From 9b4bac675423277650685083756758bd0154fae8 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Tue, 9 May 2023 12:35:17 -0400
Subject: [PATCH] docs: add GHSA to vulnerability reporting methods

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
 SECURITY.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 5563e3d11f903..9e2ba5c6ba542 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -65,9 +65,10 @@ We will publish security advisories using the
 feature to keep our community well-informed, and will credit you for your
 findings (unless you prefer to stay anonymous, of course).
 
-Please report vulnerabilities by e-mail to the following address:
+There are two ways to report a vulnerability to the Argo CD team:
 
-* cncf-argo-security@lists.cncf.io
+* By opening a draft GitHub security advisory: https://github.com/argoproj/argo-cd/security/advisories/new
+* By e-mail to the following address: cncf-argo-security@lists.cncf.io
 
 ## Internet Bug Bounty collaboration