Skip to main content
Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security Maintainers

Assigning security maintainers to your repository in the event you need to respond to security events.

What is a Security Maintainer

A security maintainer is a person or persons who are responsible for responding to security events in a repository at the instruction of the VA Cybersecurity Operations Center (CSOC). This may be remediating a vulnerability or rotating leaked credentials.

How to assign a Security Maintainer

To assign a security maintainer, you will need to first choose an existing GitHub Team or create a new one to assign the security maintainer role to. Once you have a team, you can assign the security maintainer role to the team by navigating to the Settings -> Collaborators and teams page in your repository. From there, you can add the team and assign the Security - Maintainer role to the team.

How to Add or Remove a Security Maintainer

To add or remove a security maintainer, simply add or remove them from the existing team you have assigned the Security - Maintainer role to.

How Will the Security Maintainer Team be Used

In the event of a security event in your repository, the VA CSOC team will reach out to the members of the team assigned the Security - Maintainer role to coordinate remediation of the event. The VA CSOC team will not reach out via GitHub issues or pull requests, but will instead reach out via official @va.gov email addresses and communication will only come from an official @va.gov email address.

If you need additional help, or clarification, please open a support ticket with the GitHub Expert Services team by opening an issue in the GitHub User Requests repository.