feat: Add warning and info messages for security.txt plugin configura…

…tion in security tunning documentation
bunkerity · Jul 22, 2024 · 162e7a4 · 162e7a4
1 parent e5434b9
commit 162e7a4
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/docs/security-tuning.md b/docs/security-tuning.md
@@ -1428,6 +1428,9 @@ The Security.txt plugin allows you to easily create a `security.txt` file for yo
 - **Customizable and User-Friendly Configuration:** Customize the `security.txt` file to include specific contact information and security policies, and manage it easily through a user-friendly web interface.
 - **Compliance with Best Practices:** Align with industry best practices by implementing a `security.txt` file, demonstrating your commitment to security and fostering a collaborative security culture.
 
+!!! warning "Settings required"
+    To enable the Security.txt plugin, you need to at least set the `SECURITYTXT_CONTACT` setting to a valid value to specify the contact information for reporting security vulnerabilities. If this setting is not configured, the `security.txt` file won't be served.
+
 **List of settings**
 
 | Setting                        | Default                     | Context   | Multiple | Description                                                                                                                                                                                                                                                              |
@@ -1443,3 +1446,7 @@ The Security.txt plugin allows you to easily create a `security.txt` file for yo
 | `SECURITYTXT_POLICY`           |                             | multisite | yes      | Indicates a link to where the vulnerability disclosure policy is located.                                                                                                                                                                                                |
 | `SECURITYTXT_HIRING`           |                             | multisite | yes      | Used for linking to the vendor's security-related job positions.                                                                                                                                                                                                         |
 | `SECURITYTXT_CSAF`             |                             | multisite | yes      | A link to the provider-metadata.json of your CSAF (Common Security Advisory Framework) provider.                                                                                                                                                                         |
+
+!!! info "Autogenerated values"
+    - The `SECURITYTXT_CANONICAL` setting is automatically generated from the site URL and the `SECURITYTXT_URI` setting (if the value is empty).
+    - The `SECURITYTXT_EXPIRES` setting is automatically generated to be the current date and time + 1 year if the value is empty.