Secure-by-default templates

step-security / secure-repo

Orchestrate GitHub Actions Security

https://app.stepsecurity.io

GNU Affero General Public License v3.0

254 stars 41 forks source link

Open varunsh-coder opened 1 year ago

varunsh-coder commented 1 year ago

In addition to fixing GitHub Actions workflows and Dockerfiles, we should also plan to show secure-by-default templates for common scenarios.

[ ] GitHub Actions for publishing scenarios that use OIDC, minimum token-permissions etc
[ ] Dockerfiles for common scenarios with security best practices implemented
[ ] OpenSSF SLSA Generator, recently released npm provenance generator

We can expand to secure-by-default templates for other as code files, Terraform/ CloudFormation etc in the future.

varunsh-coder commented 1 year ago

We could also auto-generate reusable workflows based on an organization's current workflows.