GitHub Handbook
GitHub security advisories are a tool that repository maintainers can use to privately identify, discuss, fix, and publish information related to security vulnerabilities within a project.
See official documentation for full details.
Table Of Contents
Drafting a new Security Advisory
See the GitHub docs for full details
- Navigate to your repository
- Click
Security
- Click
Security advisories
- Click
New draft security advisory
- Fill out the form attributes and click
Create security advisory
Adding Collaborators
See the GitHub docs for full details
- Navigate to your repository
- Click
Security
- Click
Security advisories
- In the “Security Advisories” list find the advisory you would like to add users to
- On the right side of the screen find the
Collaboratorssection - Search for a user name and select the
+button
Creating Private Forks
See the GitHub docs for full details
- Navigate to your repository
- Click
Security
- Click
Security advisories
- In the “Security Advisories” list find the advisory in which you would like to create a fork
- At the bottom right of the page click the
Start a temporary private forkbutton
- GitHub will create a fork in the background and finally give you details on how to clone and work on the new private fork
Publishing
Request a CVE
First you will need to request a CVE from GitHub. Official documentation on requesting a CVE.
- Navigate to your repository
- Click
Security
- Click
Security advisories
- In the “Security Advisories” list find the advisory in which you would like to create a fork
- At the bottom left of the page click the
Request CVEbutton
Publish Advisory
First you will need to request a CVE from GitHub. Official documentation on requesting a CVE.
- Navigate to your repository
- Click
Security
- Click
Security advisories
- In the “Security Advisories” list find the advisory in which you would like to create a fork
- Finally click the
Publish advisorybutton on the bottom left, in the same spot thatRequest CVEwas
