This module adds a security.txt file to your Hugo website with information about your preferred procedures to notify the developer team of your website about security issues on your website. Read more about security.txt, a proposed standard which allows websites to define security policies.
Please note, that
security.txt is still in the early stages of development and changes might occur. This module will implement all changes and notify you in the hugo.log about (possibly future) missing configuration steps, if they occur.
This module DOES NOT make your website more secure. Just in case you were assuming that 😸
|Add this module|
[[module.imports]] path = "github.com/davidsneighbour/hugo-security" disable = false ignoreConfig = false ignoreImports = false
|Fix to this version||
hugo mod get github.com/davidsneighbour/[email protected]
Some things you need to know
These are notes about conventions in this README.md. You might want to make yourself acquainted with them if this is your first visit.
The following documentation will refer to all configuration parameters in TOML format and with the assumption of a configuration file for your project at
/config.toml. There are various formats of configurations (TOML/YAML/JSON) and multiple locations your configuration can reside (config file or config directory). Note that in the case of a config directory the section headers of all samples need to have the respective section title removed. So
[params.dnb.something] will become
[dnb.something] if the configuration is done in the file
First enable modules in your own repository if you did not already have done so:
1hugo mod init github.com/username/reponame
Then add this module to your required modules in
The next time you run
hugo it will download the latest version of the module.
1# update this module 2hugo mod get -u github.com/davidsneighbour/github.com/davidsneighbour/hugo-security 3# update to a specific version 4hugo mod get -u github.com/davidsneighbour/github.com/davidsneighbour/[email protected] 5# update all modules recursively over the whole project 6hugo mod get -u ./...
Install this plugin, then add your configuration to
params.dnb.security.txt. The following configuration parameters are available and correspond to the values in security.txt:
The values in this sample display the default configuration. The only required parameters are
expires (the latter being set to 365 days = 1 year by default). So the following configuration would be minimal and within the scope of the requirements:
The module will warn you in the CLI log if this parameter is missing.
A few real-world implementation examples of
… and a few websites that are using