vriteio / vrite

Open-source developer content platform
https://vrite.io
Other
1.63k stars 65 forks source link

Request to enable GitHub Private Vulnerability Reporting in vrite repository #46

Closed lambdasawa closed 1 year ago

lambdasawa commented 1 year ago

Hello! Thank you for developing a great product.

I have found a security issue in vrite. As a form of reporting this, I find GitHub's private vulnerability reporting feature useful. However, this feature is disabled in vrite repository.

Is it possible to enable this feature?

Previously, I used to report issues via the huntr platform. However, there was a recent update to huntr and it seems that repositories not directly related to AI/ML can no longer report issues via huntr.

areknawo commented 1 year ago

Hi,

Indeed, the Huntr update is bad news for non-AI projects using the platform.

I've enabled the reporting on GitHub. Will also update the SECURITY.md file in the coming days with further guidelines for testing and reporting vulnerabilities.

Thanks for your help and effort in reporting those - especially at these early stages of the project.

lambdasawa commented 1 year ago

Thank you for your response :smile: I was able to submit my report successfully.