취약성 보고 및 관리에 대한 개념

The GitHub Advisory Database contains a list of known security vulnerabilities and malware, grouped in three categories: GitHub-reviewed advisories, unreviewed advisories, and malware advisories.

You can use repository security advisories to privately discuss, fix, and publish information about security vulnerabilities in your public repository.

Global security advisories are CVEs and GitHub-originated advisories affecting the open source world, located in the GitHub Advisory Database.

Vulnerability disclosure is a coordinated effort between security reporters and repository maintainers.

Understand how vulnerabilities in your own code and in third-party dependencies contribute to your organization's overall security exposure, and how to measure and reduce that risk.