A django-security-txt documentation
django-security-txt is a Django reusable application to handle security.txt (http://securitytxt.org/)
Installation
- Obtain your copy of source code from the git repository:
$ git clone https://github.com/vint21h/django-security-txt.git
. Or download the latest release from https://github.com/vint21h/django-security-txt/tags/. - Run
$ python ./setup.py install
from the repository source tree or the unpacked archive. Or use pip:$ pip install django-security-txt
.
Configuration
- Add
"security_txt"
tosettings.INSTALLED_APPS
:
# settings.py
INSTALLED_APPS += [
"phonenumber_field",
"security_txt",
]
- Add
"security_txt"
to your URLs definitions:
# urls.py
from django.urls import re_path
urlpatterns += [
re_path(r"^.well-known/security\.txt", include("security_txt.urls")),
]
Settings
SECURITY_TXT_EXPIRES
- Indicates the date and time after which the data contained in the "security.txt" file is considered stale and should not be used. Defaults to
None
. SECURITY_TXT_PREFERRED_LANGUAGES
- Used to indicate a set of natural languages that are preferred when submitting security reports. Defaults to
None
. SECURITY_TXT_SIGN
- Sign "security.txt" using PGP. Defaults to
False
. SECURITY_TXT_SIGNING_KEY
- Path to PGP key. Defaults to
""
.
Advanced features
If you want to sign your "security.txt":
- Install
django-security-txt
with additional dependencies:$ pip install django-security-txt[pgp]
. - Configure:
# settings.py
SECURITY_TXT_SIGN: bool = True
SECURITY_TXT_SIGNING_KEY: str = "/path/to/key.asc"
Contributing
- Fork it
- Install GNU Make
- Install and configure pyenv and pyenv-virtualenv plugin
- Install and configure direnv
- Create environment config from example
cp .env.example .env
- Install development dependencies:
make install
- Create your fix/feature branch:
git checkout -b my-new-fix-or-feature
- Check code style and moreover:
make check
- Run tests:
make test
- Push to the branch:
git push origin my-new-fix-or-feature
Licensing
django-security-txt is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (a t your option) any later version. For complete license text see COPYING file.
Contacts
Project Website: https://github.com/vint21h/django-security-txt/
Author: Alexei Andrushievich <vint21h@vint21h.pp.ua>
For other authors list see AUTHORS file.