{
'artifact_name' : "eclipse-sbom-data",
'workflow_filter' : "eclipse-csi/workflows/.github/workflows/store-sbom-data.yml.*"
}
| Total Workflow Jobs |
Permitted On Restricted Runners |
Cancelled On Restricted Runners |
| 325 |
0 |
0 |
{
'condition' : """
$count(
$.repositories[name = ".github"]
) = 0""",
'content' : """
{
# snippet added due to '{{blueprint_url}}'
_repositories+:: [
orgs.newRepo('.github')
],
}""",
'reviewers' : [
"{{project_name}}-project-leads"
]
}
| Repository |
Updated At |
Status |
Remediation PR |
{
'files' : [
{
'content' : """
# Security Policy
This Eclipse Foundation Project adheres to the [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/security/policy/).
## How To Report a Vulnerability
If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure.
**Please do not report security vulnerabilities through public issues, discussions, or pull requests.**
Instead, report it using one of the following ways:
* Contact the [Eclipse Foundation Security Team](mailto:security@eclipse-foundation.org) via email
* Create a [confidential issue](https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new?issuable_template=new_vulnerability) in the Eclipse Foundation Vulnerability Reporting Tracker
You can find more information about reporting and disclosure at the [Eclipse Foundation Security page](https://www.eclipse.org/security/).
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
* Affected version(s)
* Impact of the issue, including how an attacker might exploit the issue
* Step-by-step instructions to reproduce the issue
* The location of the affected source code (tag/branch/commit or direct URL)
* Full paths of source file(s) related to the manifestation of the issue
* Configuration required to reproduce the issue
* Log files that are related to this issue (if possible)
* Proof-of-concept or exploit code (if possible)
This information will help us triage your report more quickly.
""",
'path' : "SECURITY.md",
'strict' : false
}
],
'repo_selector' : {
'name_pattern' : ".github"
}
}
| Repository |
Updated At |
Status |
Remediation PR |
{
'billing_email' : "webmaster@eclipse-foundation.org",
'blog' : null,
'company' : null,
'default_branch_name' : "main",
'default_code_security_configurations_disabled' : true,
'default_repository_permission' : "none",
'description' : "",
'discussion_source_repository' : null,
'email' : null,
'has_discussions' : false,
'has_organization_projects' : true,
'location' : null,
'members_can_change_project_visibility' : true,
'members_can_change_repo_visibility' : false,
'members_can_create_private_repositories' : false,
'members_can_create_public_pages' : true,
'members_can_create_public_repositories' : false,
'members_can_create_teams' : false,
'members_can_delete_issues' : false,
'members_can_delete_repositories' : false,
'members_can_fork_private_repositories' : false,
'name' : "Eclipse Open Collaboration Tools",
'packages_containers_internal' : true,
'packages_containers_public' : true,
'plan' : "enterprise",
'readers_can_create_discussions' : true,
'security_managers' : [
"eclipsefdn-security",
"ecd-oct-security"
],
'twitter_username' : null,
'two_factor_requirement' : true,
'web_commit_signoff_required' : true,
'workflows' : {
'actions_can_approve_pull_request_reviews' : false,
'allow_action_patterns' : [],
'allow_github_owned_actions' : true,
'allow_verified_creator_actions' : true,
'allowed_actions' : "all",
'default_workflow_permissions' : "write",
'enabled_repositories' : "all",
'selected_repositories' : []
}
}
| Name |
Description |
Permissions |
Base Role |
| Name |
Description |
Privacy |
Notifications |
Members |
| ecd-oct-security |
<UNSET> |
visible |
True |
skipped
|
| eclipsefdn-releng |
<UNSET> |
visible |
True |
skipped
|
| eclipsefdn-security |
<UNSET> |
visible |
True |
skipped
|
| Name |
Description |
Value Type |
Required |
Default Value |
Allowed Values |
| eclipse_project |
The Eclipse project this repository belongs to. |
string |
True |
'ecd.oct'
|
|
| Name |
Secret |
Visibility |
Selected Repos |
Resolved |
| Name |
Value |
Visibility |
Selected Repos |
| URL |
Active |
Events |
Uses SSL |
Resolved Secret |