Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allstar #22

Closed
wants to merge 5 commits into from
Closed

Allstar #22

wants to merge 5 commits into from

Conversation

EjiroLaurelD
Copy link
Contributor

Hello, my name is Laurel , an Outreachy applicant.
I have investigated what Allstar is about, it's capabilities and how it aligns with the needs of this project as indicated in the checklist in issue #12
I found out that Allstar is a Security Policy for open source projects which can help to ensure that all repositories have a security policy, scan all repos for common vulnerabilities, enforce best practices for code reviews, and require security testing for all releases. 
I have written a documentation which highlights;
How much of the checklist Allstar can cover
What items needs to be manually configured and
Proposed steps to enable Allstar across organizations.
Please let me know if i need to fix anything to make it a better contribution. Thank you

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Oct 5, 2023
edited

CLA Signed

The committers listed above are authorized under a signed CLA.

jpkrohling
jpkrohling reviewed Oct 16, 2023
View reviewed changes
Copy link
Member

@jpkrohling jpkrohling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who's the audience for this? If this is for other maintainers, the last section doesn't seem relevant. If it's for other sig-security members, it would be good to use this to document how we use allstar.

allstar.md
@@ -0,0 +1,35 @@
I have investigated what Allstar is about, it's capabilities and how it aligns with the needs of this project as inidicated in the checklist in issue #12.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This shouldn't be written in the first person.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I will fix that. Thank you for pointing it out

allstar.md
@@ -0,0 +1,35 @@
I have investigated what Allstar is about, it's capabilities and how it aligns with the needs of this project as inidicated in the checklist in issue #12.
## Allstar is a security policy engine that helps organizations automate and enforce security best practices. Allstar can be used to scan code, dependencies, andinfrastructure for vulnerabilities. Allstar can also be used to enforce best practices for code reviews, security testing, and vulnerability management.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems too verbose to be a title.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll fix that now. thank you

@codeboten codeboten mentioned this pull request Oct 23, 2023
Open
@jpkrohling
Copy link
Member

As discussed on #21, I'm closing this one.

@jpkrohling jpkrohling closed this Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpkrohling jpkrohling jpkrohling left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@EjiroLaurelD @jpkrohling