AllStar: Continuous Security Policy Enforcement for GitHub Projects(security.googleblog.com)
security.googleblog.com
AllStar: Continuous Security Policy Enforcement for GitHub Projects
https://security.googleblog.com/2021/08/allstar-continuous-security-policy.html
5 comments
this is pretty cool - can't wait to roll it out for my GitHub orgs.
disclaimer: I work for LF.
disclaimer: I work for LF.
Seems pretty silly? It has opened a bunch of issues and is harassing devs on github repos complaining about missing SECURITY.md files?
https://github.com/search?q=%22Issue+created+by+Allstar.+htt...
No judgement, but I guess this is just not the kind of hole-plugging security I'm used to.
https://github.com/search?q=%22Issue+created+by+Allstar.+htt...
No judgement, but I guess this is just not the kind of hole-plugging security I'm used to.
These GitHub orgs have explicitly opted in and configured the checks, so harassing the developers in those organizations is exactly what the org owners wanted :)
Yep. We're looking into this because Githubs org wide security controls are less than ideal.
This lets us enforce a default and track exceptions.
This lets us enforce a default and track exceptions.
tl;dr it's automation to apply rules defined in its sister project, Scorecards.