Add secret scanning to SCM guide, fixes #488 #489
Conversation
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
|
@SecurityCRob - comments? I did not try to edit |
| @@ -126,6 +126,7 @@ For recommendations only applicable to GitHub or GitLab visit one of the followi | |||
| * Repository Should Not Allow Committer Approvals [<img src="https://user-images.githubusercontent.com/287526/230376963-ae9b8a47-4a74-4746-bc83-5b34cc520d40.svg" alt="GitLab" height="20" width="20">](gitlab/project/repository_allows_committer_approvals_policy.md) [GitLab](gitlab/project/repository_allows_committer_approvals_policy.md) | |||
| * Webhook Configured Without SSL Verification [<img src="https://user-images.githubusercontent.com/287526/230376963-ae9b8a47-4a74-4746-bc83-5b34cc520d40.svg" alt="GitLab" height="20" width="20">](gitlab/project/project_webhook_doesnt_require_ssl.md) [GitLab](gitlab/project/project_webhook_doesnt_require_ssl.md) | |||
| * Project Should Have Fewer Than Three Owners [<img src="https://user-images.githubusercontent.com/287526/230376963-ae9b8a47-4a74-4746-bc83-5b34cc520d40.svg" alt="GitLab" height="20" width="20">](gitlab/project/project_has_too_many_admins.md) [GitLab](gitlab/project/project_has_too_many_admins.md) | |||
| * Secret Scanning Should be Enabled [<img src="https://user-images.githubusercontent.com/287526/230375178-2f1f8844-5609-4ef3-b9ac-141c20c43406.svg" alt="GitHub" height="20" width="20">](github/repository/forking_allowed_for_repository.md) [GitHub](github/repository/secret_scanning.md) | |||
There was a problem hiding this comment.
| * Secret Scanning Should be Enabled [<img src="https://user-images.githubusercontent.com/287526/230375178-2f1f8844-5609-4ef3-b9ac-141c20c43406.svg" alt="GitHub" height="20" width="20">](github/repository/forking_allowed_for_repository.md) [GitHub](github/repository/secret_scanning.md) | |
| * Secret Scanning Should be Enabled [<img src="https://user-images.githubusercontent.com/287526/230375178-2f1f8844-5609-4ef3-b9ac-141c20c43406.svg" alt="GitHub" height="20" width="20">](github/repository/secret_scanning.md) [GitHub](github/repository/secret_scanning.md) |
fixes typo Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
better word choice Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
"quotes" Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
"quotes" Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
"quotes" Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
better word choice Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
I think Randall put that in place. I'm also unsure how that works. We should ask him to start. |
I think that might relate to how the Legitify was used to produce these recommendations. maybe @noamd-legit can comment on this and suggest how to add new ones? |
|
The best-practices.yml is generated automatically and does not require manual edits. In fact, I believe we can remove it entirely from this repository. To update the document, simply edit the markdown file. If we need to regenerate the base version, I will handle any differences that arise. |
|
In that case, I suggest removing the .yml file (in a separate pull request). We generally don't want generated files in the source repo. @noamd-legit - would you mind creating that PR? |
|
@david-a-wheeler |
No description provided.