Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] audit repository tooling #734

Closed
8 tasks done
dashpole opened this issue Oct 9, 2023 · 2 comments · Fixed by #772
Closed
8 tasks done

[security] audit repository tooling #734

dashpole opened this issue Oct 9, 2023 · 2 comments · Fixed by #772
Assignees
@dashpole
Labels
enhancement New feature or request priority: p1

Comments

@dashpole
Copy link
Contributor

dashpole commented Oct 9, 2023
edited
Loading

Even though this repository isn't in the OTel github organization, we should still try to follow best practices used by the rest of the go community: open-telemetry/opentelemetry-go#4459.

We should look at the list of recommendations, determine what we need to change, and make updates to this repository if possible.

  • CodeQL enabled via GitHub Actions
  • Static code analysis tool (the collector uses govulncheck [https://pkg.go.dev/golang.org/x/vuln] on every build)
  • Repository security settings
    • Security Policy ✅
    • Security advisories ✅
    • Private vulnerability reporting ✅
    • Dependabot alerts ✅
    • Code scanning alerts ✅
@dashpole dashpole added enhancement New feature or request priority: p1 labels Oct 9, 2023
@aabmass
Copy link
Contributor

aabmass commented Nov 20, 2023

David to look into this next sprint

@dashpole dashpole mentioned this issue Nov 21, 2023
Merged
@dashpole
Copy link
Contributor Author

codeql is not using github actions. I need to look into that.

This was referenced Nov 21, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dashpole dashpole

Labels
enhancement New feature or request priority: p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add security policy dashpole/opentelemetry-operations-go
2 participants
@aabmass @dashpole