Re: security & CNCF projects
toggle quoted message Show quoted text
That depends on your viewpoint, the maintainers ideally should make that call per project based on whatever security process they have in place for the project. You can have a view that maintainers should know first before external attackers? Also a lot of thes security tools can have false positives and so on that may not reflect reality, so it's a bit of a nuanced topic.
If your project wants access to these security tools or others, feel free to file a SD ticket! https://github.com/cncf/servicedesk#tools - in this case Alexis, I'll have someone on my team reach out and get flux squared away. However, most of these are already free for open source projects so you can readily just adopt them yourselves.
On Tue, Feb 16, 2021 at 9:33 AM Alexis Richardson <alexis@...> wrote:
Chris Aniszczyk (@cra)