Adam Ross
Adam Ross
Did some more investigating, and b/142550612 indicates this limitation is not limited to private repositories afterall. Going to descope this from Public Preview for now.
The path forward as discussed in ~January: * Setup: * After Artifact Registry setup and before Cloud Run deployment, we will generate the client library code and use it as...
https://firebase.google.com/docs/auth/admin/manage-cookies#python has content aimed at CSRF protection. Is something not usable there for our use case?
Maybe this should be a nightly or weekly screening that opens an issue if we haven't configured a recommender.ignore for a particular rule?
How we handle reporting relates to what we're hoping to gain from the recommendations. I think what's important about this is work in our backlog to investigate specific recommendations, especially...
This is a future improvement, we want to complete #614 and come back to this in the future if we establish that we're accidentally over-privileging future identities.
I've disabled the conventional commit linter. I will now put together a PR for PR title conventional commit enforcement.
I did some research to refresh my memory, and I found some interesting materials. > 1. Give all user tokens API access You recommend against this. I agree. From [ID...
Follow-up to review: Should this be feature flagged and rolled out to a subset of directories to see how it works?