Closed EjiroLaurelD closed 3 months ago
EjiroLaurelD
commented
11 months ago I think the file name should be just
recommendation-allstar.md.@cartersocha, @codeboten, I'm missing some context for this PR. Do we need this here at all? Or do we need a doc describing our specific allstar setup?
Hello @jpkrohling @cartersocha @codeboten Any update on this please?
jpkrohling
commented
11 months ago Sorry, but after reviewing #21 again, I don't think it was meant to be an entry on the recommendations. From @codeboten's message on that issue:
Allstar was proposed as a way to achieve consistency across the repositories in the org with regards to security policy. This issue is to:
- determine how much of the checklist allstar can cover
- what items on the checklist above still need to be manually configured in individual repositories
- propose the steps needed to enable allstar across the organization and open issues in the appropriate repositories
- document the usage of allstar in the security sig repository
EjiroLaurelD
commented
11 months ago Sorry, but after reviewing #21 again, I don't think it was meant to be an entry on the recommendations. From @codeboten's message on that issue:
Allstar was proposed as a way to achieve consistency across the repositories in the org with regards to security policy. This issue is to:
- determine how much of the checklist allstar can cover
- what items on the checklist above still need to be manually configured in individual repositories
- propose the steps needed to enable allstar across the organization and open issues in the appropriate repositories
- document the usage of allstar in the security sig repository
Okay, this is my progress on this so far; I have determined what Allstar can cover using the checklist that was provided, the steps to enable allstar has also been proposed using the quick start (I did a test run on my github to be sure how it works). I recently created issues on some repositories using the checklist checking and confirming from maintainers what is enabled on the repo. I am still a bit unclear as to where to document the usage of allstar on the security sig repo.
codeboten
commented
11 months ago Thanks for the work @EjiroLaurelD, I think the details you've captured here in this PR could be added to the original issue in a comment or as @jpkrohling in a separate google doc.
Can this other PR be closed in favour of this current one?
EjiroLaurelD
commented
11 months ago Thanks for the work @EjiroLaurelD, I think the details you've captured here in this PR could be added to the original issue in a comment or as @jpkrohling in a separate google doc.
Okay thank you, I will add my progress detail as a comment on the parent issue.
Can this other PR be closed in favour of this current one?
Yes please, we can close this PR.
Hello @jpkrohling I have made the recommend changes to my initial pr and also created a new branch. I wrote the document to outline how SIG security members use Allstar. Please let me know your thoughts on it. Thank you for your time