]> source.dussan.org Git - gitblit.git/commitdiff
doc: Update SECURITY.md to include Github's reporting mechanism master
authorFlorian Zschocke <2362065+flaix@users.noreply.github.com>
Mon, 20 May 2024 19:49:22 +0000 (21:49 +0200)
committerGitHub <noreply@github.com>
Mon, 20 May 2024 19:49:22 +0000 (21:49 +0200)
.github/SECURITY.md

index 483daf0e42a078369665a2e313941881f4fa95be..861c96f3dbd85cd9aa25d9ba491f8bc5ea86caa8 100644 (file)
@@ -5,7 +5,10 @@
 
 The Gitblit team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
 
-To report a security issue, please send an email to the following email address and include the word "SECURITY" in the subject line.
+
+To report a security vulnerability, you can use the Github mechanism to [privately report a vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability). On Gitblit's repository page, choose the `Security` tab (under the repository name). Click the `Report a vulnerability` button on the right. 
+
+Alternatively, you can also report any security issue via e-mail. Send an email to the following email address and include the word "SECURITY" in the subject line.
 
 ```
 gitblitorg@gmail.com