Does credited people on a draft advisory gets access to view it?

[surli]

Select Topic Area

Question

Body

Hi,

we're using the Github security advisories a lot per our security policy and I wanted to know if people credited with a github account in a draft advisory gets some right access to view it or not? If not how are they able to accept or deny it?

I checked in both https://github.blog/2020-05-26-giving-credit-for-security-advisories/ and https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/editing-a-repository-security-advisory but the documentation is not quite clear about this particular point.

Note that I'm fine to give the credited user a direct right access as collaborator, but I wanted first to have a clear answer on how the credits works for such case.

Thanks

[ossanna16]

Hi there @surli and welcome to our community! Thank you for asking a great question 🙂
While you are waiting for a reply to your question, here are a few things you can do:

To get started, introduce yourself in our official introduction thread
To connect with other new users, check out this Discussion to Meet Your GitHub Community Team, further your GitHub knowledge by working through our GitHub Skill 🆙 exercises, and participate in our weekly Fun Friday chats

[piRGoif]

Hello,
We also have this need !
We are publishing the advisories 3 months after the package containing the fix is published.
But in the meantime we would like to give read access to reporters to the corresponding advisory which stays in draft for some weeks.
The collaborators will get write access, so we aren't using this feature.
Would be perfect to have the ability to give read access for each credit !

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