With GitHub Security Advisories:
You can create a temporary private fork to privately collaborate on fixing a security vulnerability in your repository.
This sounds really useful for working with team members on fixing security issues in open source projects.
For normal private repos, we get 2,000 free minutes per month to use with GitHub Actions.
How does GitHub Actions work with temporary private forks for security vulnerabilities? It would be great to be able to properly test our fixes in private, without having to worry about quotas, or reducing what is tested to keep within limits.
What I’d like to avoid is publishing a security fix, and only when it’s public finding out it doesn’t fix the problem on something we normally test and would have otherwise caught before merging.