Org .github repo works, but isn't being picked up

GitHub apparently supports having FUNDING.yml and SECURITY.yml directly in the root of an org-wide .github directory. However, it seems Tidelift isn’t detecting these (but it has detected them on another org that has FUNDING.yml inside a .github dir inside the .github repo). is the specific task I’m looking at; it’d be great to get a holistic solution instead of manual approval so all the other repos in that org can have their sponsor button task cleared (ideally also, if all the “coordinated disclosure” tasks could pick up that the org has a security policy, and automatically pick up that URL)

(another possibility is that since these repos were originally under my username, and have since been moved to the org, that tidelift hasn’t followed github’s redirect for the funding verification)

1 Like