Secure your repository

[MasudIbne756]

Minimize risk by following the GitHub repository security best practices. Also look for additional control practices which are followed in your organization. Some of them are:

Manage access to your repository: Mandate multi-factor authentication on all the GitHub accounts for all your contributors. Revoke access for the contributors who are no longer in the project.
Add a SECURITY.md file: Apart from this, one should include a SECURITY.md file that contains all the security information about your project. This SECURITY.md should have disclosure policy, security update policy, security related configuration best practices, known vulnerabilities, and future roadmap.
Rotate SSH Keys and personal access tokens: Be sure to rotate both SSH Keys and personal access tokens periodically to minimize leakage.
Deprovision apps: As a responsible administrator in an organization, be sure to periodically review open source code projects that are no longer maintained and require deprovisioning.

Build, automate, and collaborate on open source applications
Take the Build Applications with CumulusCI Trail on Trailhead to learn america phone number list how to build and automate applications for Salesforce and collaborate on open source applications.

Start trail
+3,000 points
Trail
Build Applications with CumulusCI

Build and automate applications for Salesforce and collaborate on open source applications.


SAST scanning and security review
Regular code scanning and security review of your repository helps identify security issues at early stages and reduces the likelihood of any major security issues arising later. Static code analysis tools can identify common security flaws, while dependency vulnerability scanners can highlight any known issues in your project’s dependencies. Additionally, consider using security-focused continuous integration and continuous deployment (CI/CD) pipelines to automate security checks throughout your development process.