GitHub App to validate security settings
23 views
Skip to first unread message
Jeff Mendoza
May 19, 2021, 12:18:35 PM5/19/21
to wg-securing-cr...@googlegroups.com
Hello ossf/wg-securing-critical-projects,
During tomorrow’s meeting I’d like to demonstrate a GitHub App that
I’ve built a prototype of: “Allstar.” The purpose of the app is for
org owners to install it and set up security policy expectations in
the app’s configuration for GitHub repos in the org. The org owners
can configure actions to take upon compliance violation, for example:
create a GitHub issue, send an email, or simply correct the violation
in the repo settings. Policies are meant to be highly configurable and
easy to author, so we can accept contributions. Some initial policies
may be, branch protection, SECURITY.md expectations, allowed GitHub
Actions, etc. By using the app, repo and org owners can ensure they
will achieve all-star ratings on scorecard. =)
Thanks,
Jeff
During tomorrow’s meeting I’d like to demonstrate a GitHub App that
I’ve built a prototype of: “Allstar.” The purpose of the app is for
org owners to install it and set up security policy expectations in
the app’s configuration for GitHub repos in the org. The org owners
can configure actions to take upon compliance violation, for example:
create a GitHub issue, send an email, or simply correct the violation
in the repo settings. Policies are meant to be highly configurable and
easy to author, so we can accept contributions. Some initial policies
may be, branch protection, SECURITY.md expectations, allowed GitHub
Actions, etc. By using the app, repo and org owners can ensure they
will achieve all-star ratings on scorecard. =)
Thanks,
Jeff
Reply all
Reply to author
Forward
0 new messages