jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 11:26:57 -05:00
Code Issues Projects Releases Wiki Activity
Files
7ae698fb78aff71479a32f8efb8ff70a60d97a2c
docs/content/github/managing-security-vulnerabilities/about-github-security-advisories.md
Vanessa Yuen 3df90fc9b8 Hello git history spelunker! 
Are you looking for something? Here is all of the GitHub Docs history in one single commit. Enjoy! 🎉
2020-09-27 14:10:11 +02:00

47 lines
3.4 KiB
Markdown
Raw Blame History

---
title: About GitHub Security Advisories
intro: 'You can use {{ site.data.variables.product.prodname_security_advisories }} to privately discuss, fix, and publish information about security vulnerabilities in your repository.'
redirect_from:
- /articles/about-maintainer-security-advisories
- /github/managing-security-vulnerabilities/about-maintainer-security-advisories
versions:
free-pro-team: '*'
---
{{ site.data.reusables.repositories.security-advisory-admin-permissions }}
{{ site.data.reusables.security-advisory.security-researcher-cannot-create-advisory }}
### About {{ site.data.variables.product.prodname_security_advisories }}
{{ site.data.variables.product.prodname_security_advisories }} allows repository maintainers to privately discuss and fix a security vulnerability in a project. After collaborating on a fix, repository maintainers can publish the security advisory to publicly disclose the security vulnerability to the project's community. By publishing security advisories, repository maintainers make it easier for their community to update package dependencies and research the impact of the security vulnerabilities.
With {{ site.data.variables.product.prodname_security_advisories }}, you can:
1. Create a draft security advisory, and use the draft to privately discuss the impact of the vulnerability on your project.
2. Privately collaborate to fix the vulnerability in a temporary private fork.
3. Publish the security advisory to alert your community of the vulnerability.
{{ site.data.reusables.repositories.security-advisories-republishing }}
To get started, see "[Creating a security advisory](/github/managing-security-vulnerabilities/creating-a-security-advisory)."
You can give credit to individuals who contributed to a security advisory. For more information, see "[Editing a security advisory](/github/managing-security-vulnerabilities/editing-a-security-advisory#about-credits-for-security-advisories)."
{{ site.data.reusables.repositories.security-guidelines }}
{{ site.data.reusables.repositories.github-security-lab }}
### CVE identification numbers
{{ site.data.variables.product.prodname_security_advisories }} builds upon the foundation of the Common Vulnerabilities and Exposures (CVE) list. {{ site.data.variables.product.prodname_dotcom }} is a CVE Numbering Authority (CNA) and is authorized to assign CVE identification numbers. For more information, see "[About CVE](https://cve.mitre.org/about/index.html)" and "[CVE Numbering Authorities](https://cve.mitre.org/cve/cna.html)" on the CVE website.
When you create a security advisory for a public repository on {{ site.data.variables.product.prodname_dotcom }}, you have the option of providing an existing CVE identification number for the security vulnerability. {{ site.data.reusables.repositories.request-security-advisory-cve-id }}
Once you've published the security advisory and {{ site.data.variables.product.prodname_dotcom }} has assigned a CVE identification number to the vulnerability, {{ site.data.variables.product.prodname_dotcom }} publishes the CVE to the MITRE database.
For more information, see "[Publishing a security advisory](/github/managing-security-vulnerabilities/publishing-a-security-advisory#requesting-a-cve-identification-number)."
### {{ site.data.variables.product.prodname_dependabot_alerts }} for published security advisories
{{ site.data.reusables.repositories.github-reviews-security-advisories }}
Reference in New Issue View Git Blame Copy Permalink