Configuration for Allstar, a security tool produced by the Open Source Security Foundation.
Allstar is a security-policy GitHub App. It is installed on this org, and this repo contains the configuration for that app. It is configured to create issues on repos that do not comply with the configured policy.
- Apart from branch protection, Allstar is configured on all public repositories, unless a specific opt-out has been granted. See here for the list of opt-outs
- All opt-outs are at the global level - repositories may not opt out by creating a file in their own repository.
- Allstar is disabled for private repositories
- Feel free to submit a PR to opt a repository out, but please include a brief message explaining why the exclusion is needed.
These are the expected settings to be in compliance:
Branch protection is currently opt-in only, as remediation is required.
| Branches enforced | default |
| Require approval | yes |
| Approvals required | 1 |
| Dismiss stale reviews | not required |
| Block force push | yes |
- Binary artifacts are not allowed.
- Push access is allowed.
- Admin access is not allowed.
- SECURITY.md is required.
.allstar is available under the Apache Licence.
Feel free to raise an issue on GitHub, or see our security disclosure policy.
Avanade is the leading provider of innovative digital and cloud services, business solutions and design-led experiences on the Microsoft ecosystem, and the power behind the Accenture Microsoft Business Group.