Enable AllStars across OpenTelemetry organisation #1831
Comments
|
Thank you for driving this @sakshi-1505! |
|
No idea about this product, happy to enable this if we have couple of the security-maintainers approving (+1) this. |
|
cc @open-telemetry/sig-security-maintainers |
|
This is a known project to sig-security as part of the outreachy internship. Ping @jpkrohling |
|
I approve. Thanks for opening the issue @sakshi-1505! @cartersocha @jpkrohling can you reply here with "I approve" 😬 |
|
I approve |
|
@sakshi-1505 can you provide some details what is required to roll out allstar? Do you have a suggestion, if using a dedicated repository is best, or can this be housed in the .github repository? |
|
I approve as well |
Enabled it for the sig-security repo, do you need for all? |
@svrnm we can actually use either but using a dedicated |
@bogdandrutu We will need to enable it for all repo's ideally but for now we can limit the installation to few repos; @jpkrohling I suggest that we add otel-go & contrib-go in the first phase and if things work out fine we can enable it across the org. |
SGTM. |
|
Done. Closing this issue, please open a different one if more permissions are required (or extend the list). 
|
What?
We need to install/enable Allstar application across our organisation https://github.com/ossf/allstar.
Why?
Sig-Security is implementing auditing & security best-practices for the Otel organisation; to ensure certain checks & consistency across all the repository in our organisation, we need to install Allstar & enforce certain policies. See open-telemetry/sig-security#12, open-telemetry/sig-security#21
When?
We would prefer to get it install as soon as possible since we will have opt-in configuration for now which means it won't be enabled across the org's repositories but at the places over which we would have defined the configuration.
The text was updated successfully, but these errors were encountered: