Comments (5)
Yes, I completely agree that this is a top issue to solve. Currently, I'm not sure of how it could work. We don't want to post the preview data publicly without some configuration action by the org-owner. A long-term solution could be a private portal that you log into with your GitHub credentials, and Allstar only shows you the results that you own. That would take some time to build.
A quicker hack that has come to me when thinking about this now is to create a single issue on the .allstar
repo with the results of a preview. How does that sound to you? Any suggestions? Thanks!
from allstar.
Another thing: without preview mode a good way to slowly enable might be:
First use opt-in mode and explicitly list your important and active repos.
Next, after that goes well, switch to opt-out mode and opt-out a list of your old / stale repos that you wouldn't fix to avoid opening unnecessary issues on those. (Though I'd consider archiving those repos as well). With this config Allstar would be enabled on newly-created repos by default.
from allstar.
A single issue in the .allstar repo would work great. That would also be a sufficient work-around for #59 for now.
from allstar.
Sounds good, I'll write up a proposal.
from allstar.
One thing that would be valuable is if this preview did not report problems in archived repos. I mention this only because the logs you kindly provided me for flutter do include things like "this repo doesn't have branch protection" for repos that are actually archived and thus don't need branch protection (because they have the ultimate protection, heh).
from allstar.
Related Issues (20)
- [Feature Request]: Check rulesets for branch protection rules HOT 2
- Allstar not opening issue on a fork HOT 2
- FR: Add a check for pinned dependencies HOT 4
- OptConfig missing on GH action policies
- Having setup difficulty using ossf provided instance HOT 1
- Prevent enforcement of `Branch Protection` on archived repositories HOT 1
- Create GitHub private vulnerability reports as an action
- Policy for checking for arbitrary file existence HOT 8
- [bug] Issue in member repo is updated/edited when org config IssueRepo is set centrally HOT 1
- [improvement] Allow app running with --once to exit with error when policy errors are encountered HOT 1
- Time for a new release? HOT 4
- Feature: Add `issueDetails` option to the configuration files
- Emit logs with details about configuration origin and final configuration
- Outside collaborators should be override-able at the repo-level HOT 2
- Allstar operations overview follow-ups HOT 1
- Improve Allstar's Scorecard HOT 2
- Update emitted copy around OpenSSF Scorecard checks
- Document recent changes to the generic Scorecard policy HOT 1
- Interested in support for self-hosted GHE installation HOT 2
- Issue with Allstar Branch Protection Enforcement (404 errors upon action: fix) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from allstar.