stream-registry icon indicating copy to clipboard operation
stream-registry copied to clipboard
verified publisher icon ExpediaGroup

Setup security scanning / dependabot

Open neoword opened this issue 5 years ago • 1 comments

Desired Behavior

Need to leverage GitHub scanning / dependabot v2. Need to have a SECURITY.md file so that contributors are aware of all KNOWN KNOWNS and KNOWN UNKNOWNS.

image

At a minimum:

  • Security Policy
  • Security Advisories
  • Dependabot Alerts
  • Code Scanning

Benefits

  • Users will have a report of clear list of actions taken on security reports issued by agencies AND
  • Contributors have a clear process on how to take action on vulnerability alerts.
  • Both Users and Contributors can TRUST the software to be as free as possible from known vulnerabilities

neoword avatar Jul 12 '20 17:07 neoword

Link #67

OneCricketeer avatar Sep 02 '20 18:09 OneCricketeer