Tried out the "rake sync_github_advisories" yesterday. Successful downloaded the advisories (3 modified and 10 new).
Later I reviewed some recent PRs that have advisories in them - these helped me understand
how others mapped the "before" fields into the "after" file.
Also learned that I can't download the file multiple times - need to see if there is a "-f" (force) option.

Recommendations

1. Add about "yamllint" during contributing. I added it locally to fix the yaml-ness.
2. Encourage running "rake" before contributing since it run checks against the yaml file.
3. The Github key needed is classic, not fine grain.
4. Add an example GitHub "before" file to the repo and then point to the "after" file so contributors can see actual mapping.

UPDATE: Yesterday got some yaml files that I had downloaded and edited previously so I had "git diff"erences.
"git diff" was so unhelpful, I finally just did a cut-and-paste from master into my branch.

• Need a better "git diff" tool (Personal TODO)
• Won't "pre-edit" downloaded files again (smile).
• Another Personal TODO from previous entry: "-f" (force" with "sync_github_advisories"?

This is better as a blog or diary somewhere else so closing.