security

A small gh one-liner that turns on private vulnerability reporting for every public, non-archived, non-fork repo you own — or every repo in an org you administer — so security researchers have a sanctioned channel to report issues before they go public.

Dependabot’s defaults can make it look like an agent of chaos. Here’s how cooldowns, dependency groups, and a Claude skill turn down the churn — fewer rebases, boring CI, and a few extra days for the world to flag the bad actors.