What is Security.txt File
The Security. txt file format is used to provide security researchers the information they can use to report their findings. Merchants can enter their contact information regarding security issue reporting from the Magento 2.x / Adobe Commerce Admin
Security. txt is set of Security standard to define the process for security researchers to disclose security vulnerabilities securely. security. txt files have been implemented by Google, Bling, Yahoo, Facebook, GitHub, the UK government, and many other organizations.
Step [1] – Go STORES > Configuration, redirects Configuration section.
Step [2] – Left Side Panel Click on SECURITY > security.txt
By Default Security.txt disabled
Step [3] – Once Click Enable (Select from drop down) below Tab display
“once enable, Creates the security.txt file based on information entered in the Contact information and Other information sections”
Contact Information:: Need to enter below information
- Phone
- Contact Page
Other Information:: Need to enter below information
- Encryption
- Acknowledgements
- Preferred-Languages
- Hiring
- Policy
- Signature
If you want to create the signature file, then you have to use the command line:
gpg -u KEYID --output security.txt.sig --armor --detach-sig security.txtThe signature file has to be saved on the server in the .well-known folder.
Step [4] – Finally click on Save Button.
Step [5] – A valid security.txt file might look like the following:
