Prevent users to report security issues via GitHub issues #285

ppalaga · 2024-10-02T19:27:51Z

We just got a security issue reported for QCXF (not linking it here intentionally).

Quarkus has this warning in the new issue form:

I wonder whether we could adopt similar measures for Quarkiverse projects too?

There is also this Privately reporting a security vulnerability feature of GitHUb that we perhaps might consider enabling?

gastaldi · 2024-10-03T02:39:29Z

There is also this Privately reporting a security vulnerability feature of GitHUb that we perhaps might consider enabling?

That requires integrations/terraform-provider-github#2399 to be implemented. For now we can enable them individually in a manual basis.

ppalaga · 2024-10-03T11:33:20Z

For now we can enable them individually in a manual basis.

Could you please enable it for Quarkus CXF?

gastaldi · 2024-10-03T11:38:25Z

For now we can enable them individually in a manual basis.

Could you please enable it for Quarkus CXF?

Of course, done.

gastaldi · 2024-10-03T12:07:35Z

I've enabled that by default in the Organization settings (https://github.com/organizations/quarkiverse/settings/security_products). It's now enabled in all Quarkiverse repositories.

gastaldi closed this as completed Oct 3, 2024

Provide feedback