Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / open-telemetry/sig-security issues and pull requests
#74 - Proposal: Use harden-runner in jobs using OPENTELEMETRYBOT_GITHUB_TOKEN
Issue -
State: open - Opened by pellared over 1 year ago
- 6 comments
#73 - Recommendations about setting users in the container images
Issue -
State: open - Opened by jpkrohling 13 days ago
#72 - Code Signing and OpenTelemetry Clarification
Issue -
State: closed - Opened by austinlparker 17 days ago
- 3 comments
#71 - [security] audit repository tooling
Issue -
State: open - Opened by EjiroLaurelD 11 months ago
- 2 comments
#70 - Add note about fix lead
Pull Request -
State: closed - Opened by jpkrohling 20 days ago
#69 - Add guidance on pinning GitHub Actions and container images
Issue -
State: open - Opened by pellared 2 months ago
- 8 comments
#68 - [chore] add a note about slack channel
Pull Request -
State: closed - Opened by codeboten 23 days ago
#67 - initial draft of security contact list
Pull Request -
State: closed - Opened by codeboten 23 days ago
#66 - feat: add recommendations around container images
Pull Request -
State: closed - Opened by jpkrohling about 1 month ago
- 2 comments
#65 - Create a recommendation for docker images to not use root user
Issue -
State: closed - Opened by jsuereth about 1 month ago
#64 - Create dependabot/rennovate requirement for docker images (and applicable package systems)
Issue -
State: closed - Opened by jsuereth about 1 month ago
#63 - Define communications strategy (blog posts, social media posts...) after a CVE is released
Issue -
State: open - Opened by mx-psi about 1 month ago
- 1 comment
#62 - Describe coordination process between different SIGs for vulnerabilities
Issue -
State: closed - Opened by mx-psi about 1 month ago
- 1 comment
#61 - Process for who should be notified and how prior to public CVE disclosure
Issue -
State: closed - Opened by mx-psi about 1 month ago
- 7 comments
#60 - Define who is part of the Fix Team
Issue -
State: closed - Opened by mx-psi about 1 month ago
#59 - Improve "Community Incident Response Guidelines"
Issue -
State: open - Opened by mx-psi about 1 month ago
#58 - Prevent supply chain attacks in open-telemetry repositories
Issue -
State: open - Opened by marcalff about 2 months ago
- 2 comments
#57 - Enable OpenSSF Scorecard to enhance security practices across the project
Issue -
State: open - Opened by harshitasao 2 months ago
- 2 comments
#56 - Threat modeling for OTel components
Issue -
State: open - Opened by codeboten 2 months ago
- 3 comments
#55 - Propose recommendation around fuzzing
Issue -
State: open - Opened by codeboten 2 months ago
- 2 comments
#54 - Add recommendation about sigstore
Pull Request -
State: open - Opened by jpkrohling 2 months ago
- 2 comments
#53 - What should we do with the sigstore files?
Issue -
State: open - Opened by ocelotl 3 months ago
- 3 comments
Labels: code signing
#52 - Add Snyk to tools
Pull Request -
State: closed - Opened by jpkrohling 3 months ago
#51 - SIG meeting time and frequency
Pull Request -
State: closed - Opened by jpkrohling 3 months ago
- 2 comments
#50 - Remove CSV builder, adds description about the tool
Pull Request -
State: closed - Opened by jpkrohling 3 months ago
#49 - Move to emeritus
Pull Request -
State: closed - Opened by cartersocha 3 months ago
#48 - Guidance on signing artifacts in language SDKs
Issue -
State: closed - Opened by martinkuba 3 months ago
- 4 comments
Labels: code signing
#47 - Looking for advice on signing artifacts for Weaver / semantic conventions
Issue -
State: open - Opened by jsuereth 4 months ago
- 3 comments
Labels: code signing
#46 - Download URLs for opentelemetry artifacts with scarf.sh
Issue -
State: closed - Opened by svrnm 7 months ago
- 1 comment
#45 - Monitor transparency log for signed artifacts
Issue -
State: open - Opened by jpkrohling 8 months ago
#44 - Update CODEOWNERS
Pull Request -
State: closed - Opened by bogdandrutu 8 months ago
#43 - Create CODEOWNERS
Pull Request -
State: closed - Opened by bogdandrutu 8 months ago
- 1 comment
#42 - minorly update incident response flow
Pull Request -
State: closed - Opened by cartersocha 10 months ago
#41 - Output a valid JSON array for CVE feed
Pull Request -
State: closed - Opened by martinkuba 10 months ago
#40 - List of SBOMs across SIGs
Issue -
State: open - Opened by jpkrohling 10 months ago
Labels: good first issue
