[security] audit repository tooling #862

codeboten · 2023-08-21T17:14:16Z

The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:

CodeQL enabled via GitHub Actions
Static code analysis tool (the collector uses govulncheck [https://pkg.go.dev/golang.org/x/vuln] on every build)
Repository security settings
- Security Policy ✅
- Security advisories ✅
- Private vulnerability reporting ✅
- Dependabot alerts ✅
- Code scanning alerts ✅

Parent issue: open-telemetry/sig-security#12

Related to #862

github-actions · 2024-09-21T03:41:49Z

This issue was marked stale. It will be closed in 30 days without additional activity.

codeboten self-assigned this Aug 21, 2023

codeboten mentioned this issue Aug 21, 2023

Audit repositories for security tools open-telemetry/sig-security#12

Open

68 tasks

codeboten pushed a commit that referenced this issue Aug 21, 2023

Add CodeQL configuration

a085945

Related to #862

codeboten mentioned this issue Aug 21, 2023

Add CodeQL configuration #863

Merged

codeboten pushed a commit that referenced this issue Aug 22, 2023

Add CodeQL configuration (#863)

9478dd9

Related to #862

This was referenced Aug 23, 2023

Add CodeQL workflow for Java #866

Closed

Add CodeQL for csharp #867

Closed

github-actions bot added the Stale label Sep 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[security] audit repository tooling #862

[security] audit repository tooling #862

codeboten commented Aug 21, 2023 •

edited

Loading

github-actions bot commented Sep 21, 2024

[security] audit repository tooling #862

[security] audit repository tooling #862

Comments

codeboten commented Aug 21, 2023 • edited Loading

github-actions bot commented Sep 21, 2024

codeboten commented Aug 21, 2023 •

edited

Loading