-
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**…
-
### Component
_No response_
### Is your feature request related to a problem? Please describe
Hi, I am Joyce from Google and I'm working on behalf of the [Open Source Security Foundation][ossf] to …
-
Hi, I'd like to suggest the ffms2 project to hash pin the actions on GitHub workflows. It seems that only the actions/checkout@v2 would be affected. Although it is a GitHub-owned Action, it is still a…
-
*Title*: *Add Ittapi as external dependency*
*Description*:
Creating an issue in accordance with https://github.com/envoyproxy/envoy/blob/main/DEPENDENCY_POLICY.md#new-external-dependencies to add…
-
Might need to triage this article, and potentially add impersonating well-known package authors as another threat that should be included in our list. And evaluate if a net-new requirement should be a…
-
Hi I'm Joyce from Google and I'm working on helping many open source projects on improving their supply chain security posture.
## Description
I would like to suggest a security practice recomme…
-
Hi!
I'm here to suggest the definition of minimal permissions on your workflows, as it would harden your security agains supply-chain attacks.
The idea is to update your workflows to set top-le…
-
## Time
**UTC Thu 12-Oct-2023 14:00 (02:00 PM)**:
| Timezone | Date/Time |
|---------------|-----------------------|
| US / Pacific | Thu 12-Oct-2023 07:00 (07:00 AM) |
| US / Mou…
-
Hi!
I'm here to suggest that you set minimal permissions to your GitHub Workflow, because currently it doesn't specify the permissions for their jobs and their privileges are being determined by Gi…
-
Opening this to ask if there's a contributor ladder defined for this project.
Here's an example: https://github.com/kubernetes/community/blob/master/community-membership.md
Subtext: I'd be happy t…