Best practices for securing GitHub CI workflows - Githubissues

openedx / wg-security

A repo to keep public issues related to Security Working Group Work

1 stars 0 forks source link

Best practices for securing GitHub CI workflows #40

Open magajh opened 5 months ago

magajh commented 5 months ago

Securing GitHub CI Pipelines

from https://openedx.atlassian.net/wiki/spaces/COMM/pages/3963420755/Discovery+Document+Integrating+Security+Suites+into+GitHub+CI+for+Open+edX#Next-Steps

Obj: To safeguard GitHub CI pipelines against potential security threats.

Action Plan:

Investigation: Conduct a thorough investigation of the current GitHub CI pipelines to identify any security vulnerabilities.
Documentation: Develop a comprehensive document outlining minimum security requirements and best practices for securing GitHub CI workflows within the organization.
Tool Evaluation: Explore and evaluate (if any) tools that could improve the security of GitHub CI pipelines.

Some links that might be helpful: