https://github.com/open-telemetry/.allstar

Enable and house Allstar policies centrally for the organizatio
https://github.com/open-telemetry/.allstar

Last synced: 5 months ago
JSON representation

Enable and house Allstar policies centrally for the organizatio

• Host: GitHub
• URL: https://github.com/open-telemetry/.allstar
• Owner: open-telemetry
• Archived: true
• Created: 2024-01-16T21:51:23.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-05-21T01:26:59.000Z (about 1 year ago)
• Last Synced: 2025-10-30T00:41:09.897Z (7 months ago)
• Homepage:
• Size: 8.79 KB
• Stars: 0
• Watchers: 13
• Forks: 5
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Codeowners: .github/CODEOWNERS
  • Security: security.yaml

Awesome Lists containing this project

README

          
# Allstar Security Policy Enforcement

## Overview

This repository outlines the security policy enforcement for the OpenTelemetry organization, using the [Allstar GitHub App](https://github.com/ossf/allstar). Allstar helps enforce security best practices by automatically checking and ensuring our repositories comply with our established policies.

## Configured Allstar Actions

Allstar is configured to take the following action upon detecting a policy violation within any repository in the OpenTelemetry organization:

- **issue**: For each violation, Allstar will create a GitHub issue within the affected repository. If the issue remains open and unchanged for more than 36 hours, it will be pinged with a comment every 36 hours. The issue will be automatically closed by Allstar once the violation is resolved.

## Enforced Policies

The following Allstar security policies are actively enforced across the OpenTelemetry organization's repositories:

### Repository Administrators Policy

- Ensures that each repository has assigned administrators.

- Maintains that teams are designated as administrators.

### GitHub Actions Policy

- Monitors GitHub Actions workflows to ensure they adhere to our security rules.

- Checks for the use of static security scans within the workflows.

### Binary Artifacts Policy

- Prevents binary artifacts from being committed to the repositories.

- Ensures that source code is human-readable and free from hidden vulnerabilities.

### Branch Protection Policy

- Verifies that the main branches (e.g., `main`) have branch protection rules enforced, such as required reviews, status checks, and more.

### SECURITY.md Policy

- Checks that a security policy file named `SECURITY.md` is present and properly filled out in each repository or at the organisation. This file should detail how to report security vulnerabilities.