Disable remember-ok-to-test by default
#1798
Labels
feature
New feature or request
Comments
|
Added this jira issue https://issues.redhat.com/browse/SRVKP-7238 |
zakisk
added a commit
to zakisk/pipelines-as-code
that referenced
this issue
Mar 26, 2025
`remeber-ok-to-test` setting is set to false by default to mitigate security risks of enabling an attacker to gain trust of repo owner and push malicious code. fixes: openshift-pipelines#1798 https://issues.redhat.com/browse/SRVKP-7238 Signed-off-by: Zaki Shaikh <[email protected]>
7 tasks
zakisk
added a commit
to zakisk/pipelines-as-code
that referenced
this issue
Apr 3, 2025
`remeber-ok-to-test` setting is set to false by default to mitigate security risks of enabling an attacker to gain trust of repo owner and push malicious code. fixes: openshift-pipelines#1798 https://issues.redhat.com/browse/SRVKP-7238 Signed-off-by: Zaki Shaikh <[email protected]>
zakisk
added a commit
to zakisk/pipelines-as-code
that referenced
this issue
Apr 3, 2025
`remeber-ok-to-test` setting is set to false by default to mitigate security risks of enabling an attacker to gain trust of repo owner and push malicious code. fixes: openshift-pipelines#1798 https://issues.redhat.com/browse/SRVKP-7238 Signed-off-by: Zaki Shaikh <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When
/ok-to-testis remembered, it is possible for an external contributor to gain trust with a reasonable code change and then push a malicious change which is targeted at the build system (i.e. secret exfiltration).In order to mitigate this risk, PAC should configure this to
falseby default and documentation should be added to highlight the risk. Installations would then have to explicitly set this totrueto accept the potential risk of the configuration.The text was updated successfully, but these errors were encountered: