Allow guests to create an issue from a vulnerability
Problem to solve
Security should be a high priority for everyone. If I spot some vulnerability on a project, I should be able to start the remediation process as soon as possible, even if I'm not fully involved in the team.
We have a very nice feature to create issues from the security reports. This feature requires Reporter
or higher, but if we allow guests to create the issue, we have more chances to speed up the fix.
Guests may be able to create "regular" issues, this is just a shortcut that cannot bring any additional security concern to the repo.
Proposal
Allow anyone to create an issue from a vulnerability in the security report.
This should only be allowed if:
- User has the ability to see the report
- User has the ability to create issues
What does success look like, and how can we measure that?
Issues to fix vulnerabilities are created by guests users.
Edited by Sam Kerr