Creating a security advisory

Anyone with admin permissions to a repository can create a security advisory.

Creating a security advisory

1. En GitHub, visita la página principal del repositorio.
2. Debajo de tu nombre de repositorio, da clic en Seguridad.
3. En la barra lateral izquierda, haga clic en Security advisories (Avisos de seguridad).
4. Click New draft security advisory.
5. Type a title for your security advisory.
6. Teclea los detalles de la vulnerabilidad de seguridad que está tratando la asesoría de seguridad.
7. Select the severity of the security vulnerability. To assign a CVSS score, select "Assess severity using CVSS" and click the appropriate values in the calculator. GitHub calculates the score according to the "Common Vulnerability Scoring System Calculator."
8. Add common weakness enumerators (CWEs) for the kinds of security weaknesses that this security advisory addresses. For a full list of CWEs, see the "Common Weakness Enumeration" from MITRE.
9. If you have an existing CVE identifier, select "I have an existing CVE identifier" and type the CVE identifier in the text box. Otherwise, you can request a CVE from GitHub later. For more information, see "About GitHub Security Advisories."
10. Escribe una descripción de la vulnerabilidad de seguridad.
11. Click Create draft security advisory.

Next steps

• Comment on the draft security advisory to discuss the vulnerability with your team.
• Add collaborators to the security advisory. For more information, see "Adding a collaborator to a security advisory."
• Privately collaborate to fix the vulnerability in a temporary private fork. For more information, see "Collaborating in a temporary private fork to resolve a security vulnerability."
• Add individuals who should receive credit for contributing to the security advisory. For more information, see "Editing a security advisory."
• Publish the security advisory to notify your community of the security vulnerability. For more information, see "Publishing a security advisory."