]> source.dussan.org Git - gitblit.git/commitdiff
projects / gitblit.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8d24e98)
doc: Update SECURITY.md to include Github's reporting mechanism master
authorFlorian Zschocke <2362065+flaix@users.noreply.github.com>
Mon, 20 May 2024 19:49:22 +0000 (21:49 +0200)
committerGitHub <noreply@github.com>
Mon, 20 May 2024 19:49:22 +0000 (21:49 +0200)
.github/SECURITY.md patch | blob | history

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 483daf0e42a078369665a2e313941881f4fa95be..861c96f3dbd85cd9aa25d9ba491f8bc5ea86caa8 100644 (file)
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -5,7 +5,10 @@
 
 The Gitblit team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
 
 
 The Gitblit team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
 
-To report a security issue, please send an email to the following email address and include the word "SECURITY" in the subject line.
+
+To report a security vulnerability, you can use the Github mechanism to [privately report a vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability). On Gitblit's repository page, choose the `Security` tab (under the repository name). Click the `Report a vulnerability` button on the right. 
+
+Alternatively, you can also report any security issue via e-mail. Send an email to the following email address and include the word "SECURITY" in the subject line.
 
 ```
 gitblitorg@gmail.com
 
 ```
 gitblitorg@gmail.com
Pure java git solution: https://github.com/gitblit-org/gitblit