You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+9-3Lines changed: 9 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,13 +22,19 @@
22
22
23
23
## Report Vulnerability
24
24
25
-
If you believe you have found any security vulnerability, please do not report it publicly! Instead, please report it via [fill this form](https://forms.gle/iYjv8jGqkBzjy9yW9) or send an e-mail.
25
+
If you believe you have found any security vulnerability, please do not report it publicly! Instead, please report it via [the repository Security Advisories system](https://github.com/hugoalh-studio/ghactions-toolkit-powershell/security/advisories/new), [fill this form (legacy)](https://forms.gle/iYjv8jGqkBzjy9yW9), or send an e-mail (legacy).
26
26
27
27
All new reports may need up to `~48 hours (~2 days)` to begin the process.
28
28
29
+
> **📢 Security Vulnerability Report for GitHub repositories should report to their Security Advisories system:**
30
+
>
31
+
> GitHub now introduced private vulnerability reporting, a dedicated communications channel where the community can disclose security issues directly on GitHub, and allow security researchers to report vulnerabilities securely in the repository.
32
+
>
33
+
> For the instruction on how to submit a security vulnerability report via the new Security Advisories system, please visit "[Creating a repository security advisory](https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory)".
34
+
29
35
> **⚠ Important:**
30
36
>
31
-
> All reports will only proceed to further process while:
37
+
> All legacy reports will only proceed to further process while:
32
38
>
33
39
> - with the correct personal information of the reporter, and
34
40
> - with the correct project's ID or repository URI.
@@ -49,7 +55,7 @@ Please provide as much as you can to help the security vulnerability report supe
49
55
- Your account's username (e.g.: `@octocat`).
50
56
- Project's ID or repository URI.
51
57
- Project's ID is displayed at the top part of the Readme (file: `README.md`), below the project display name (i.e.: header), inside a code block.
0 commit comments