Closed davidkelliott closed 1 year ago
We should stop using this 3rd party Slack bot - https://github.com/ministryofjustice/modernisation-platform/issues/2217
Checked for injection script vulnerabilities in our main repos, none found
Preventing GitHub Actions from creating or approving pull requests - not enabling as we have proper PR review oversight
Fork pull request workflows from outside collaborators - changed from first time to all, any users contributing should be in the org or have permissions to push.
Use OSSF scanning - https://github.com/ministryofjustice/modernisation-platform/pull/2628
User Story
Security review of our github actions to ensure they are still secure.
Wider conversation with the team to raise any concerns.
User Type(s)
Value
Questions / Assumptions / Hypothesis
Definition of done
Reference
How to write good user stories