summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Zschocke <2362065+flaix@users.noreply.github.com>2024-05-20 21:49:22 +0200
committerGitHub <noreply@github.com>2024-05-20 21:49:22 +0200
commit33394c740971dcdb73969879b1091a91b39eaa7c (patch)
tree0f9eb93f83f0431dad865901c9c8fc0ddc79e9be
parent8d24e989eb0e3f79cabd63b92f8feb91da8bf818 (diff)
downloadgitblit-master.tar.gz
gitblit-master.zip
doc: Update SECURITY.md to include Github's reporting mechanismHEADmaster
-rw-r--r--.github/SECURITY.md5
1 files changed, 4 insertions, 1 deletions
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 483daf0e..861c96f3 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -5,7 +5,10 @@
The Gitblit team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
-To report a security issue, please send an email to the following email address and include the word "SECURITY" in the subject line.
+
+To report a security vulnerability, you can use the Github mechanism to [privately report a vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability). On Gitblit's repository page, choose the `Security` tab (under the repository name). Click the `Report a vulnerability` button on the right.
+
+Alternatively, you can also report any security issue via e-mail. Send an email to the following email address and include the word "SECURITY" in the subject line.
```
gitblitorg@gmail.com