andyblundell
andyblundell
Ah is there a timeout setting on this action - it does throw a few false negatives, which are a nuisance
This PR is a rewrite of the notes on securing GitHub repos: this is moving from guidance to requirements
One of the teams is trying this now
Should probably be referenced in the resilience section, the outsource-from-the-bottom-up section, and the CI section
Hi @walteck defo agree this is a really good thing to include. I think the section on secrets mentions data too, so there might be some joining up to do...
We probably want deploy-to-prod pipelines to fail if any RETIRED or PROPOSED technologies are involved. But not for deploy-to-dev (fair enough to be using something PROPOSED at that point). Need...
> > We probably want deploy-to-prod pipelines to fail if any RETIRED or PROPOSED technologies are involved. But not for deploy-to-dev (fair enough to be using something PROPOSED at that...
Closing this as out of date
Also - internal certs that can be auto-renewed should be auto-renewed, e.g. via https://aws.amazon.com/certificate-manager/
Note: the big cloud vendors use this term, for example https://docs.microsoft.com/en-us/dotnet/architecture/cloud-native/definition