From 33394c740971dcdb73969879b1091a91b39eaa7c Mon Sep 17 00:00:00 2001 From: Florian Zschocke <2362065+flaix@users.noreply.github.com> Date: Mon, 20 May 2024 21:49:22 +0200 Subject: [PATCH] doc: Update SECURITY.md to include Github's reporting mechanism --- .github/SECURITY.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 483daf0e4..861c96f3d 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -5,7 +5,10 @@ The Gitblit team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. -To report a security issue, please send an email to the following email address and include the word "SECURITY" in the subject line. + +To report a security vulnerability, you can use the Github mechanism to [privately report a vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability). On Gitblit's repository page, choose the `Security` tab (under the repository name). Click the `Report a vulnerability` button on the right. + +Alternatively, you can also report any security issue via e-mail. Send an email to the following email address and include the word "SECURITY" in the subject line. ``` gitblitorg@gmail.com