Google open-sources Allstar, a tool to protect GitHub repos

From malware.news

Allstar

Google has open-sourced today a project named Allstar that can be used to secure GitHub projects by constantly watching and enforcing a set of security policies with the hope of preventing basic security misconfigurations.

Available as a GitHub app, Allstar can be installed on organizations and user accounts and allow it access to desired repositories.

Under the hood, Allstar works by reading a configuration file containing a set of user-defined rules—called security policies— and then constantly scanning and checking a project’s settings and recent events to ensure that no modifications are made to a project’s sensitive areas.

Read more…