Update security reporting policy #3595
Assignees
Labels
spec:miscellaneous
For issues that don't match any other spec label
Comments
tigrannajaryan
added
the
spec:miscellaneous
|
PR to the policy attached. |
|
I enabled "Private vulnerability reporting" on all repos. Wish GitHub would have org-level settings that would override individual repo defaults. |
|
turns out GitHub does support bulk updates of security settings, but the vulnerability reporting is not one of them, perhaps because it itself is in beta: https://docs.github.com/en/enterprise-cloud@latest/code-security/security-overview/enabling-security-features-for-multiple-repositories |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
TC and GC discussed and decided that we want to make Github security reporting capabilities the primary reporting channel.
We will need to update the policy document and make sure all repos have the vulnerability reporting feature enabled (including new repos).
cc @open-telemetry/governance-committee @open-telemetry/technical-committee
The text was updated successfully, but these errors were encountered: