Deleting a temporary private fork of a repository after addressing a security advisory

We have recently addressed a security advisory and in the process we created a temporary fork of a repository. How do we proceed to deleteing the fork? I do not see a settings page or option for the same as I would normally see as a organisation owner.

I could not find any documentation on this as well.

Hey! If you want to delete a private fork, you just need to follow the normal repository deleting workflow. Repo- Setting- Delete this repo- Type in the name of the repo. 

I just tested this on one of my private repos so you should be good. 

Hey @logankilpatrick !

Thanks for your reply, however as I mentioned in my OP this is not a normal private repository.

We created the private repo using the security advisory feature, as explained here.

This private fork was used to collaborate, and we do not see the settings option for the same. And hence did not see a way to delete this.

Here is a screenshot for reference:

The documentation on this is also not available.


Based on my understanding, it’s not possible. Your best bet is to contact GitHub Support to manually delete that fork. 

Though, they may have made it this way by design. I agree that this should be addressed in the docs. Maybe the word “temporary” fork implies it will auto-delete in the future but that info is not public at the moment. 

Thanks again.

Yes, that is my understanding as well. And since this feature is relatively new, I am going to give them the benifit they haven’t yet considered addtional features and options like this.

Anyways, the docs should have something. I am unsure whom to contact about this, I will probably send an email as a feature request or something to GitHub’s support.

Hopefully they improve this. I suggest emailing GitHub support.

Update 1:

You can not delete a temporary fork of a repo, which you created as a part of an open security advisory, if you close the advisory without making the security advisory public. This will include cases, where to chose not to disclose the advisory, or the advisory was not valid and could be closed. Regardless, if you created any temporary forks as a part of it, they will only be delete after you make the advisory public.

There is no documenation clarifiing this.

Once you do make the advisory public and close it, you should be able to delete any provate forks created.

Update 2:

GitHub support has reached out to me, I am awaitng for a reponse after clarifying the above details.


The Support team got back to me, acknowledging this to be a gap in the docs. They have forwarded the feedback to the engineering team. No commitments on a fix though.

Hope this helps someone with a similar scenario.