Open sakshi-1505 opened 12 months ago
@bjandras Please confirm if the dependabot alerts & scanning alerts are enabled for the repository. I do see trivy checks in the actions so I guess we can mark-out the static code analysis tool, I will raise a PR for codeQL check. Please let me know if the plan of action seems correct.
\assign
Describe the issue you're reporting
The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:
Parent issue: https://github.com/open-telemetry/sig-security/issues/12