From 6089983fc18c7911be3af719e344401ed85ec5d1 Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Fri, 23 Jun 2023 15:55:53 +0100 Subject: [PATCH] Update filename formatting as per guidance (#38370) --- .../adding-a-security-policy-to-your-repository.md | 6 +++--- .../getting-started/securing-your-repository.md | 2 +- .../privately-reporting-a-security-vulnerability.md | 6 +++--- .../creating-a-default-community-health-file.md | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md b/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md index 1ddc896b9ac2..630163412b0f 100644 --- a/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md +++ b/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md @@ -21,7 +21,7 @@ shortTitle: Add a security policy ## About security policies -To give people instructions for reporting security vulnerabilities in your project,{% ifversion fpt or ghes or ghec %} you can add a _SECURITY.md_ file to your repository's root, `docs`, or `.github` folder.{% else %} you can add a _SECURITY.md_ file to your repository's root, or `docs` folder.{% endif %} When someone creates an issue in your repository, they will see a link to your project's security policy. +To give people instructions for reporting security vulnerabilities in your project,{% ifversion fpt or ghes or ghec %} you can add a `SECURITY.md` file to your repository's root, `docs`, or `.github` folder.{% else %} you can add a `SECURITY.md` file to your repository's root, or `docs` folder.{% endif %} When someone creates an issue in your repository, they will see a link to your project's security policy. {% ifversion not ghae %} @@ -30,7 +30,7 @@ You can create a default security policy for your organization or personal accou {% tip %} -**Tip:** To help people find your security policy, you can link to your _SECURITY.md_ file from other places in your repository, such as your README file. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes)." +**Tip:** To help people find your security policy, you can link to your `SECURITY.md` file from other places in your repository, such as your README file. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes)." {% endtip %} @@ -50,7 +50,7 @@ By making security reporting instructions clearly available, you make it easy fo {% data reusables.repositories.sidebar-security %} 3. In the left sidebar, under "Reporting", click **{% octicon "law" aria-hidden="true" %} Policy**. 4. Click **Start setup**. -5. In the new _SECURITY.md_ file, add information about supported versions of your project and how to report a vulnerability. +5. In the new `SECURITY.md` file, add information about supported versions of your project and how to report a vulnerability. {% data reusables.files.write_commit_message %} {% data reusables.files.choose-commit-email %} {% data reusables.files.choose_commit_branch %} diff --git a/content/code-security/getting-started/securing-your-repository.md b/content/code-security/getting-started/securing-your-repository.md index 219402b1ff86..1eca595e264c 100644 --- a/content/code-security/getting-started/securing-your-repository.md +++ b/content/code-security/getting-started/securing-your-repository.md @@ -141,7 +141,7 @@ Alternatively, you can use the advanced setup, which generates a workflow file y ## Setting a security policy -If you are a repository maintainer, it's good practice to specify a security policy for your repository by creating a file named _SECURITY.md_ in the repository. This file instructs users about how to best contact you and collaborate with you when they want to report security vulnerabilities in your repository. You can view the security policy of a repository from the repository’s **Security** tab. +If you are a repository maintainer, it's good practice to specify a security policy for your repository by creating a file named `SECURITY.md` in the repository. This file instructs users about how to best contact you and collaborate with you when they want to report security vulnerabilities in your repository. You can view the security policy of a repository from the repository’s **Security** tab. 1. From the main page of your repository, click **{% octicon "shield" aria-label="The shield symbol" %} Security**. 2. Click **Security policy**. diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability.md index 13c97c1642a9..0536f4d0e660 100644 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability.md +++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability.md @@ -17,9 +17,9 @@ shortTitle: Privately reporting **Notes:** - If you have admin or security permissions for a public repository, you don't need to submit a vulnerability report. Instead, you can create a draft security advisory directly. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory)." -- The ability to privately report a vulnerability in a repository is not related to the presence of a _SECURITY.md_ file in that repository's root or `docs` directory. - - The _SECURITY.md_ file contains the security policy for the repository. Repository administrators can add and use this file to provide _public_ instructions for how to report a security vulnerability in their repository. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)." - - You can only report a vulnerability privately for repositories where private vulnerability reporting is enabled, and you don't have to follow the instructions in the _SECURITY.md_ file. This reporting process is fully private, and {% data variables.product.prodname_dotcom %} notifies the repository administrators directly about your submission. +- The ability to privately report a vulnerability in a repository is not related to the presence of a `SECURITY.md` file in that repository's root or `docs` directory. + - The `SECURITY.md` file contains the security policy for the repository. Repository administrators can add and use this file to provide _public_ instructions for how to report a security vulnerability in their repository. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)." + - You can only report a vulnerability privately for repositories where private vulnerability reporting is enabled, and you don't have to follow the instructions in the `SECURITY.md` file. This reporting process is fully private, and {% data variables.product.prodname_dotcom %} notifies the repository administrators directly about your submission. {% endnote %} diff --git a/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md b/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md index 28433a500e98..b7b5e601d7a5 100644 --- a/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md +++ b/content/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file.md @@ -39,7 +39,7 @@ Discussion category forms | Discussion category forms customize the templates th _FUNDING.yml_ | A FUNDING file displays a sponsor button in your repository to increase the visibility of funding options for your open source project. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)."{% endif %} _GOVERNANCE.md_ | A GOVERNANCE file lets people know about how your project is governed. For example, it might discuss project roles and how decisions are made. Issue and pull request templates{% ifversion fpt or ghes or ghec %} and _config.yml_{% endif %} | Issue and pull request templates customize and standardize the information you'd like contributors to include when they open issues and pull requests in your repository. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates)."{% ifversion fpt or ghes or ghec %} -_SECURITY.md_ | A SECURITY file gives instructions for how to report a security vulnerability in your project. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)."{% endif %} +`SECURITY.md` | A SECURITY file gives instructions for how to report a security vulnerability in your project. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)."{% endif %} _SUPPORT.md_ | A SUPPORT file lets people know about ways to get help with your project. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/adding-support-resources-to-your-project)." You cannot create a default license file. License files must be added to individual repositories so the file will be included when a project is cloned, packaged, or downloaded.