[security] audit repository tooling

[sakshi-1505]

The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:

• CodeQL enabled via GitHub Actions
• Static code analysis tool (the collector uses govulncheck [https://pkg.go.dev/golang.org/x/vuln] on every build)
• Repository security settings
  • Security Policy ✅
  • Security advisories ✅
  • Private vulnerability reporting ✅
  • Dependabot alerts ✅
  • Code scanning alerts ✅

Parent issue: open-telemetry/sig-security#12

[sakshi-1505]

@jlegoff Can you please confirm if the above checks are enabled? I don't see any activity on this repository, I am not sure if it is even active or not.
cc: @codeboten

[jlegoff]

@tigrannajaryan I think this repository can be archived. Last I remember, opamp was going to be implemented directly in the java sdk. What do you think?

[tigrannajaryan]

@jlegoff I agree, there is no activity in the repo. I will archive it.

Last I remember, opamp was going to be implemented directly in the java sdk.

I was not aware of this. Is this documented anywhere?

[jlegoff]

@tigrannajaryan this was discussed in the java instrumentation SIG (notes). That said, I'm not seeing any trace of opamp in the java repos. It seems like the decision wasn't made official and no concrete action was made after this discussion.