Skip to content

Provide public security contact information

DETAILS: Tier: Free, Premium, Ultimate Offering: Self-managed

Organizations can facilitate the responsible disclosure of security issues by providing public contact information. GitLab supports using a security.txt file for this purpose.

Administrators can add a security.txt file using the GitLab UI or the REST API. Any content added is made available at Authentication is not required to view this file.

To configure a security.txt file:

  1. On the left sidebar, select Search or go to.
  2. Select Admin Area.
  3. Select Settings > General.
  4. Expand the Add security contact information section.
  5. In Content for security.txt, enter security contact information in the format documented at
  6. Select Save changes.

For information about how to respond if you receive a report, see Responding to security incidents.

Example security.txt file

The format of this information is documented at An example security.txt file is:

Expires: 2024-12-31T23:59Z