You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I'm new to Livepeer, and I've been looking at installing an orchestrator today. I'm security minded for any project that I'm involved in, especially for crypto services. Awesome work, by the way.
I forked the project to assess where the project is with security, so I applied the GitHub security tools, code scanner (not finished yet still running), dependabot, and secrets detection. I basically added all the security tools for scanning the project. For now I can only say that there are 4 findings:
I would recommend you add a security policy to the project to automate the inclusion of the fixes proposed, from dependabot in this case, simply to improve the security of the project.
Cheers.
Edit: I see that you have dependabot configured... doh :D
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I'm new to Livepeer, and I've been looking at installing an orchestrator today. I'm security minded for any project that I'm involved in, especially for crypto services. Awesome work, by the way.
I forked the project to assess where the project is with security, so I applied the GitHub security tools, code scanner (not finished yet still running), dependabot, and secrets detection. I basically added all the security tools for scanning the project. For now I can only say that there are 4 findings:
I would recommend you add a security policy to the project to automate the inclusion of the fixes proposed, from dependabot in this case, simply to improve the security of the project.
Cheers.
Edit: I see that you have dependabot configured... doh :D
Beta Was this translation helpful? Give feedback.
All reactions