Jeff Mendoza
unread,May 19, 2021, 12:18:35 PM5/19/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to wg-securing-cr...@googlegroups.com
Hello ossf/wg-securing-critical-projects,
During tomorrow’s meeting I’d like to demonstrate a GitHub App that
I’ve built a prototype of: “Allstar.” The purpose of the app is for
org owners to install it and set up security policy expectations in
the app’s configuration for GitHub repos in the org. The org owners
can configure actions to take upon compliance violation, for example:
create a GitHub issue, send an email, or simply correct the violation
in the repo settings. Policies are meant to be highly configurable and
easy to author, so we can accept contributions. Some initial policies
may be, branch protection, SECURITY.md expectations, allowed GitHub
Actions, etc. By using the app, repo and org owners can ensure they
will achieve all-star ratings on scorecard. =)
Thanks,
Jeff