Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Evaluate OSS for Security #1040

Merged
merged 6 commits into from
Mar 14, 2024
Merged

Evaluate OSS for Security #1040

merged 6 commits into from
Mar 14, 2024

Conversation

balteravishay
Copy link
Contributor

Pull Request Template

What are you trying to address

This PR addresses issue #1039 by proposing a set of checks and tools that can be applied when evaluating an OSS package.

Checklist

[READY TO PR? Use the check-list below to ensure your branch is ready for PR.]

  • [v] Changes follow the repo structure and land in the appropriate folder and section
  • [v] No confidential information
  • [v] No duplicated content
  • [v] Labeled appropriately
  • [v] Added 2 reviewers
  • [v] No lint errors
  • [v] No lint check errors related to your changes

Note: You may see link check errors on pages you have not touched. This is normal, and due to either broken links or sites that reject link checker bots. The reviewer will help you get to a green state on these.

@balteravishay balteravishay changed the title first draft Evaluate OSS for Security Mar 12, 2024
nyouens
nyouens approved these changes Mar 12, 2024
View reviewed changes
Copy link

@nyouens nyouens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

anatbal
anatbal approved these changes Mar 12, 2024
View reviewed changes
Copy link
Contributor

@anatbal anatbal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good and super important!

@superhindupur
Copy link

Thanks for adding this, very helpful. As discussed on the EMEA security committee call, it would be great if we can add some guidance to check for the dependency tree of a new open source dependency during a code review.

@balteravishay
Copy link
Contributor Author

thanks @superhindupur, great feedback! added a section on "When to evaluate OSS", wdyt?

@shiranr shiranr merged commit 0186f3e into microsoft:main Mar 14, 2024
2 checks passed
@balteravishay balteravishay mentioned this pull request Oct 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shiranr shiranr shiranr approved these changes

@anatbal anatbal anatbal approved these changes

@nyouens nyouens nyouens approved these changes

@TessFerrandez TessFerrandez Awaiting requested review from TessFerrandez TessFerrandez is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@balteravishay @superhindupur @shiranr @anatbal @nyouens