Skip to main content
Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security Advisories

GitHub security advisories are a tool that repository maintainers can use to privately identify, discuss, fix, and publish information related to security vulnerabilities within a project.

See official documentation for full details.

Table Of Contents

  1. Drafting a new Security Advisory
  2. Adding Collaborators
  3. Publishing

Drafting a new Security Advisory

See the GitHub docs for full details

  1. Navigate to your repository
  2. Click Security
    security tab location
  3. Click Security advisories
    security advisories button location
  4. Click New draft security advisory
    new draft security advisory button location
  5. Fill out the form attributes and click Create security advisory
    draft security advisory form

Adding Collaborators

See the GitHub docs for full details

  1. Navigate to your repository
  2. Click Security
    security tab location
  3. Click Security advisories
    security advisories button location
  4. In the “Security Advisories” list find the advisory you would like to add users to
    security advisory list
  5. On the right side of the screen find the Collaborators section
  6. Search for a user name and select the + button
    add collaborator widget location

Creating Private Forks

See the GitHub docs for full details

  1. Navigate to your repository
  2. Click Security
    security tab location
  3. Click Security advisories
    security advisories button location
  4. In the “Security Advisories” list find the advisory in which you would like to create a fork
    security advisory list
  5. At the bottom right of the page click the Start a temporary private fork button
    temporary private fork button location
  6. GitHub will create a fork in the background and finally give you details on how to clone and work on the new private fork
    example of results of a new private fork

Publishing

Request a CVE

First you will need to request a CVE from GitHub. Official documentation on requesting a CVE.

  1. Navigate to your repository
  2. Click Security
    security tab location
  3. Click Security advisories
    security advisories button location
  4. In the “Security Advisories” list find the advisory in which you would like to create a fork
    security advisory list
  5. At the bottom left of the page click the Request CVE button
    location of request CVE button

Publish Advisory

First you will need to request a CVE from GitHub. Official documentation on requesting a CVE.

  1. Navigate to your repository
  2. Click Security
    security tab location
  3. Click Security advisories
    security advisories button location
  4. In the “Security Advisories” list find the advisory in which you would like to create a fork
    security advisory list
  5. Finally click the Publish advisory button on the bottom left, in the same spot that Request CVE was
    location of publish advisory button