{"id":15177391,"url":"https://github.com/open-telemetry/.allstar","last_synced_at":"2026-01-20T17:19:33.465Z","repository":{"id":217686735,"uuid":"744230310","full_name":"open-telemetry/.allstar","owner":"open-telemetry","description":"Enable and house Allstar policies centrally for the organizatio","archived":true,"fork":false,"pushed_at":"2025-05-21T01:26:59.000Z","size":9,"stargazers_count":0,"open_issues_count":2,"forks_count":5,"subscribers_count":13,"default_branch":"main","last_synced_at":"2025-10-30T00:41:09.897Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/open-telemetry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"security.yaml","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-16T21:51:23.000Z","updated_at":"2025-06-09T22:52:13.000Z","dependencies_parsed_at":"2024-01-17T23:08:08.186Z","dependency_job_id":"f555599a-19b5-48f5-afb2-e4645704dfd4","html_url":"https://github.com/open-telemetry/.allstar","commit_stats":{"total_commits":7,"total_committers":4,"mean_commits":1.75,"dds":0.5714285714285714,"last_synced_commit":"f7a3995b7bde4f0abf07f701ec6b943945f942e6"},"previous_names":["open-telemetry/.allstar"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/open-telemetry/.allstar","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-telemetry%2F.allstar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-telemetry%2F.allstar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-telemetry%2F.allstar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-telemetry%2F.allstar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/open-telemetry","download_url":"https://codeload.github.com/open-telemetry/.allstar/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-telemetry%2F.allstar/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28607625,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T16:10:39.856Z","status":"ssl_error","status_checked_at":"2026-01-20T16:10:39.493Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-27T14:21:57.759Z","updated_at":"2026-01-20T17:19:33.431Z","avatar_url":"https://github.com/open-telemetry.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Allstar Security Policy Enforcement\n\n## Overview\n\nThis repository outlines the security policy enforcement for the OpenTelemetry organization, using the [Allstar GitHub App](https://github.com/ossf/allstar). Allstar helps enforce security best practices by automatically checking and ensuring our repositories comply with our established policies.\n\n## Configured Allstar Actions\n\nAllstar is configured to take the following action upon detecting a policy violation within any repository in the OpenTelemetry organization:\n- **issue**: For each violation, Allstar will create a GitHub issue within the affected repository. If the issue remains open and unchanged for more than 36 hours, it will be pinged with a comment every 36 hours. The issue will be automatically closed by Allstar once the violation is resolved.\n\n## Enforced Policies\n\nThe following Allstar security policies are actively enforced across the OpenTelemetry organization's repositories:\n\n### Repository Administrators Policy\n- Ensures that each repository has assigned administrators.\n- Maintains that teams are designated as administrators.\n\n### GitHub Actions Policy\n- Monitors GitHub Actions workflows to ensure they adhere to our security rules.\n- Checks for the use of static security scans within the workflows.\n\n### Binary Artifacts Policy\n- Prevents binary artifacts from being committed to the repositories.\n- Ensures that source code is human-readable and free from hidden vulnerabilities.\n\n### Branch Protection Policy\n- Verifies that the main branches (e.g., `main`) have branch protection rules enforced, such as required reviews, status checks, and more.\n\n### SECURITY.md Policy\n- Checks that a security policy file named `SECURITY.md` is present and properly filled out in each repository or at the organisation. This file should detail how to report security vulnerabilities.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopen-telemetry%2F.allstar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopen-telemetry%2F.allstar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopen-telemetry%2F.allstar/lists"}