Repositories may now specify a security policy by creating a file named SECURITY.MD. This file should be used to instruct users about how and when to report security vulnerabilities to the repository maintainers. When included, this file will be shown in the repository’s “Security” tab, and in the new issue workflow.
The internal repository visibility option is available to customers with an Enterprise account. This new visibility option makes it easier to innersource code and projects to your organization members while restricting access to outside collaborators.