opentelemetry-cpp icon indicating copy to clipboard operation
opentelemetry-cpp copied to clipboard

Published 20 hours ago verified publisher icon open-telemetry

[security] audit repository tooling

Open codeboten opened this issue 2 years ago • 5 comments
trafficstars

The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:

  • [X] CodeQL enabled via GitHub Actions - enabled in opentelemetry-cpp here GitHub Actions
  • [ ] Static code analysis tool - missing, see #2297
  • [X] Repository security settings
    • [X] Security Policy ✅ - enabled
    • [X] Security advisories ✅ - enabled
    • [X] Private vulnerability reporting ✅ - enabled
    • [X] Dependabot alerts ✅ - enabled
    • [X] Code scanning alerts ✅ - enabled

Parent issue: https://github.com/open-telemetry/sig-security/issues/12

codeboten avatar Aug 30 '23 15:08 codeboten

@codeboten I am an Outreachy candidate, can you please assign me this issue?

sakshi-1505 avatar Oct 06 '23 13:10 sakshi-1505

Thanks @sakshi-1505, i don't have the ability to assign issues in this repo. @marcalff are you still working on this issue? would @sakshi-1505 be able to help? Thanks!

codeboten avatar Oct 06 '23 17:10 codeboten

This issue was marked as stale due to lack of activity.

github-actions[bot] avatar Dec 06 '23 01:12 github-actions[bot]

Not stale

sakshi-1505 avatar Dec 07 '23 15:12 sakshi-1505

This issue was marked as stale due to lack of activity.

github-actions[bot] avatar Feb 07 '24 01:02 github-actions[bot]