Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable draft GHSAs #12745

Closed
terrytangyuan opened this issue Mar 5, 2024 · 3 comments · Fixed by #12747
Closed

Enable draft GHSAs #12745

terrytangyuan opened this issue Mar 5, 2024 · 3 comments · Fixed by #12747
Assignees
@terrytangyuan
Labels
area/contributing Contributing docs, ownership, etc. Also devtools like devcontainer and Nix type/feature Feature request type/security Security related

Comments

@terrytangyuan
Copy link
Member

https://github.com/argoproj/argo-cd/blob/a4b50515381bad9d6db316d49d33efae351c6222/SECURITY.md?plain=1#L68
@terrytangyuan terrytangyuan added the type/feature Feature request label Mar 5, 2024
@terrytangyuan terrytangyuan self-assigned this Mar 5, 2024
@agilgur5 agilgur5 changed the title Enable draft GHSA Enable draft GHSAs Mar 6, 2024
@agilgur5
Copy link
Member

agilgur5 commented Mar 6, 2024
edited
Loading

Noting that this is from today's Contributor Meeting, quoted from me, which itself was a follow-up from the SIG Security meeting last week.

To close this out:

  1. Enable draft GHSAs on the repo, use the same template as CD
    • this requires a repo admin (I do not have permissions to do this, which is why I brought it up)
  2. Add a link to create draft GHSAs to the SECURITY.md, same as the CD link above
  3. Add any folks who need access to relevant GHSAs
    • this could be manual per GHSA if desired; CD has given permissions to security folks like Jann and Crenshaw (who are also Approvers)

@agilgur5 agilgur5 added type/security Security related area/contributing Contributing docs, ownership, etc. Also devtools like devcontainer and Nix labels Mar 6, 2024
@agilgur5 agilgur5 mentioned this issue Mar 6, 2024
Merged
@terrytangyuan
Copy link
Member Author

enabled

@agilgur5
Copy link
Member

agilgur5 commented Apr 4, 2024

Thanks Terry, can you also review the security docs changes in #12747 now that it is enabled?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@terrytangyuan terrytangyuan

Labels
area/contributing Contributing docs, ownership, etc. Also devtools like devcontainer and Nix type/feature Feature request type/security Security related
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs(security): add Draft GHSA option agilgur5/argo-workflows
2 participants
@terrytangyuan @agilgur5