Custom yellow banner like Dependabot #11478
-
Hello, (not the correct topic I imagine, but the closest one I was able to find) I read the API available for the https://docs.github.com/en/rest/reference/code-scanning in general, but I was not able to find something that allows me to "create" a yellow/alert banner on a particular repository, like dependabot is doing. My use case: I am the Security Officer of the Jenkins project and we have 1800+ repositories for the plugins. When a plugin is expected to receive a (coordinated) vulnerability correction in a upcoming advisory, I would like to automatically "mark" the repository with a large banner like dependabot, to inform the maintainers (the ones that were not necessarily involved with the correction), to avoid them releasing new version while one is staged in private. Example of desired message: "Be careful, a new version with a security fix will be released on Feb XX, please do hold PR merging / releasing". As it's required to let only maintainers know about this, the banner was the perfect choice as a regular contributor will not see them and thus, does not disclose the release in advance. Best regards, Wadeck Follonier |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Thanks for your suggestion. We don't have a public API for this scenario. Our intended solution for this scenario is to open a GitHub security advisory and then tag your fellow maintainers on that advisory so that they are informed before the advisory has been published. |
Beta Was this translation helpful? Give feedback.
Thanks for your suggestion. We don't have a public API for this scenario. Our intended solution for this scenario is to open a GitHub security advisory and then tag your fellow maintainers on that advisory so that they are informed before the advisory has been published.