mturilli
commented
2 years ago Sec committee is happy but tests need to be reviewed every time the test changes. They review the tests' output to check whether the test prints out sensitive information.
- We can use stable releases and tag them for approval by LLNL.
- Should we aggregate tests under a single 'reporter', printing only pass/fail for each test? Most agree that this is a good idea. Add a mode in configuration so to upload only the fail/pass state for each test.
We want to track results from our CI jobs running on llnl machines. Getting the results outside of the llnl bubble requires additional approval from security folks, so we need to create a proposal highlighting exactly what data we need and how we plan to transmit for our testing dashboard.