Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Caro Galvin <carogalvin@github.com>
This commit is contained in:
Anne-Marie
@@ -25,14 +25,6 @@ The {% data variables.product.prodname_advisory_database %} contains a curated l
|
||||
|
||||
Make it easy for your users to confidentially report security vulnerabilities they've found in your repository. For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository)."
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
### Security advisories
|
||||
|
||||
Privately discuss and fix security vulnerabilities in your repository's code. You can then publish a security advisory to alert your community to the vulnerability and encourage community members to upgrade. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
### {% data variables.product.prodname_dependabot_alerts %} and security updates
|
||||
|
||||
View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)"
|
||||
@@ -75,6 +67,14 @@ Security overview shows which security features are enabled for the repository,
|
||||
|
||||
## Available for free public repositories
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
### Security advisories
|
||||
|
||||
Privately discuss and fix security vulnerabilities in your repository's code. You can then publish a security advisory to alert your community to the vulnerability and encourage community members to upgrade. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
### {% data variables.secret-scanning.user_alerts_caps %}
|
||||
|
||||
Automatically detect tokens or credentials that have been checked into a {% ifversion ghec %}user-owned {% endif %}public repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
|
||||
|
||||
@@ -157,7 +157,7 @@ You can view and manage alerts from security features to address dependencies an
|
||||
|
||||
You can also use {% data variables.product.prodname_dotcom %}'s tools to audit responses to security alerts. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)".
|
||||
|
||||
{% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)" and "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory)."
|
||||
{% ifversion fpt or ghec %}If you have a security vulnerability in a public repository, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)" and "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory)."
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.security-overview.security-information-about-actions %}
|
||||
|
||||
@@ -14,9 +14,7 @@ redirect_from:
|
||||
- /code-security/security-advisories/guidance-on-reporting-and-writing/best-practices-for-writing-repository-security-advisories
|
||||
---
|
||||
|
||||
{% data reusables.security-advisory.private-repository-non-ghas-deprecation-note %}
|
||||
|
||||
Anyone with admin permissions to a repository can create and edit a security advisory.
|
||||
Anyone with admin permissions to a public repository can create and edit a security advisory.
|
||||
|
||||
{% data reusables.security-advisory.security-researcher-cannot-create-advisory %}
|
||||
|
||||
@@ -72,8 +70,8 @@ We recommend that you use the **Affected versions** field to specify which versi
|
||||
{% note %}
|
||||
|
||||
**Notes:** The lower-bound limitation:
|
||||
- is due to incompatibilities with the OSV (Open Source Vulnerability) schema.
|
||||
- only applies when you make a suggestion on an existing advisory in the {% data variables.product.prodname_advisory_database %}.
|
||||
- Is due to incompatibilities with the OSV (Open Source Vulnerability) schema.
|
||||
- Only applies when you make a suggestion on an existing advisory in the {% data variables.product.prodname_advisory_database %}.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: About repository security advisories
|
||||
intro: 'You can use repository security advisories to privately discuss, fix, and publish information about security vulnerabilities in your repository.'
|
||||
intro: 'You can use repository security advisories to privately discuss, fix, and publish information about security vulnerabilities in your public repository.'
|
||||
shortTitle: About repository security advisories
|
||||
redirect_from:
|
||||
- /articles/about-maintainer-security-advisories
|
||||
@@ -19,8 +19,6 @@ topics:
|
||||
- CVEs
|
||||
---
|
||||
|
||||
{% data reusables.security-advisory.private-repository-non-ghas-deprecation-note %}
|
||||
|
||||
{% data reusables.repositories.security-advisory-admin-permissions %}
|
||||
|
||||
{% data reusables.security-advisory.security-researcher-cannot-create-advisory %}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Collaborating in a temporary private fork to resolve a repository security vulnerability
|
||||
intro: You can create a temporary private fork to privately collaborate on fixing a security vulnerability in your repository.
|
||||
intro: You can create a temporary private fork to privately collaborate on fixing a security vulnerability in your public repository.
|
||||
redirect_from:
|
||||
- /articles/collaborating-in-a-temporary-private-fork-to-resolve-a-security-vulnerability
|
||||
- /github/managing-security-vulnerabilities/collaborating-in-a-temporary-private-fork-to-resolve-a-security-vulnerability
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Creating a repository security advisory
|
||||
intro: You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project.
|
||||
permissions: Anyone with admin permissions to a repository, or with a security manager role within the repository, can create a security advisory.
|
||||
permissions: Anyone with admin permissions to a public repository, or with a security manager role within the repository, can create a security advisory.
|
||||
redirect_from:
|
||||
- /articles/creating-a-maintainer-security-advisory
|
||||
- /github/managing-security-vulnerabilities/creating-a-maintainer-security-advisory
|
||||
@@ -19,8 +19,6 @@ topics:
|
||||
shortTitle: Create repository advisories
|
||||
---
|
||||
|
||||
{% data reusables.security-advisory.private-repository-non-ghas-deprecation-note %}
|
||||
|
||||
{% data reusables.security-advisory.security-researcher-cannot-create-advisory %}
|
||||
|
||||
## Creating a security advisory
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Working with repository security advisories
|
||||
shortTitle: Repository security advisories
|
||||
intro: 'Discuss, fix, and disclose security vulnerabilities in your repositories using repository security advisories.'
|
||||
intro: 'Discuss, fix, and disclose security vulnerabilities in your public repositories using repository security advisories.'
|
||||
redirect_from:
|
||||
- /articles/managing-security-vulnerabilities-in-your-project
|
||||
- /github/managing-security-vulnerabilities/managing-security-vulnerabilities-in-your-project
|
||||
@@ -29,5 +29,3 @@ children:
|
||||
- /removing-a-collaborator-from-a-repository-security-advisory
|
||||
- /deleting-a-repository-security-advisory
|
||||
---
|
||||
|
||||
{% data reusables.security-advisory.private-repository-non-ghas-deprecation-note %}
|
||||
|
||||
@@ -11,6 +11,4 @@ topics:
|
||||
autogenerated: rest
|
||||
---
|
||||
|
||||
{% data reusables.security-advisory.private-repository-non-ghas-deprecation-note-api %}
|
||||
|
||||
<!-- Content after this section is automatically generated -->
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
Anyone with admin permissions to a repository can create a security advisory.
|
||||
Anyone with admin permissions to a public repository can create a security advisory.
|
||||
|
||||
Anyone with admin permissions to a repository also has admin permissions to all security advisories in that repository. People with admin permissions to a security advisory can add collaborators, and collaborators have write permissions to the security advisory.
|
||||
Anyone with admin permissions to a public repository also has admin permissions to all security advisories in that repository. People with admin permissions to a security advisory can add collaborators, and collaborators have write permissions to the security advisory.
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
{% warning %}
|
||||
|
||||
**Deprecation note**: {% data variables.product.prodname_dotcom %} is deprecating repository security advisories in private repositories. As of May 15, 2024, you will no longer be able to create security advisories in private repositories.
|
||||
|
||||
This deprecation does not affect published security advisories on public repositories.
|
||||
|
||||
Formerly published advisories in private repositories will disappear. If you need to save previously published advisories, you can download them using the "[List repository security advisories](/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories)" endpoint.
|
||||
|
||||
{% endwarning %}
|
||||
@@ -1,9 +0,0 @@
|
||||
{% warning %}
|
||||
|
||||
**Deprecation note**: {% data variables.product.prodname_dotcom %} is deprecating repository security advisories in private repositories. As of May 15, 2024, you will no longer be able to create security advisories in private repositories.
|
||||
|
||||
This deprecation does not affect published security advisories on public repositories.
|
||||
|
||||
Formerly published advisories in private repositories will disappear. If you need to save previously published advisories, you can download them using the {% data variables.product.prodname_dotcom %} REST API. For more information, see "[AUTOTITLE](/rest/security-advisories/repository-advisories?apiVersion=2022-11-28)."
|
||||
|
||||
{% endwarning %}
|
||||
@@ -1,6 +1,6 @@
|
||||
{% note %}
|
||||
|
||||
**Note**: This article applies to editing repository-level advisories as a repository owner.
|
||||
**Note**: This article applies to editing repository-level advisories as an owner of a public repository.
|
||||
|
||||
Users who are not repository owners can contribute to global security advisories in the {% data variables.product.prodname_advisory_database %} at [github.com/advisories](https://github.com/advisories). Edits to global advisories will not change or affect how the advisory appears on the repository. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database)."
|
||||
|
||||
|
||||
@@ -1 +1 @@
|
||||
Repository security advisories allow repository maintainers to privately discuss and fix a security vulnerability in a project. After collaborating on a fix, repository maintainers can publish the security advisory to publicly disclose the security vulnerability to the project's community. By publishing security advisories, repository maintainers make it easier for their community to update package dependencies and research the impact of the security vulnerabilities.
|
||||
Repository security advisories allow maintainers of public repositories to privately discuss and fix a security vulnerability in a project. After collaborating on a fix, repository maintainers can publish the security advisory to publicly disclose the security vulnerability to the project's community. By publishing security advisories, repository maintainers make it easier for their community to update package dependencies and research the impact of the security vulnerabilities.
|
||||
|
||||
Reference in New Issue
Block a user