[security] audit repository tooling

The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:

- [ ]  CodeQL enabled via [GitHub Actions](https://github.com/open-telemetry/opentelemetry-collector/blob/main/.github/workflows/codeql-analysis.yml)
- [ ]  Static code analysis tool (the collector uses govulncheck [https://pkg.go.dev/golang.org/x/vuln] on every build)
- [ ]  Repository security settings
  - [ ]  Security Policy ✅
  - [ ]  Security advisories ✅
  - [ ]  Private vulnerability reporting ✅
  - [ ]  Dependabot alerts ✅
  - [ ]  Code scanning alerts ✅

Parent issue: https://github.com/open-telemetry/sig-security/issues/12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[security] audit repository tooling #19

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[security] audit repository tooling #19

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions