In this section, you'll learn about settings that define user permissions and allow automation of common security tasks.
SECURITY.md is the primary document for communicating security information. It is a Markdown file in a repository's root, docs, or .github folder. The SECURITY.md file should include:
default community health files
Documentation and security settings serve three broad purposes.
other community health documentation
GitHub considers files of these types to have specific purpose, and requires you to follow the listed naming scheme when creating or updating them.
The root of the repository The .github folder The docs folder
you can configure security settings at the organization and enterprise level
base permissions for all members
Repository policies tab
As you can see, settings that Enterprise administrators enforce cascade down to all organizations covered by the GitHub Enterprise plan, while settings not covered by Enterprise administrators are free to be customized by organization administrators
Access restrictions, security documentation, advisories, Dependabot alerts and security updates, Dependabot version updates, and the GitHub dependency graph are available for all repositories
these features are only available for private repositories with an Advanced Security license or public repositories
Code scanning alerts, secret scanning alerts
In this section, you'll learn the basics of the GitHub security advisory tools that allow you to draft and publish comprehensive documentation on the nature of the threat.
Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.