Skip to content

[Opex] CICD approach to reject PRs which leak internal details #35

New issue
New issue
Open
Feature
Open
[Opex] CICD approach to reject PRs which leak internal details#35
Feature
Assignees
thehellmakeradivekar-utexas
Labels
burning 🔥Urgent issueopex 🏭Operational Excellence
@adivekar-utexas

Description

@adivekar-utexas
adivekar-utexas
opened on Mar 27, 2025

A risk for any repository which is owned by internal Amazon teams is the possibility to raise PRs/issues which contain confidential details.

We need a mechanism to prevent this in some way, ideally prior to raising a PR or issue.

Possible mechanisms include:

  1. Bandit report which checks for internal URLs/actual AWS accounts/IAM roles/credentials.
    • Need to check with Open-Sourcing team if we can externalize these checks.
  2. https://github.com/awslabs/automated-security-helper
  3. https://github.com/awslabs/aws-security-assessment-solution

Metadata

Metadata

Assignees

Labels

burning 🔥Urgent issueopex 🏭Operational Excellence

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions