guardrailsio / awesome-golang-security

Awesome Golang Security resources 🕶🔐
1.94k stars 145 forks source link

What form does guardrails.io "support" take? #6

Closed therealplato closed 5 years ago

therealplato commented 5 years ago

Hi, someone linked guardrailsio/awesome-golang-security to gophers slack #security. As I typically do when I hear of a new "security thing", I'm briefly assessing its threat model.

A couple threats I've considered here:

(Again I'm just imagining possible threats; I don't have reason to believe those or other attacks are happening; I'm not accusing the contributors or linked projects.)

I would have dropped it at this point, but these bits piqued my interest:

Supported by: [GuardRails.io](https://www.guardrails.io)

[GuardRails](https://www.guardrails.io) - A GitHub App that gives you instant security feedback in your Pull Requests.

Send me a pull request...

say _hi_ on [Twitter](https://twitter.com/pxlpnk)

@pxlpnk's linked github and twitter don't mention guardrails.io. Does guardrails.io now maintain this repo? Is there any "support" provided by guardrails.io beyond maintaining the repo? If not, consider updating the copy:

- Supported by: GuardRails.io
+ Maintained by: GuardRails.io
- Send me a pull request...
+ Submit a pull request...
- say _hi_ on [Twitter](https://twitter.com/pxlpnk)
streichsbaer commented 5 years ago

Thanks for your feedback @therealplato.

@pxlpnk was working on the first version of this specific awesome list. We have been working together on this list and have since taken over the maintenance.

@guardrailsio providing continuous security feedback for developers and as part of the R&D of our platform, we have accumulated a lot of excellent resources on many different programming languages.

As such this list is supported by GuardRails because of the countless hours of research that have been compressed into these and other application security related awesome lists.

I fully agree with you on the wording related to the pull request and removing the say hi on Twitter and will address it right away!

therealplato commented 5 years ago

Thanks for the reply and the content @streichsbaer !

streichsbaer commented 5 years ago

Thanks for the reply and the content @streichsbaer !

My pleasure, thanks for taking the time to reach out!