Skip to content

S19.07: Enable GitHub private vulnerability reporting #583

Description

@DavidCozens

Parent epic: #155

Repo-settings checklist — kept as its own story so it is not forgotten (per E19 #155 guidance).

Tasks

  • Enable Private Vulnerability Reporting on the solid-syslog repo (Settings → Code security).
  • Configure Security Advisory workflow permissions.
  • Document the required settings in the triage runbook (S19.05) so they are reproducible after any org/account move.

Note

This gates SECURITY.md's primary intake channel — the "Report a vulnerability" button only appears once Private Vulnerability Reporting is on. Re-verify after the account migration to the Cozens org, since org transfer can reset security settings.

Acceptance

Private vulnerability reporting live; a test private report can be filed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    storyStory issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions