Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

Mbed-TLS / mbedtls-test Public

Notifications You must be signed in to change notification settings
Fork 25
Star 4

Code
Issues 56
Pull requests 15
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Projects
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI hardening project #132

Open

1 of 12 tasks

bensze01 opened this issue Oct 11, 2023 · 0 comments

Open

1 of 12 tasks

CI hardening project #132

bensze01 opened this issue Oct 11, 2023 · 0 comments

Assignees

Labels

New feature or request

priority-high size-l

Estimated task size: large (2w+)

Comments

Copy link

Contributor

bensze01 commented Oct 11, 2023

This issue tracks the changes we plan to implement to harden our CI against poison pipeline attacks and allow us to move to
a greater level of automatism without exposing our infrastructure to attacks from untrusted code.

Restrict automatic CI runs to PRs authored by team members or trusted third parties
- Allowlist implementation: Restrict automatic runs of PR jobs #129
- Enable automatic runs on both CIs with the allowlist in place
Isolate Linux tests from the external environment
- Move all test code that accesses the network into the mbedtls-test repository
- Switch all Linux docker containers to network driver none
- Restrict SYS_PTRACE capability to gdb tests
- Enable automatic runs of the isolated subset of tests for untrusted contributions for PR pre-screening
Isolate FreeBSD tests from the external environment
- Move all test code that accesses the network into the mbedtls-test repository
- Replicate FreeBSD test environemnt using Podman/Buildah
- Containerize FreeBSD tests
Isolate Windows tests from the external environment
- Move all test code that accesses the network into the mbedtls-test repostiory
- Replicate Windows test environment using Docker
- Containerize Windows tests

The text was updated successfully, but these errors were encountered:

All reactions

bensze01 added enhancement

New feature or request

size-l

Estimated task size: large (2w+)

priority-high labels

bensze01 self-assigned this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Assignees

Labels

New feature or request

priority-high size-l

Estimated task size: large (2w+)

Projects

None yet

Milestone

No milestone

Development

No branches or pull requests

1 participant

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.