Investigate security concerns

kitplummer / goa

GitOps Agent - continuously monitors a remote git repository against local/any change, and performs actions (e.g. executes a provided command) - given a periodicity that is defined as a time intervals [NOTE: very much pre-release at this point.]

MIT License

4 stars 0 forks source link

Investigate security concerns #80

Open kitplummer opened 2 years ago

kitplummer commented 2 years ago

and document them as known risks - e.g., running anything as root.

Also look into specifying use of deploy keys to ensure relationship between public repos and agents

kitplummer commented 2 years ago

GHA's sec scanner -> https://github.com/kitplummer/goa/security/code-scanning/40?query=ref%3Arefs%2Fheads%2Fdevelop