Ruth Cheesley – Implementing GitHub's private security issue reporting скачать в хорошем качестве

Ruth Cheesley – Implementing GitHub's private security issue reporting

More: https://25.foss-backstage.de/sessions... Speaker: Ruth Cheesley With a month's notice to transition to a new workflow for managing incoming security reports for our open source project, join us to learn how we implemented GitHub's built-in security reporting feature in the Mautic project, and explore the highs and lows of collaborating with researchers, contributors and our security team using this system. In November last year, the tool we used for accepting incoming security issue reports decided to stop working with open source projects outside of AI/ML, so we were forced to establish entirely new workflows for receiving reports, collaborating with researchers and publishing our security issues with only a month's notice. In this talk we'll explore the key features that are offered to open source projects through the built-in GitHub Security Advisories feature, and talk about some of the challenges that a large open source project like Mautic might face when implementing this system. We'll look at the steps we went through to transition fully to using GitHub's built-in private advisory reporting system and cover some of the big gotchas that you'll need to be aware of when working with GitHub private forks, and how we're currently working around them. We'll also walk through a start-to-finish process of how an issue is now reported, triaged, resolved and released in our current workflows. Come along if you're curious about all things GitHub Security Advisories and how to implement such a workflow within your projects. ### Follow us on Social Media and join the Community! Mastodon: https://floss.social/@FOSSBackstage LinkedIn:   / foss-backstage   Website: https://foss-backstage.de Mail: info@foss-backstage.de FOSS Backstage is an event by Plain Schwarz – https://plainschwarz.com