search

microsoft / OpenHack

This repository contains Microsoft OpenHack's open source code and documentation specific to (BYOS) Bring Your Own Azure Subscription. Aka.ms/OpenHackBYOS
Creative Commons Attribution 4.0 International
223 stars 230 forks source link

SCI Hack Azure ARM template references questionable repo #136

Open larryclaman opened 1 year ago

larryclaman commented 1 year ago

In reviewing the ARM template to deploy the azure environment for the SCI OpenHack, there is a call to a "random" github repo seen at line 630:

https://github.com/microsoft/OpenHack/blob/1967ccb36e05897fc5ac98bc2e888b61f31db5db/byos/sci/scripts/azure-deploy-scioh-env.json#L630

Why is this script being pulled from the repo https://github.com/LODSContent/Tom-Demo ? Seems like it should corrected to reference the script in this repo, eg https://raw.githubusercontent.com/microsoft/OpenHack/main/byos/sci/scripts/scripts/ohinstall.ps1

larryclaman commented 1 year ago

@dwnatwick , any thoughts? I think you were the last to edit this file.

larryclaman commented 1 year ago

I created PR #138 if someone from the OpenHack teams wants to review/approve.

larryclaman commented 1 year ago

Ping @jileary23 as the last person to modify the repo.

I think this could be considered a security issue.