#39 - Find out which SBOM format is being used in other CNCF projects
Issue -
State: closed - Opened by ocelotl 10 months ago
- 1 comment
#38 - Update learning-sessions.md
Pull Request -
State: closed - Opened by codeboten 10 months ago
#37 - Update learning-sessions.md
Pull Request -
State: closed - Opened by codeboten 10 months ago
#36 - add published json file to populate cvee feed on the website
Pull Request -
State: closed - Opened by cartersocha 10 months ago
- 2 comments
#35 - add learning-sessions document
Pull Request -
State: closed - Opened by codeboten 10 months ago
- 1 comment
#34 - Add learning sessions document
Issue -
State: closed - Opened by codeboten 10 months ago
- 1 comment
#33 - Enabling SBOM across repositories
Issue -
State: open - Opened by codeboten 10 months ago
- 9 comments
Labels: sbom
#32 - Configure Renovate
Pull Request -
State: closed - Opened by renovate[bot] 10 months ago
- 1 comment
#31 - SIG meeting time and frequency
Issue -
State: closed - Opened by codeboten 11 months ago
- 4 comments
#30 - Allstar review for outreachy
Pull Request -
State: closed - Opened by Twhite2 11 months ago
- 3 comments
#29 - allstar usecase(#21)
Pull Request -
State: closed - Opened by EjiroLaurelD 11 months ago
- 5 comments
#28 - sig-security\#10.md
Pull Request -
State: closed - Opened by oly-baby 12 months ago
- 2 comments
#27 - Sig security/#14
Pull Request -
State: closed - Opened by oly-baby 12 months ago
#26 - Create Conduct CNCF self audit of OTel #11.md
Pull Request -
State: closed - Opened by oly-baby 12 months ago
#25 - Create Investigate Allstar for monitoring organization-wide policies
Pull Request -
State: closed - Opened by oly-baby 12 months ago
- 1 comment
#24 - Issues contributor
Pull Request -
State: closed - Opened by oly-baby 12 months ago
- 5 comments
#23 - Bind localhost
Pull Request -
State: closed - Opened by EjiroLaurelD 12 months ago
#22 - Allstar
Pull Request -
State: closed - Opened by EjiroLaurelD 12 months ago
- 2 comments
#21 - Investigate Allstar for monitoring organization-wide policies
Issue -
State: open - Opened by codeboten 12 months ago
- 10 comments
#20 - document recommendation for codeQL
Pull Request -
State: closed - Opened by codeboten 12 months ago
#19 - Add recommendation around binding to network interfaces
Issue -
State: closed - Opened by codeboten 12 months ago
- 5 comments
Labels: good first issue
#18 - Updated security response guidance
Pull Request -
State: closed - Opened by cartersocha about 1 year ago
#17 - Update response guidance
Pull Request -
State: closed - Opened by cartersocha about 1 year ago
- 1 comment
#16 - Security response doc
Pull Request -
State: closed - Opened by cartersocha about 1 year ago
#15 - Add recommendation around CodeQL
Issue -
State: closed - Opened by codeboten about 1 year ago
- 1 comment
#14 - Where to publish Java signing pubkey?
Issue -
State: open - Opened by breedx-splk about 1 year ago
- 11 comments
Labels: code signing
#13 - Document community tooling and repo processes
Issue -
State: closed - Opened by cartersocha about 1 year ago
- 1 comment
#12 - Audit repositories for security tools
Issue -
State: open - Opened by codeboten about 1 year ago
- 15 comments
#11 - Conduct CNCF self audit of OTel
Issue -
State: closed - Opened by cartersocha about 1 year ago
- 2 comments
#10 - Investigate code signing
Issue -
State: open - Opened by codeboten about 1 year ago
- 4 comments
Labels: code signing
#9 - Start certificate signing of project components
Issue -
State: closed - Opened by cartersocha about 1 year ago
#8 - Create CVEE disclosure on OTel website
Issue -
State: closed - Opened by cartersocha about 1 year ago
- 3 comments
#7 - Automate maintainer assignment when incident is created
Issue -
State: open - Opened by cartersocha about 1 year ago
#6 - Automate TC incident notification
Issue -
State: closed - Opened by cartersocha about 1 year ago
- 1 comment
#5 - Create LICENSE
Pull Request -
State: closed - Opened by codeboten about 1 year ago
#4 - add contributing doc
Pull Request -
State: closed - Opened by codeboten about 1 year ago
#3 - Add charter
Pull Request -
State: closed - Opened by cartersocha about 1 year ago
- 1 comment
#2 - add initial readme info
Pull Request -
State: closed - Opened by cartersocha about 1 year ago
- 2 comments
#1 - additional details to the readme
Pull Request -
State: closed - Opened by codeboten about 1 year ago
- 4 comments