Innersource security advisories go GA
GitHub has made innersource security advisories generally available. This feature is a significant step in managing vulnerabilities more effectively.
On July 8, GitHub made innersource security advisories generally available. This feature allows organizations to publish notifications about vulnerabilities within their owned repositories without making them public.
With the new REST API, organizations can create and update security advisories. Dependabot serves as the delivery mechanism, notifying relevant repositories and providing security alerts and version updates. However, the effectiveness of this system relies on the security teams regularly creating these advisories.