable
• hackerone_url and bugcrowd_url — the /report URL will redirect to one of these, if specified.

The index file is where your security policy lives. To learn more about writing good security policies, please refer to https://support.hackerone.com/hc/en-us/articles/205624665-How-do-we-write-a-good-policy-.

This is where you can list your security advisories. The list is updated every time you add a security advisory to the _posts folder.

This file should contain contact information for security researchers to use when reporting a security vulnerability. If a HackerOne or Bugcrowd URL is specified in config.yml, users will be redirected automatically. You can also use an embedded Bugcrowd submission form. Just uncomment the form, and add your Bugcrowd embed token under bugcrowd_id in _config.yml.

This is your security acknowledgements page. List the details of security researchers that reported valid security issues (and wish to be listed publicly).

security-template contains a security.txt template file. security.txt defines a standard to help organizations define the process for security researchers to safely disclose vulnerabilities via a simple text file. For more on this, please refer to https://securitytxt.org/.

We welcome contributions from the public.

The issue tracker is the preferred channel for bug reports and features requests.

The bug tracker utilizes several labels to help organize and identify issues.

Use the GitHub issue search — check if the issue has already been reported.