What is a Security Advisory in GitHub and how do you create a private one?

Prepare for the GitHub Advanced Security Certification Test. Practice with multiple choice questions, detailed explanations, and hints. Achieve success on your first attempt!

Multiple Choice

What is a Security Advisory in GitHub and how do you create a private one?

Explanation:
A Security Advisory in GitHub is a formal, structured record of a vulnerability that lets maintainers document details, mitigations, and references in one place. It also provides a private space to coordinate disclosure with affected parties, vendors, and collaborators before making the information public. Creating a private advisory is about starting that record in a private mode so you can discuss fixes and timelines without alerting the broader public until you’re ready. To create a private advisory, you go to the repository’s Security tab and open Security Advisories, then create a new advisory and set it to private. You can fill in the vulnerability description, impacts, suggested mitigations, remediation steps, and links to related resources. You can invite collaborators to review and refine the advisory, and you may associate a CVE if one is assigned. Once coordination is complete, you can publish the advisory to make it public. This approach matches the idea of a targeted, controlled disclosure rather than a general notification, a public roadmap entry, or a code-change proposal.

A Security Advisory in GitHub is a formal, structured record of a vulnerability that lets maintainers document details, mitigations, and references in one place. It also provides a private space to coordinate disclosure with affected parties, vendors, and collaborators before making the information public. Creating a private advisory is about starting that record in a private mode so you can discuss fixes and timelines without alerting the broader public until you’re ready.

To create a private advisory, you go to the repository’s Security tab and open Security Advisories, then create a new advisory and set it to private. You can fill in the vulnerability description, impacts, suggested mitigations, remediation steps, and links to related resources. You can invite collaborators to review and refine the advisory, and you may associate a CVE if one is assigned. Once coordination is complete, you can publish the advisory to make it public.

This approach matches the idea of a targeted, controlled disclosure rather than a general notification, a public roadmap entry, or a code-change proposal.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy