GitHub Community
Secret scanning: Is it possible to non-publicly inform a user of an issue on PR? #64070
-
Select Topic AreaQuestion BodyIf there is a detection in a public repository, is the user of an issue or PR notified as well as the repository owner? If not, it is possible to non-publicly inform a user that there have been a detection and they might need to take action? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Indeed, security advisories serve exactly that purpose. When you visit a GitHub repository, right above the sections for issues, pull requests, and settings, you'll find a button labeled "Security". Click it. Then on the left side, you'll see more buttons – go ahead and click on 'Advisories.' This is where you can have a private discussion about any security concerns. |
Beta Was this translation helpful? Give feedback.
-
|
I hope this helps. For more info, you can read github's document here |
Beta Was this translation helpful? Give feedback.
-
|
It helped. Thank you. |
Beta Was this translation helpful? Give feedback.
-
|
I am glad it did :) |
Beta Was this translation helpful? Give feedback.
Indeed, security advisories serve exactly that purpose. When you visit a GitHub repository, right above the sections for issues, pull requests, and settings, you'll find a button labeled "Security". Click it. Then on the left side, you'll see more buttons – go ahead and click on 'Advisories.' This is where you can have a private discussion about any security concerns.