Il Mer 23 Set 2020, 19:02 Tom DuBuisson <to...@muse.dev> ha scritto: > Enrico, > > The Muse App requires two main abilities. First is events, such as > notification when pull requests are opened or updated. Second is > permission to post comments (which is always possible for humans but more > tightly controlled when the poster authenticates as a github application). > The repository being public has allowed us to run the app and observe > ErrorProne, Infer, and FindSecBugs all run out of the box and without > custom configuration. >
Makes sense. One last question from my side What about security issues? Our policy is to have them reported to secur...@zookeeper.apache.org before public disclosure Enrico > Cheers, > Tom > > On Wed, Sep 23, 2020 at 6:35 AM Enrico Olivelli <eolive...@gmail.com> > wrote: > > > Il Mer 23 Set 2020, 00:44 Tom DuBuisson <to...@muse.dev> ha scritto: > > > > > Zookeeper Developers, > > > > > > > > > > > > As part of our sponsorship of ApacheCon, our company MuseDev is doing a > > Bug > > > Bash for select Apache projects. We'll bring members of the ApacheCon > > > community together to find and fix a range of security and performance > > bugs > > > during the conference, and gameify the experience with teams, a > > > leaderboard, and prizes. The bash is open to everyone whether attending > > the > > > conference or not, and our whole dev team will also be participating to > > > help fix as many bugs as we can. > > > > > > > > > > > > We're seeding the bug list with results from Muse, our code analysis > > > platform, which runs as a Github App and comments on possible bugs as > > part > > > of the pull request workflow. Here's an example of what it looks like: > > > > > > https://github.com/curl/curl/pull/5971#discussion_r490252196 > > > <https://github.com/curl/curl/pull/5971> > > > > > > > > > > > > We explored a number of Apache projects and are reaching out because > our > > > analysis through Muse found some interesting bugs that could be fixed > > > during the Bash. > > > > > > > > > > > > We're writing to see if you'd be interested in having your project > > included > > > in the Bash. Everything is set up on our end, and if you're interested, > > we > > > would need you to say yes on this listserv, and we’ll work with the > > Apache > > > Infrastructure team to grant Muse access to your Github mirror. > > > > > > It is a public repo, which kind of access does it need? > > > > Enrico > > > > > > We'll then > > > make sure it's all set-up and ready for the Bash. And of course, > everyone > > > on the project is most welcome to join the Bash and help us smash some > > > bugs. > > > > > > > > > -Tom > > > > > >
