Perform a risk analysis on the process for the new community roles #144
Comments
|
Requested changes made - also added "Automated testing" as an existing control |
|
Looks good to me - assigning to @maxime-rainville to have a look |
|
Can I get read access to the doc, please? |
|
@michalkleiner I just granted you access. |
|
@GuySartorelli I'm happy with the outcome. I would bump down the impact of XXX-YYY-R01 and XXX-YYY-R02. They are other controls that should be considered like:
|
|
Looks good. Can you create cards for the new controls that have not been implemented and add links in the spreadsheet for future reference? |
|
As far as I can tell only the one issue is required, which already exists - I've added the link, and a note about why the other controls don't need issues. |
|
Me happy. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Perform a risk analysis on the process for the new community roles.
We are thinking of granting more users some write access to our repos. We need to put in place controls to avoid compromising our security standards
Acceptance criteria
Epic
Helpful links
Risk assessment
Note that due to the vague language in the supporting documentation for these evaluations, my impact and likelihood assessments are fairly arbitrary at this stage.
The text was updated successfully, but these errors were encountered: