-
cc @open-telemetry/sig-security-maintainers
As a part of documenting and ensuring supply chain security, we would like to document and review the permissions/scopes for existing integrations.
-
### Summary
GitHub Advanced Security will provide a solution to easily roll-out GitHub Advanced Security across an organization.
Organizations will be able to create 'security configurations' which…
-
Right now, if an attacker compromises a crate author's GitHub account, they can use it to log into crates.io and get a session cookie. That cookie is signed by an HMAC key owned by crates.io, and cont…
-
Currently, we use an `ARG GITHUB_TOKEN` in the Dockerfile for cameo and cameo-solvers. **This is insecure and can expose your token!**
In order to demonstrate:
```
docker pull biosustain/cameo-so…
-
Check your accounts: http://arstechnica.com/security/2013/11/github-resets-user-passwords-following-rash-of-account-hijack-attacks/#p3
-
-
We are using Github Actions in several places:
- jamulus: Autobuild (including Releases and CodeQL)
- jamuluswebsite:
- Jekyll
- Merge between branches
We are not only using official Github…
-
Our current policy (added in https://github.com/open-telemetry/.github/pull/1) is to report security vulnerabilities to TC via encrypted email. GitHub now supports reporting vulnerabilities directly t…
-
GitHub is using the file in the repo at `./SECURITY` as the project's security policy, but that file is not really the security policy for the project. If you click on the project's Security tab and …
-
suga9 updated
6 months ago