Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: "private repo" persona #396

Open
2 tasks done
woodruffw opened this issue Jan 6, 2025 · 1 comment
Open
2 tasks done

Feature: "private repo" persona #396

woodruffw opened this issue Jan 6, 2025 · 1 comment
Labels
enhancement New feature or request

Comments

@woodruffw
Copy link
Owner

woodruffw commented Jan 6, 2025
edited
Loading

Pre-submission checks

  • I am not reporting a bug (crash, false positive/negative, etc). These must be filed via the bug report template.
  • I have looked through the open issues for a duplicate request.

What's the problem this feature will solve?

This is another valuable persona: there are developers who have 100% private repos where all maintainers are trusted, which means that a lot of "public untrusted input" vulnerabilities are less serious/not relevant.

We could do this with --persona=private or similar.

Describe the solution you'd like

Add a new "private repo" persona that's even less sensitive than the "regular" persona.

Additional context

h/t @MikeMcQuaid for the valuable idea 🙂
@woodruffw woodruffw added the enhancement New feature or request label Jan 6, 2025
@woodruffw
Copy link
Owner Author

Leaving a note for myself: it probably makes sense to rename this --persona=trusted or similar, since it's about private repos or fully trusted contributors.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@woodruffw