diff --git a/assets/images/help/notifications/repository-watching-notification-options.png b/assets/images/help/notifications/repository-watching-notification-options.png new file mode 100644 index 0000000000..a3cd40959c Binary files /dev/null and b/assets/images/help/notifications/repository-watching-notification-options.png differ diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md index e0b81ab824..1bdc4aee50 100644 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md +++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md @@ -135,10 +135,10 @@ Notifications are different for incremental scans and historical scans. 1. On your notification settings page, under "Subscriptions", then under "Watching", select the **Notify me** dropdown. 1. Select "Email" as a notification option, then click **Save**. - ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/secret-scanning-notification-options.png) + ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/repository-watching-notification-options.png) {% endif %} -{% data reusables.secret-scanning.notification-settings %} +{% data reusables.notifications.watch-settings %} {% ifversion secret-scanning-backfills %} ### Historical scans @@ -150,7 +150,7 @@ For historical scans, {% data variables.product.product_name %} notifies the fol We do _not_ notify commit authors. -{% data reusables.secret-scanning.notification-settings %} +{% data reusables.notifications.watch-settings %} {% endif %} diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities.md index 7bd4fc1b75..ea242f665d 100644 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities.md +++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities.md @@ -22,7 +22,9 @@ When a security researcher reports a vulnerability privately, you are notified a ## Managing security vulnerabilities that are privately reported -{% data variables.product.prodname_dotcom %} notifies repository maintainers when security researchers privately report vulnerabilities in their repository, and sends notifications if maintainers watch the repository or if they have notifications enabled for the repository. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications)." +{% data reusables.security-advisory.private-vulnerability-reporting-configure-notifications %} + +For more information about configuring notification preferences, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository#configuring-notifications-for-private-vulnerability-reporting)." {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %} diff --git a/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md b/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md index f306847832..23f02b3a45 100644 --- a/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md +++ b/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md @@ -34,3 +34,26 @@ The instructions in this article refer to enablement at repository level. For in {% data reusables.security-advisory.private-vulnerability-reporting-security-researcher %} {% data reusables.security-advisory.private-vulnerability-api %} + +## Configuring notifications for private vulnerability reporting + +{% data reusables.security-advisory.private-vulnerability-reporting-configure-notifications %} + +Notifications depend on the user's notification preferences. You will receive an email notification if: +- You are watching the repository. +- You have enabled notifications for "All Activity". +- In your notification settings, under "Subscriptions", then under "Watching", you have selected to receive notifications by email. + +{% data reusables.repositories.navigate-to-repo %} +1. To start watching the repository, select **{% octicon "eye" aria-hidden="true" %} Watch**. + + ![Screenshot of the repository's main page. A dropdown menu, titled "Watch", is highlighted with an orange outline.](/assets/images/help/repository/repository-watch-dropdown.png) + +1. In the dropdown menu, click **All Activity**. +1. Navigate to the notification settings for your personal account. These are available at [https://github.com/settings/notifications](https://github.com/settings/notifications). +1. On your notification settings page, under "Subscriptions," then under "Watching," select the **Notify me** dropdown. +1. Select "Email" as a notification option, then click **Save**. + + ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/repository-watching-notification-options.png) + +{% data reusables.notifications.watch-settings %} diff --git a/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md b/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md index 993c4db849..51689b1688 100644 --- a/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md +++ b/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md @@ -23,6 +23,10 @@ For organization owners and security managers, the benefits of using private vul The instructions below refer to enablement at organization level. For information about enabling the feature for a repository, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository)." +{% data reusables.security-advisory.private-vulnerability-reporting-configure-notifications %} + +For more information about configuring notification preferences, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository#configuring-notifications-for-private-vulnerability-reporting)." + ## Enabling or disabling private vulnerability reporting for all the existing public repositories in an organization {% data reusables.profile.access_org %} diff --git a/data/reusables/secret-scanning/notification-settings.md b/data/reusables/notifications/watch-settings.md similarity index 100% rename from data/reusables/secret-scanning/notification-settings.md rename to data/reusables/notifications/watch-settings.md diff --git a/data/reusables/security-advisory/private-vulnerability-reporting-configure-notifications.md b/data/reusables/security-advisory/private-vulnerability-reporting-configure-notifications.md new file mode 100644 index 0000000000..9e67618d05 --- /dev/null +++ b/data/reusables/security-advisory/private-vulnerability-reporting-configure-notifications.md @@ -0,0 +1,4 @@ +When a new vulnerability is privately reported on a repository where private vulnerability reporting is enabled, {% data variables.product.product_name %} notifies repository maintainers and security managers if: + +- They're watching the repository for all activity. +- They have notifications enabled for the repository.