---
title: Adding a security policy to your repository
intro: You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository.
redirect_from:
  - /articles/adding-a-security-policy-to-your-repository
  - /github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository
  - /github/code-security/security-advisories/adding-a-security-policy-to-your-repository
  - /code-security/getting-started/adding-a-security-policy-to-your-repository
versions:
  fpt: '*'
  ghes: '*'
  ghec: '*'
contentType: how-tos
shortTitle: Add a security policy
category:
  - Report and disclose vulnerabilities
---

{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
1. In the left sidebar, under "Reporting", click **{% octicon "law" aria-hidden="true" aria-label="law" %} Policy**.
1. Click **Start setup**.
1. In the new `SECURITY.md` file, add information about supported versions of your project and how to report a vulnerability.
{% data reusables.files.write_commit_message %}
{% data reusables.files.choose-commit-email %}
{% data reusables.files.choose_commit_branch %}
{% data reusables.files.propose_file_change %}

## Further reading

* [AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file)
* [AUTOTITLE](/code-security/getting-started/securing-your-repository)
* [AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions){% ifversion fpt or ghec %}
* [{% data variables.product.prodname_security %}]({% data variables.product.prodname_security_link %}){% endif %}