-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[security] audit repository tooling #236
Comments
@bjandras Please confirm if the dependabot alerts & scanning alerts are enabled for the repository. I do see trivy checks in the actions so I guess we can mark-out the static code analysis tool, I will raise a PR for codeQL check. Please let me know if the plan of action seems correct. |
\assign |
68 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue you're reporting
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:
Parent issue: open-telemetry/sig-security#12
The text was updated successfully, but these errors were encountered: