I'd like to install Allstar https://github.com/ossf/allstar https://github.com/apps/allstar-app on this repo as a trail for eventually enabling on all envoyproxy org repos.

Allstar checks repos for violations against configured security policies, and takes actions when out of compliance:

Policies:

• Branch Protection settings
• SECURITY.md present
• No non-org Admins (outside collaborators)
• No binary artifacts.

Actions:

• Create a GitHub Issue
• Fix the issue (being developed)

Which policies to enable and which action to take are configured via config files in either an org-level repo named .allstar or files in the individual repo. This lets org owners control the main repo to manage settings.

I'll work with the org-owners to get it installed and configured with settings appropriate for the Envoy community.
cc @lizan @htuch @mattklein123

Thanks! Just to reiterate: as of right now these policies should be passing on envoy repos, so there shouldn't be any noise. It will alert on changes.

This seems reasonable to me. @snowp?

friendly ping @snowp?

Already talked to @htuch on Slack about this, I'm in favor of this

Awesome, sorry about that! @jeffmendoza and I can make a PR for the configuration YAML

I've installed the app, please update when it's functional at your end :)