broken links in OpenFGA Self Assessment markdown

cncf / tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

https://tag-security.cncf.io

Other

2.03k stars 507 forks source link

broken links in OpenFGA Self Assessment markdown #1256

Closed sunstonesecure-robert closed 3 months ago

sunstonesecure-robert commented 4 months ago

This link: https://github.com/cncf/tag-security/blob/c74d28b15f4f8ade2b71b0c29a89f177c57e57aa/assessments/projects/openfga/self-assessment.md?plain=1#L50 seems to be a 404
For the Snyk monitoring badge - the link goes to a Snyk page saying the project is missing a manifest file

aaguiarz commented 4 months ago

@lj365 can you take a look?

lj365 commented 4 months ago

The https://github.com/orgs/openfga/security/risk is only available to certain users. It's not a "true" 404, its permission issues.

For the Snyk monitoring badge, indeed, Snyk doesn't support Go as of now for public repositories (https://support.snyk.io/hc/en-us/articles/360003997277-Badge-Support-for-Repositories).

Although, it is being scanned as part of the Cloud Native Foundation Snyk Group

sunstonesecure-robert commented 4 months ago

@lj365 thanks! well at least it looks nice ;) for practical purposes - would it be possible to arrange to send a copy of the latest report out to the TSSA reviewers for review? (or to me directly and I can distribute to them) - thanks!

anvega commented 3 months ago

Looks like this is working as designed =)

Please consider either removing the link as it's not meant to be public so people don't have issues accessing it or as @sunstonesecure-robert recommended to share a copy of the contents.