-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add secret scanning to SCM guide, fixes #488 #489
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
@SecurityCRob - comments? I did not try to edit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is great! looks good, just some minor corrections, and a few consistency suggestions as well
@@ -126,6 +126,7 @@ For recommendations only applicable to GitHub or GitLab visit one of the followi | |||
* Repository Should Not Allow Committer Approvals [<img src="https://user-images.githubusercontent.com/287526/230376963-ae9b8a47-4a74-4746-bc83-5b34cc520d40.svg" alt="GitLab" height="20" width="20">](gitlab/project/repository_allows_committer_approvals_policy.md) [GitLab](gitlab/project/repository_allows_committer_approvals_policy.md) | |||
* Webhook Configured Without SSL Verification [<img src="https://user-images.githubusercontent.com/287526/230376963-ae9b8a47-4a74-4746-bc83-5b34cc520d40.svg" alt="GitLab" height="20" width="20">](gitlab/project/project_webhook_doesnt_require_ssl.md) [GitLab](gitlab/project/project_webhook_doesnt_require_ssl.md) | |||
* Project Should Have Fewer Than Three Owners [<img src="https://user-images.githubusercontent.com/287526/230376963-ae9b8a47-4a74-4746-bc83-5b34cc520d40.svg" alt="GitLab" height="20" width="20">](gitlab/project/project_has_too_many_admins.md) [GitLab](gitlab/project/project_has_too_many_admins.md) | |||
* Secret Scanning Should be Enabled [<img src="https://user-images.githubusercontent.com/287526/230375178-2f1f8844-5609-4ef3-b9ac-141c20c43406.svg" alt="GitHub" height="20" width="20">](github/repository/forking_allowed_for_repository.md) [GitHub](github/repository/secret_scanning.md) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Secret Scanning Should be Enabled [<img src="https://user-images.githubusercontent.com/287526/230375178-2f1f8844-5609-4ef3-b9ac-141c20c43406.svg" alt="GitHub" height="20" width="20">](github/repository/forking_allowed_for_repository.md) [GitHub](github/repository/secret_scanning.md) | |
* Secret Scanning Should be Enabled [<img src="https://user-images.githubusercontent.com/287526/230375178-2f1f8844-5609-4ef3-b9ac-141c20c43406.svg" alt="GitHub" height="20" width="20">](github/repository/secret_scanning.md) [GitHub](github/repository/secret_scanning.md) |
fixes typo Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
better word choice Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
"quotes" Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
"quotes" Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
"quotes" Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
better word choice Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the addition. If we could get Chris' open comment resolved I think we can move this forward
I think Randall put that in place. I'm also unsure how that works. We should ask him to start. |
I think that might relate to how the Legitify was used to produce these recommendations. maybe @noamd-legit can comment on this and suggest how to add new ones? |
The best-practices.yml is generated automatically and does not require manual edits. In fact, I believe we can remove it entirely from this repository. To update the document, simply edit the markdown file. If we need to regenerate the base version, I will handle any differences that arise. |
In that case, I suggest removing the .yml file (in a separate pull request). We generally don't want generated files in the source repo. @noamd-legit - would you mind creating that PR? |
@david-a-wheeler |
No description provided.