magenxcommerce / module-securitytxt
Security.txt file for Magento 2 websites
Installs: 3
Dependents: 1
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:magento2-module
Requires
- php: ~7.3.0||~7.4.0
- magenxcommerce/framework: *
- magenxcommerce/module-config: *
- magenxcommerce/module-store: *
Replaces
- magento/module-securitytxt: *
This package is auto-updated.
Last update: 2024-11-22 11:27:06 UTC
README
Summary
When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a format ("security.txt") to help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities.
Source: https://tools.ietf.org/html/draft-foudil-securitytxt-09
The Magento_Securitytxt module provides the following functionality:
- allows to save the security configurations in the admin panel
- contains a router to match application action class for requests to the
.well-known/security.txtand.well-known/security.txt.sigfiles. - serves the content of the
.well-known/security.txtand.well-known/security.txt.sigfiles.
A valid security.txt file could look like the following example:
Contact: mailto:security@example.com
Contact: tel:+1-201-555-0123
Encryption: https://example.com/pgp.asc
Acknowledgement: https://example.com/security/hall-of-fame
Policy: https://example.com/security-policy.html
Signature: https://example.com/.well-known/security.txt.sig
Security.txt can be accessed at below location:
https://example.com/.well-known/security.txt
To create security.txt signature (security.txt.sig) file:
gpg -u KEYID --output security.txt.sig --armor --detach-sig security.txt
To verify the security.txt file's signature:
gpg --verify security.txt.sig security.txt