Skip to content

Issues: open-telemetry/sig-security

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

22 Open 18 Closed
22 Open 18 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Usage of GitHub Artifact Attestations
#79 opened Oct 18, 2024 by pellared
5
Recommendations about setting users in the container images
#73 opened Sep 9, 2024 by jpkrohling
Define communications strategy (blog posts, social media posts...) after a CVE is released
#63 opened Aug 13, 2024 by mx-psi
@jpkrohling
1
Improve "Community Incident Response Guidelines"
#59 opened Aug 13, 2024 by mx-psi
3 of 4 tasks
@jpkrohling
Prevent supply chain attacks in open-telemetry repositories
#58 opened Aug 6, 2024 by marcalff
@jpkrohling
2
Enable OpenSSF Scorecard to enhance security practices across the project
#57 opened Jul 19, 2024 by harshitasao
2
Threat modeling for OTel components
#56 opened Jul 17, 2024 by codeboten
3
Propose recommendation around fuzzing
#55 opened Jul 17, 2024 by codeboten
2
Add guidance on pinning GitHub Actions and container images
#69 opened Jul 10, 2024 by pellared
10
What should we do with the sigstore files? code signing Items related to questions, best practices and recommendations around code signing
#53 opened Jul 8, 2024 by ocelotl
@jpkrohling
3
Looking for advice on signing artifacts for Weaver / semantic conventions code signing Items related to questions, best practices and recommendations around code signing
#47 opened Jun 5, 2024 by jsuereth
@jpkrohling
3
Monitor transparency log for signed artifacts
#45 opened Jan 25, 2024 by jpkrohling
@jpkrohling
List of SBOMs across SIGs good first issue Good for newcomers
#40 opened Dec 4, 2023 by jpkrohling
@jpkrohling
Enabling SBOM across repositories sbom Items related to questions, best practices, and recommendations for SBOMs
#33 opened Nov 15, 2023 by codeboten
@jpkrohling
9
[security] audit repository tooling
#71 opened Oct 22, 2023 by EjiroLaurelD
4 of 8 tasks
2
Investigate Allstar for monitoring organization-wide policies
#21 opened Oct 4, 2023 by codeboten
@jpkrohling
10
Where to publish Java signing pubkey? code signing Items related to questions, best practices and recommendations around code signing
#14 opened Aug 30, 2023 by breedx-splk
@jpkrohling
11
Audit repositories for security tools
#12 opened Aug 16, 2023 by codeboten
12 of 68 tasks
16
Investigate code signing code signing Items related to questions, best practices and recommendations around code signing
#10 opened Aug 16, 2023 by codeboten
@jpkrohling
4
Automate maintainer assignment when incident is created
#7 opened Aug 16, 2023 by cartersocha
Proposal: Use harden-runner in jobs using OPENTELEMETRYBOT_GITHUB_TOKEN
#74 opened Jun 22, 2023 by pellared
7
[Proposal] Prefer GitHub-based security vulnerability reporting workflow
#75 opened Jan 18, 2023 by yurishkuro
2
ProTip! Updated in the last three days: updated:>2024-11-13.