Questions for use with SDL

[artiomn]

We follow a formal process (Secure Development Lifecycle) and some questions (mostly formal) need to be answered to satisfy the requirements.

Could you please clarify the following points:

• What data is logged, where and for how long are the logs stored, and what is the procedure for accessing these logs, if any?
• Is there user authentication via SSO, what other authentication methods are used besides “login” and “password” authentication, and which of them are mandatory?
• How can we view/export (in what format) the list of project participants and information about their roles in the project, and who is authorized to do this?
• How can we remove a participant from the project or change their role?
• How are passwords and secrets stored, and is it possible to store passwords in GitHub secrets or another password management system?