patrickceg
commented
6 years ago Any ideas on where to track security issues? (I'm not sure if you can make Github issues private to contributors only or similar?)
Open jacobcode91 opened 6 years ago
patrickceg
commented
6 years ago Any ideas on where to track security issues? (I'm not sure if you can make Github issues private to contributors only or similar?)
jacobcode91
commented
6 years ago I don't think we can make them private without a paid account. Not to sound like an evangelist but GitLab allows for more access control features with its free account than GitHub. So we could keep the repo open there, have private issues, and automated build/deploy pipelines modifiable only by specified accounts.
patrickceg
commented
6 years ago I use Git with the command line so switching to any other Git platform (Gitlab, Atlassian Bitbucket, whatever else comes out next week) won't affect my workflow as long as it follows the Gitlab protocol 😄
I believe @tasdamen was looking at a staging and deployment so we can consult if moving this repo over to Gitlab makes more sense. ...after I struggle together this (edit-unrelated to this project) VPN connection I'm working on I'll start playing around with Gitlab to see if it also handles the automated test stuff in issue #7 as well.
patrickceg
commented
6 years ago I just checked and Gitlab does allow confidential issues for security items. It also allows pointing their CI engine at a Github repository which I'll try for task #7
A security audit needs to be ran for penetration testing and then hardening performed for any vulnerabilities found.