Security policy

Repositories may now specify a security policy by creating a file named SECURITY.MD. This file should be used to instruct users about how and when to report security vulnerabilities to the repository maintainers. When included, this file will be shown in the repository’s “Security” tab, and in the new issue workflow.

Learn more about security guidelines

Source code stored on GitHub.com will be encrypted at rest, by default. Any source code previously stored on GitHub.com has been converted over to hosts with encrypted disks. For GitHub Enterprise Server customers, encryption at rest is dependent on the host in which Enterprise Server is running, not a function of the Server software itself.

See more