Security advisory

[techuser12345]

Would you be able to provide security advisory for this software please?

[safaci2000]

@techuser12345 Can you clarify what you're referring to? is this a GH feature I just need to setup public?

[techuser12345]

@techuser12345 Can you clarify what you're referring to? is this a GH feature I just need to setup public?

Yes, GitHub Security Advisories is a feature you can enable in your repository settings. It allows you to privately discus, fix, and publish security vulnerabilities with guidance and mitigation steps. Once set up, advisories can be made public to alert users of potential security issues and provide solutions. Could you create a security advisory for any known vulnerabilities in the software? This would help keep users informed and ensure best practices for security.

[safaci2000]

@techuser12345 let me look into this and get back to you. There's some settings I don't have access to at the Org level, I'll poke and this and will update when I can. Thanks for calling this out.

[safaci2000]

@techuser12345 I have a security.md in PR, but beyond that, I believe you should be able to use: https://github.com/esnet/gdg/security/advisories/new to report any security issues. Am I missing something? This should enable you to report any issues or is there something else that would be needed?

[techuser12345]

@techuser12345 I have a security.md in PR, but beyond that, I believe you should be able to use: https://github.com/esnet/gdg/security/advisories/new to report any security issues. Am I missing something? This should enable you to report any issues or is there something else that would be needed?

Hi, Here’s the GitHub’s documentation on how to create, edit, and publish repository-specific security advisories. This feature allows repository admins to disclose vulnerabilities within their projects, collaborate privately on fixes, and then notify public once a resolution is ready: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory

[safaci2000]

I read up over that, it seems like it's pretty straight forward. I got the security policy check in. Is there anything preventing you from opening a security concern in: https://github.com/esnet/gdg/security/advisories/new ? I don't have any advisories to publish currently but it is a very cool mechanism to keep in mind in the future.