GitHub Security Advisory private forks support Actions #627
Comments
github-product-roadmap
added
all
kevingduck
moved this from Q2 2023 – Apr-Jun
to Q1 2024 – Jan-Mar
in GitHub Public Roadmap
kevingduck
moved this from Q1 2024 – Jan-Mar
to Q3 2023 – Jul-Sep
in GitHub Public Roadmap
|
Please continue to refer to our updated Public Roadmap for the latest ships, including updates on the continuation of these projects. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
Developers that use temporary private forks to privately fix their draft security advisories cannot currently take advantage of their test automation in GitHub Actions. We will add support for GitHub Actions in temporary private forks for draft security advisories so developers can run test automation.
Intended Outcome
Private forks are currently used to fix security issues behind closed doors.
However, if you can't test your code before merging the fix, you could be introducing new bugs as an accidental byproduct. This leads to project maintainers releasing a fix, realizing it has bugs, and then releasing a fix for the fix.
Allowing GitHub Actions to run on private forks will help developers resolve security vulnerabilities faster and safer.
How will it work?
Developers who open a temporary private fork to fix a security issue will be able to use most GitHub Actions workflows in that private fork as normal. However, because these repositories often have untrusted external collaborators, workflows will be unable to use organization secrets.
The text was updated successfully, but these errors were encountered: