This article applies only to repository-level security advisories. Anyone can contribute to global security advisories in the GitHub Advisory Database at github.com/advisories. Edits to global advisories will not change or affect how the advisory appears on the repository. For more information, see "Editing security advisories in the GitHub Advisory Database."
Permissions overview
Anyone with admin permissions to a public repository can create a security advisory.
Anyone with admin permissions to a public repository also has admin permissions to all security advisories in that repository. People with admin permissions to a security advisory can add collaborators, and collaborators have write permissions to the security advisory. For more information about adding a collaborator to a security advisory, see "Adding a collaborator to a repository security advisory."
Action | Write permissions | Admin permissions |
---|---|---|
See a draft security advisory | ||
Add collaborators to the security advisory (see "Adding a collaborator to a repository security advisory") | ||
Edit and delete any comments in the security advisory | ||
Create a temporary private fork in the security advisory (see "Collaborating in a temporary private fork to resolve a repository security vulnerability") | ||
Add changes to a temporary private fork in the security advisory (see "Collaborating in a temporary private fork to resolve a repository security vulnerability") | ||
Create pull requests in a temporary private fork (see "Collaborating in a temporary private fork to resolve a repository security vulnerability") | ||
Merge changes in the security advisory (see "Collaborating in a temporary private fork to resolve a repository security vulnerability") | ||
Add and edit metadata in the security advisory (see "Publishing a repository security advisory") | ||
Add and remove credits for a security advisory (see "Editing a repository security advisory") | ||
Close the draft security advisory | ||
Publish the security advisory (see "Publishing a repository security advisory") |