Install Security Policy App: Allstar
jeffmendoza opened this issue · comments
I'd like to install Allstar https://github.com/ossf/allstar https://github.com/apps/allstar-app on this repo as a trail for eventually enabling on all envoyproxy org repos.
Allstar checks repos for violations against configured security policies, and takes actions when out of compliance:
Policies:
- Branch Protection settings
- SECURITY.md present
- No non-org Admins (outside collaborators)
- No binary artifacts.
Actions:
- Create a GitHub Issue
- Fix the issue (being developed)
Which policies to enable and which action to take are configured via config files in either an org-level repo named .allstar
or files in the individual repo. This lets org owners control the main repo to manage settings.
I'll work with the org-owners to get it installed and configured with settings appropriate for the Envoy community.
cc @lizan @htuch @mattklein123
Thanks! Just to reiterate: as of right now these policies should be passing on envoy repos, so there shouldn't be any noise. It will alert on changes.
Already talked to @htuch on Slack about this, I'm in favor of this
Awesome, sorry about that! @jeffmendoza and I can make a PR for the configuration YAML
I've installed the app, please update when it's functional at your end :)