Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Required] Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.) #150

Open
2 tasks done
avishnu opened this issue Nov 27, 2024 · 2 comments
Open
2 tasks done

[Required] Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.) #150

avishnu opened this issue Nov 27, 2024 · 2 comments
Assignees
@avishnu
Labels
Incubation-partial-compliance Incubation criteria partially complied
Milestone
Security

Comments

@avishnu
Copy link
Member

avishnu commented Nov 27, 2024
edited
Loading

  • Enable 2-factor authentication at the org level. Assess the impact on the bot users.
  • Evaluate the OpenEBS people list, remove the inactive members from the project.
@avishnu avishnu added this to the Security milestone Nov 27, 2024
@avishnu avishnu changed the title Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.) [Required] Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.) Nov 27, 2024
@avishnu avishnu added the Incubation-partial-compliance Incubation criteria partially complied label Dec 9, 2024
@avishnu avishnu self-assigned this Dec 11, 2024
@avishnu
Copy link
Member Author

avishnu commented Dec 12, 2024
edited
Loading

Sample responses from other projects:

  • All project maintainers use a two factor authentication
  • Two factor authentication is enforced.
  • As previously documented above, our repo uses GitHub teams and CODEOWNERS files to enforce merge and commit privileges. Because the project is on GitHub, 2FA is mandatory and enabled
  • As a Github hosted project, we rely on the Github authentication mechanisms. Most of the maintainers use two factor authentication and sign commits and tags with GPG keys

@avishnu avishnu moved this to In Progress in OpenEBS Incubation in CNCF Dec 12, 2024
@avishnu
Copy link
Member Author

avishnu commented Jan 17, 2025
edited
Loading

Our response:
OpenEBS code is hosted in GitHub and uses GitHub teams for controlling access to the various repositories. We have also enabled 2FA at the org level, which enforces Two Factor Authentication for all the org members. The org membership is periodically reviewed and kept relevant.

@avishnu avishnu moved this from In Progress to Done in OpenEBS Incubation in CNCF Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@avishnu avishnu

Labels
Incubation-partial-compliance Incubation criteria partially complied
Projects
OpenEBS Incubation in CNCF
Status: Done
Milestone
Security
Development

No branches or pull requests
1 participant
@avishnu