8f964ea2cb
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: Grace Park <gracepark@github.com> Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com> Co-authored-by: Robert Sese <sese@github.com> Co-authored-by: Peter Bengtsson <peterbe@github.com> Co-authored-by: Rachael Sewell <rachmari@github.com>
2.6 KiB
2.6 KiB
title, intro, redirect_from, versions, type, topics, shortTitle
| title | intro | redirect_from | versions | type | topics | shortTitle | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Creating a security advisory | You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project. |
|
|
how_to |
|
Create advisories |
Anyone with admin permissions to a repository can create a security advisory.
{% data reusables.security-advisory.security-researcher-cannot-create-advisory %}
Creating a security advisory
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
{% data reusables.repositories.sidebar-advisories %}
4. Click New draft security advisory.
5. Type a title for your security advisory.
{% data reusables.repositories.security-advisory-edit-details %}
{% data reusables.repositories.security-advisory-edit-severity %}
{% data reusables.repositories.security-advisory-edit-cwe-cve %}
{% data reusables.repositories.security-advisory-edit-description %}
11. Click Create draft security advisory.
Next steps
- Comment on the draft security advisory to discuss the vulnerability with your team.
- Add collaborators to the security advisory. For more information, see "Adding a collaborator to a security advisory."
- Privately collaborate to fix the vulnerability in a temporary private fork. For more information, see "Collaborating in a temporary private fork to resolve a security vulnerability."
- Add individuals who should receive credit for contributing to the security advisory. For more information, see "Editing a security advisory."
- Publish the security advisory to notify your community of the security vulnerability. For more information, see "Publishing a security advisory."