open-telemetry / opentelemetry-collector-releases

OpenTelemetry Collector Official Releases
https://opentelemetry.io
Apache License 2.0
251 stars 161 forks source link

[security] audit repository tooling #418

Open EjiroLaurelD opened 1 year ago

EjiroLaurelD commented 1 year ago

Hello, The Security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:

Parent issue: https://github.com/open-telemetry/sig-security/issues/12

atoulme commented 1 year ago

This repository doesn't use dependabot as dependencies are managed directly via the release process. Static code analysis tool -> the repository uses shellcheck.