Jeff Mendoza
Jeff Mendoza
I'd like to install Allstar https://github.com/ossf/allstar https://github.com/apps/allstar-app on this repo as a trail for eventually enabling on all envoyproxy org repos. Allstar checks repos for violations against configured security policies,...
Feature request: in a similar vein as #1815 Scorecard Binary Artifacts should allow signed files. See below --- [@randomascii](https://github.com/randomascii) commented [23 minutes ago](https://github.com/ossf/allstar/issues/243#issue-1320110808) My github project necessarily contains five binary...
We got a report that when a repo is moved/added to an org, Allstar is not scanning it immediately. On each Enforce loop we request the list of repos from...
GitHub has two defaults for permissions of Actions workflows (if the workflow yaml does not specify permissions)  [Details here](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) see the "permissive" and "restricted"...
Allstar is most easily used by [installing the app](https://github.com/apps/allstar-app) However, it is also intended to be able to be run separately if desired, [as described here](https://github.com/ossf/allstar/blob/main/operator.md). Those wanting to run...
Currently the GitHub issue code is only triggered when: - Allstar is enabled - The policy is enabled - The policy action is `issue`. At that point. Allstar will ensure...
Hi Folks, @brianrussell2 @olivekl and I are trying to gather feedback on Allstar. Are you using it, is it working for you, etc. We put together a form to gather...
This proposal is for a feature that is a bit beyond the current scope of Allstar currently. Please chime in if you would like to see this in Allstar. ##...
As originally described in the [README](https://github.com/ossf/allstar/blob/main/README.md#actions): > `rpc`: Allstar would send an rpc to some organization-specific system. This proposal is for a new action (in addition to the current `log`/`issue`/`fix`)...
This is a rough draft for discussion. We can also adapt this to Scorecards with minor changes, then share a generalized version at the foundation level. | Name | Pre-reqs:...