-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
register the database to github/advisory-database #11
Comments
Was this ever done/attempted? I don't see relevant issues in github's repo. Should this be reopened? |
@MathiasSM I think you're right - that this was closed by mistake. But, the scope was to create a ticket In retrospect, I am not sure if replicating all our advisories in the GitHub repo, with their own GHSA ID, |
I honestly have little knowledge on how to setup the integration, but will gladly help once Github answers the ticket :) thanks! |
I think the benefit of the advisories being in the GitHub database too is that projects that use a vulnerable dependency will receive a security warning (and dependabot PR if enabled) when GitHub records the vulnerability. |
Once the system is in place, creates an issue for https://github.com/github/advisory-database#sources .
The text was updated successfully, but these errors were encountered: