java-control-plane icon indicating copy to clipboard operation
java-control-plane copied to clipboard

Published 20 hours ago verified publisher icon envoyproxy

Install Security Policy App: Allstar

Open jeffmendoza opened this issue 4 years ago • 6 comments

I'd like to install Allstar https://github.com/ossf/allstar https://github.com/apps/allstar-app on this repo as a trail for eventually enabling on all envoyproxy org repos.

Allstar checks repos for violations against configured security policies, and takes actions when out of compliance:

Policies:

  • Branch Protection settings
  • SECURITY.md present
  • No non-org Admins (outside collaborators)
  • No binary artifacts.

Actions:

  • Create a GitHub Issue
  • Fix the issue (being developed)

Which policies to enable and which action to take are configured via config files in either an org-level repo named .allstar or files in the individual repo. This lets org owners control the main repo to manage settings.

I'll work with the org-owners to get it installed and configured with settings appropriate for the Envoy community. cc @lizan @htuch @mattklein123

jeffmendoza avatar Jul 22 '21 20:07 jeffmendoza

Thanks! Just to reiterate: as of right now these policies should be passing on envoy repos, so there shouldn't be any noise. It will alert on changes.

asraa avatar Jul 22 '21 20:07 asraa

This seems reasonable to me. @snowp?

htuch avatar Jul 23 '21 02:07 htuch

friendly ping @snowp?

asraa avatar Jul 28 '21 17:07 asraa

Already talked to @htuch on Slack about this, I'm in favor of this

snowp avatar Jul 28 '21 18:07 snowp

Awesome, sorry about that! @jeffmendoza and I can make a PR for the configuration YAML

asraa avatar Jul 28 '21 18:07 asraa

I've installed the app, please update when it's functional at your end :)

htuch avatar Jul 29 '21 03:07 htuch