-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Policy violation Outside Collaborators #173
Comments
Updating issue after ping interval, status: |
7 similar comments
Updating issue after ping interval, status: |
Updating issue after ping interval, status: |
Updating issue after ping interval, status: |
Updating issue after ping interval, status: |
Updating issue after ping interval, status: |
Updating issue after ping interval, status: |
Updating issue after ping interval, status: |
What can we do about it? Why isn't this issue actionable? @snowp can you help? (pinging you because the PR was merged by you) |
Updating issue after ping interval, status: |
@jeffmendoza Can you advise here? The description isn't super clear It might also be good to increase the ping interval, this is a bit spammy as is |
The idea here is that outside collaborators (non-org members) shouldn't be administrators on repos. Either they should be part of the org, or only have push access. Administrators can change security related settings like branch protection. |
@alyssawilk @mattklein123 Can either of you check up on this? I don't think I have the visibility into the repo settings. Maybe there is some bot with admin access? |
I think I fixed it. If there are any follow on permissions issues please let me know. |
In compliance, closing. |
Reopening issue. Status: To add an administrator From the main page of the repository, go to Settings -> Manage Access. Alternately, if this repository does not have any maintainers, archive or delete it. |
Updating issue after ping interval. Status: To add an administrator From the main page of the repository, go to Settings -> Manage Access. Alternately, if this repository does not have any maintainers, archive or delete it. |
@mattklein123 This is a new policy, can you check that it is working correctly? Are there any users or groups assigned to this repo with "admin" permissions? Thanks! |
Updating issue after ping interval. Status: To add an administrator From the main page of the repository, go to Settings -> Manage Access. Alternately, if this repository does not have any maintainers, archive or delete it. |
1 similar comment
Updating issue after ping interval. Status: To add an administrator From the main page of the repository, go to Settings -> Manage Access. Alternately, if this repository does not have any maintainers, archive or delete it. |
I made a change which will hopefully fix this. |
Reopening issue. Status: To add an administrator From the main page of the repository, go to Settings -> Manage Access. Alternately, if this repository does not have any maintainers, archive or delete it. |
Policy is now in compliance. Closing issue. |
Security Policy Outside Collaborators is out of compliance, status:
Found 1 outside collaborators with admin access.
Issue created by Allstar. https://github.com/ossf/allstar
The text was updated successfully, but these errors were encountered: