MozillaWiki

GitHub/Repository Security: Difference between revisions

Page Discussion

GitHub/Repository Security (view source)

Revision as of 00:30, 9 October 2020

49 bytes added ,  9 October 2020
Clarify the guideline around Dependabot
(Clarify scope of signing for now)
(Clarify the guideline around Dependabot)
Line 57: Line 57:
- [ ] When creating a release, all commits which compose that release should first be audited.
- [ ] When creating a release, all commits which compose that release should first be audited.
- [ ] Elevated permissions should be granted to teams, not individual accounts, whenever possible. (Only org members can be part of a team.)
- [ ] Elevated permissions should be granted to teams, not individual accounts, whenever possible. (Only org members can be part of a team.)
- [ ] Enable [Automated Security Fixes][1] for the repository. If the vulnerability is not applicable to your repository, document that in the PR, then close (not merge) it.
- [ ] Enable [Automated Security Fixes][1] for the repository. If the vulnerability identified by Dependabot is not applicable to your repository, document that in the Dependabot PR, then close the PR (don't merge the PR).


[1]: https://help.github.com/en/articles/configuring-automated-security-fixes
[1]: https://help.github.com/en/articles/configuring-automated-security-fixes
Gene wood
Confirmed users
112

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1231484"