Open o-otte opened 1 year ago
regarding personal access tokens:
it should now be possible to restrict their access to certain repositories and even certain actions, like only reading issues, according to the github blog:
https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/
What's the status here?
As a SCS Developer, I want the CI Tooling to fulfill certain security aspects so that it is safe to use and can not be abused by any third parties.
The Zuul is used for our CI tooling. We need to ensure that it is configured in a way that we are able to use it securely. I.E. https://owasp.org/www-project-top-10-ci-cd-security-risks/
We should evaluate which security aspects are important for us and amend our configuration accordingly.
Definition of Ready:
Definition of Done: