Eddie Knight

Hi there! I'm just starting to take a look at this, and I noticed that your pull request name isn't very descriptive. If you take a look at the [Pull...

I also noticed the DCO check is failing. You can look at the checks section of the PR (I believe it should always be below the last comment) and look...

Hi there! I'm just getting started looking at your pull request, and I noticed the DCO check is failing. You can look at the checks section of the PR (I...

LGTM. We can merge this PR and then I'll reach out to the maintainers for next steps.

During the Security Slam we use CLOMonitor to measure projects against the CNCF security hygiene standards. Projects we've spoken who aren't able to meet the standard generally fall into three...

I reached out to the ContainerSSH maintainers, and they're excited to hear more about this. Making an intro on Slack now. Will do the same when I hear back from...

This checklist was developed by myself and @puerco to help guide contributions. When the project tracking kicks in on https://clomonitor.io then more of the security hygiene state will be visible...

Hey @noelmcloughlin! Right now we have been primarily using Terraform and Ansible for IaC, and our CaC/validation toolkit is in very early stages (we have recently decided to move away...

:wave: :shipit: Eddie Knight / Sonatype

Note: exemptions are tolerated, even for repos that are scanned as part of the official CNCF project. See example here: https://github.com/cncf/clomonitor/blob/main/docs/metadata/.clomonitor.yml