support GitHub security advisory links

sloria / sphinx-issues

A Sphinx extension for linking to your project's issue tracker

MIT License

54 stars 13 forks source link

support GitHub security advisory links #128

Open davidism opened 1 year ago

davidism commented 1 year ago

GitHub is adding the ability to handle security reports and fixes privately in their UI. Instead of creating an issue, the reporter creates a security advisory, and then GitHub allows discussing and handles creating a private fork with private PRs until the advisory is published publicly. It would be nice to be able to reference the advisory page just like we can reference issue pages.

:ghsa:`ab1c-2def-g34h`

would become:

https://github.com/my/project/security/advisories/GHSA-ab1c-2def-g34h

sloria commented 10 months ago

I like this idea. PRs welcome!

webknjaz commented 1 week ago

I wonder if the Sphinx upstream could implement this instead. It looks like they added :cve: and :cwe: in v8.1: https://www.sphinx-doc.org/en/master/usage/restructuredtext/roles.html#role-cve.