Lock and unlock draft repository security advisories

Repository administrators can now lock draft repository security advisories and private vulnerability reports to prevent collaborators from editing advisory content or metadata. When locked, only administrators can make changes; collaborators can still participate through comments.

This gives you greater control over the triage and publication process for private vulnerability reports. Once you’ve reviewed a report and made decisions on severity or other fields, you can lock the advisory to preserve the integrity of the record and ensure no unintended changes are made while discussions continue.

Lock and unlock draft and timeline

To lock or unlock a draft advisory, navigate to the advisory and select Lock advisory from the advisory actions menu on the right side. Only repository administrators can lock or unlock advisories.

Learn more about repository security advisories and managing privately reported security vulnerabilities.

Join the discussion within GitHub Community.

JUN.9Release
Dependabot version updates now support the Deno ecosystem
- Supply Chain Security
JUN.9Retired
Upcoming breaking changes for npm v12
- Supply Chain Security
MAY.26Release
Dependabot version updates now support the sbt ecosystem
- Supply Chain Security
MAY.22Release
Staged publishing and new install-time controls for npm
- Supply Chain Security
MAY.19Retired
Upcoming deprecation of Python 3.9 for Dependabot
- Supply Chain Security
MAY.12Retired
Synchronous SBOM API deprecated
- Supply Chain Security
MAY.11Improvement
Cross-org Dependabot access for internal repositories
- Supply Chain Security
MAY.6Release
Search and filter bar for repository security advisories
- Supply Chain Security
MAY.5Release
Dependency scanning with GitHub MCP Server is in public preview
- Supply Chain Security

Lock and unlock draft repository security advisories

Related Posts

Subscribe to our developer newsletter