New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure-by-default templates #2074

Open

3 tasks

varunsh-coder opened this issue Apr 12, 2023 · 1 comment

Labels

Member

varunsh-coder commented Apr 12, 2023 •

edited

Loading

In addition to fixing GitHub Actions workflows and Dockerfiles, we should also plan to show secure-by-default templates for common scenarios.

GitHub Actions for publishing scenarios that use OIDC, minimum token-permissions etc
Dockerfiles for common scenarios with security best practices implemented
OpenSSF SLSA Generator, recently released npm provenance generator

We can expand to secure-by-default templates for other as code files, Terraform/ CloudFormation etc in the future.

varunsh-coder added the enhancement label

Member Author

varunsh-coder commented Apr 13, 2023

We could also auto-generate reusable workflows based on an organization's current workflows.

varunsh-coder pinned this issue

varunsh-coder mentioned this issue

Ensure pinned dependencies #2150

Open

varunsh-coder unpinned this issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment