Locking Draft Advisories

Repository administrators can now lock draft repository security advisories and private vulnerability reports to prevent collaborators from editing advisory content or metadata. When an advisory is locked, only administrators can make changes to the advisory itself, though collaborators can still participate through comments on the advisory.

Use Cases

This feature helps teams maintain the integrity of security records throughout the triage and publication process. Once you've reviewed a vulnerability report and made decisions on severity ratings or other critical fields, you can lock the advisory to preserve accuracy and prevent unintended changes while discussions and remediation efforts continue.

How to Use

To lock or unlock a draft advisory, navigate to the advisory and select Lock advisory from the advisory actions menu on the right sidebar. Only repository administrators have permission to lock or unlock advisories. Locked advisories maintain full comment functionality for ongoing team discussions.

Related Resources

For more information about managing security advisories, refer to the GitHub documentation on repository security advisories and managing privately reported security vulnerabilities.