Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / open-telemetry/sig-security issues and pull requests

#74 - Proposal: Use harden-runner in jobs using OPENTELEMETRYBOT_GITHUB_TOKEN

Issue - State: open - Opened by pellared over 1 year ago - 6 comments

#72 - Code Signing and OpenTelemetry Clarification

Issue - State: closed - Opened by austinlparker 17 days ago - 3 comments

#71 - [security] audit repository tooling

Issue - State: open - Opened by EjiroLaurelD 11 months ago - 2 comments

#70 - Add note about fix lead

Pull Request - State: closed - Opened by jpkrohling 20 days ago

#69 - Add guidance on pinning GitHub Actions and container images

Issue - State: open - Opened by pellared 2 months ago - 8 comments

#68 - [chore] add a note about slack channel

Pull Request - State: closed - Opened by codeboten 23 days ago

#67 - initial draft of security contact list

Pull Request - State: closed - Opened by codeboten 23 days ago

#66 - feat: add recommendations around container images

Pull Request - State: closed - Opened by jpkrohling about 1 month ago - 2 comments

#65 - Create a recommendation for docker images to not use root user

Issue - State: closed - Opened by jsuereth about 1 month ago

#62 - Describe coordination process between different SIGs for vulnerabilities

Issue - State: closed - Opened by mx-psi about 1 month ago - 1 comment

#61 - Process for who should be notified and how prior to public CVE disclosure

Issue - State: closed - Opened by mx-psi about 1 month ago - 7 comments

#60 - Define who is part of the Fix Team

Issue - State: closed - Opened by mx-psi about 1 month ago

#59 - Improve "Community Incident Response Guidelines"

Issue - State: open - Opened by mx-psi about 1 month ago

#58 - Prevent supply chain attacks in open-telemetry repositories

Issue - State: open - Opened by marcalff about 2 months ago - 2 comments

#56 - Threat modeling for OTel components

Issue - State: open - Opened by codeboten 2 months ago - 3 comments

#55 - Propose recommendation around fuzzing

Issue - State: open - Opened by codeboten 2 months ago - 2 comments

#54 - Add recommendation about sigstore

Pull Request - State: open - Opened by jpkrohling 2 months ago - 2 comments

#53 - What should we do with the sigstore files?

Issue - State: open - Opened by ocelotl 3 months ago - 3 comments
Labels: code signing

#52 - Add Snyk to tools

Pull Request - State: closed - Opened by jpkrohling 3 months ago

#51 - SIG meeting time and frequency

Pull Request - State: closed - Opened by jpkrohling 3 months ago - 2 comments

#50 - Remove CSV builder, adds description about the tool

Pull Request - State: closed - Opened by jpkrohling 3 months ago

#49 - Move to emeritus

Pull Request - State: closed - Opened by cartersocha 3 months ago

#48 - Guidance on signing artifacts in language SDKs

Issue - State: closed - Opened by martinkuba 3 months ago - 4 comments
Labels: code signing

#47 - Looking for advice on signing artifacts for Weaver / semantic conventions

Issue - State: open - Opened by jsuereth 4 months ago - 3 comments
Labels: code signing

#46 - Download URLs for opentelemetry artifacts with scarf.sh

Issue - State: closed - Opened by svrnm 7 months ago - 1 comment

#45 - Monitor transparency log for signed artifacts

Issue - State: open - Opened by jpkrohling 8 months ago

#44 - Update CODEOWNERS

Pull Request - State: closed - Opened by bogdandrutu 8 months ago

#43 - Create CODEOWNERS

Pull Request - State: closed - Opened by bogdandrutu 8 months ago - 1 comment

#42 - minorly update incident response flow

Pull Request - State: closed - Opened by cartersocha 10 months ago

#41 - Output a valid JSON array for CVE feed

Pull Request - State: closed - Opened by martinkuba 10 months ago

#40 - List of SBOMs across SIGs

Issue - State: open - Opened by jpkrohling 10 months ago
Labels: good first issue

#39 - Find out which SBOM format is being used in other CNCF projects

Issue - State: closed - Opened by ocelotl 10 months ago - 1 comment

#38 - Update learning-sessions.md

Pull Request - State: closed - Opened by codeboten 10 months ago

#37 - Update learning-sessions.md

Pull Request - State: closed - Opened by codeboten 10 months ago

#36 - add published json file to populate cvee feed on the website

Pull Request - State: closed - Opened by cartersocha 10 months ago - 2 comments

#35 - add learning-sessions document

Pull Request - State: closed - Opened by codeboten 10 months ago - 1 comment

#34 - Add learning sessions document

Issue - State: closed - Opened by codeboten 10 months ago - 1 comment

#33 - Enabling SBOM across repositories

Issue - State: open - Opened by codeboten 10 months ago - 9 comments
Labels: sbom

#32 - Configure Renovate

Pull Request - State: closed - Opened by renovate[bot] 10 months ago - 1 comment

#31 - SIG meeting time and frequency

Issue - State: closed - Opened by codeboten 11 months ago - 4 comments

#30 - Allstar review for outreachy

Pull Request - State: closed - Opened by Twhite2 11 months ago - 3 comments

#29 - allstar usecase(#21)

Pull Request - State: closed - Opened by EjiroLaurelD 11 months ago - 5 comments

#28 - sig-security\#10.md

Pull Request - State: closed - Opened by oly-baby 12 months ago - 2 comments

#27 - Sig security/#14

Pull Request - State: closed - Opened by oly-baby 12 months ago

#26 - Create Conduct CNCF self audit of OTel #11.md

Pull Request - State: closed - Opened by oly-baby 12 months ago

#25 - Create Investigate Allstar for monitoring organization-wide policies

Pull Request - State: closed - Opened by oly-baby 12 months ago - 1 comment

#24 - Issues contributor

Pull Request - State: closed - Opened by oly-baby 12 months ago - 5 comments

#23 - Bind localhost

Pull Request - State: closed - Opened by EjiroLaurelD 12 months ago

#22 - Allstar

Pull Request - State: closed - Opened by EjiroLaurelD 12 months ago - 2 comments

#21 - Investigate Allstar for monitoring organization-wide policies

Issue - State: open - Opened by codeboten 12 months ago - 10 comments

#20 - document recommendation for codeQL

Pull Request - State: closed - Opened by codeboten 12 months ago

#19 - Add recommendation around binding to network interfaces

Issue - State: closed - Opened by codeboten 12 months ago - 5 comments
Labels: good first issue

#18 - Updated security response guidance

Pull Request - State: closed - Opened by cartersocha about 1 year ago

#17 - Update response guidance

Pull Request - State: closed - Opened by cartersocha about 1 year ago - 1 comment

#16 - Security response doc

Pull Request - State: closed - Opened by cartersocha about 1 year ago

#15 - Add recommendation around CodeQL

Issue - State: closed - Opened by codeboten about 1 year ago - 1 comment

#14 - Where to publish Java signing pubkey?

Issue - State: open - Opened by breedx-splk about 1 year ago - 11 comments
Labels: code signing

#13 - Document community tooling and repo processes

Issue - State: closed - Opened by cartersocha about 1 year ago - 1 comment

#12 - Audit repositories for security tools

Issue - State: open - Opened by codeboten about 1 year ago - 15 comments

#11 - Conduct CNCF self audit of OTel

Issue - State: closed - Opened by cartersocha about 1 year ago - 2 comments

#10 - Investigate code signing

Issue - State: open - Opened by codeboten about 1 year ago - 4 comments
Labels: code signing

#9 - Start certificate signing of project components

Issue - State: closed - Opened by cartersocha about 1 year ago

#8 - Create CVEE disclosure on OTel website

Issue - State: closed - Opened by cartersocha about 1 year ago - 3 comments

#7 - Automate maintainer assignment when incident is created

Issue - State: open - Opened by cartersocha about 1 year ago

#6 - Automate TC incident notification

Issue - State: closed - Opened by cartersocha about 1 year ago - 1 comment

#5 - Create LICENSE

Pull Request - State: closed - Opened by codeboten about 1 year ago

#4 - add contributing doc

Pull Request - State: closed - Opened by codeboten about 1 year ago

#3 - Add charter

Pull Request - State: closed - Opened by cartersocha about 1 year ago - 1 comment

#2 - add initial readme info

Pull Request - State: closed - Opened by cartersocha about 1 year ago - 2 comments

#1 - additional details to the readme

Pull Request - State: closed - Opened by codeboten about 1 year ago - 4 comments