adam-nygate
commented
2 years ago Thanks for the feedback! We used to do this and then got told that it was too similar to marketing messages, which is against GitHub's policy.
We'll see if we can reintroduce this at some point though.
Ask to create SECURITY.md but post received report links under the same GitHub issue. Reduces communication time between bot and maintainers who do not have a SECURITY.md.