Repository administrators can now lock draft repository security advisories and private vulnerability reports to prevent collaborators from editing advisory content or metadata. When locked, only administrators can make changes; collaborators can still participate through comments.

This gives you greater control over the triage and publication process for private vulnerability reports. Once you’ve reviewed a report and made decisions on severity or other fields, you can lock the advisory to preserve the integrity of the record and ensure no unintended changes are made while discussions continue.

Lock and unlock draft and timeline

To lock or unlock a draft advisory, navigate to the advisory and select Lock advisory from the advisory actions menu on the right side. Only repository administrators can lock or unlock advisories.

Learn more about repository security advisories and managing privately reported security vulnerabilities.

Join the discussion within GitHub Community.