You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:
@brettmc Please confirm if the dependabot alerts & scanning alerts are present. I don't see CodeQL configured & any vulnerability static checker configured in CI, do you mind if I take over the tasks of adding codeQL & Staticcode checker for php?
Hi @sakshi-1505 it's all yours to see what you can do.
We have a few static code analysis tools already running as part of CI: psalm, phan, phpstan. You should check whether those already provide adequate security scanning, and by all means go and research other options to see if any can provide additional value.
It doesn't look like CodeQL supports PHP yet, so that's a non-starter.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:
Parent issue: open-telemetry/sig-security#12
The text was updated successfully, but these errors were encountered: