Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature: github event logging #73

Open
jbergstroem opened this issue Sep 7, 2016 · 7 comments
Open

feature: github event logging #73

jbergstroem opened this issue Sep 7, 2016 · 7 comments

Comments

@jbergstroem
Copy link
Member

Read all events from github (from commits to pushes to merges to acl, etc) and store them in a database for later use. The idea here is to be able to:

  • investigate security incidents (audits -- warn on force pushes, suspicious activity, etc)
  • show interesting statistics, perhaps even part of nodejs.org (pushes day/interesting people/new joins/etc)
@williamkapke
Copy link
Contributor

https://www.githubarchive.org keeps track of the events.

Additionally, I have a project that is tracking all of the everts which I import to a postgres database. Still a WIP.

@jbergstroem
Copy link
Member Author

@williamkapke (ref gharchive) thats just public and not stuff like team changes. We want all the stuff.

@williamkapke
Copy link
Contributor

@jbergstroem I was under the impression that the TSC wouldn't approve an org wide hook... but open an issue and find out for certain! It would really make things easier.

@jbergstroem
Copy link
Member Author

@williamkapke i don't know the permissions well enough but was hoping we'd at least have a read-only option for the event logging scenario.

@phillipj
Copy link
Member

The new integration feature seems to have read-only for everything. Such an integration could be created by the organization, giving the org admins all the control they need. And given the fact that it would be created and hosted by us, there's surely reason to challenge the no org wide hook policy.

All the "no access" buttons below can be set to "read-only":

image

@williamkapke
Copy link
Contributor

... Anyhow, all I know is that there's private stuff in the Security repo that a few people said they didn't want broadcast anywhere. Integrations won't change that. I'm only the messenger... I'll let them speak up for themselves beyond this. ;)

@phillipj
Copy link
Member

No worries, not trying to shoot down the messenger.

IMO there's a big difference in 3rd party integrations and integrations we
create ourselves. Thinking about it, whenever I've heard about the no org
wide webhook policy, there's been emphasis on 3rd party webhooks.

On Monday, 26 September 2016, William Kapke [email protected]
wrote:

... Anyhow, all I know is that there's private stuff in the Security repo
that a few people said they didn't want broadcast anywhere. Integrations
won't change that. I'm only the messenger... I'll let them speak up for
themselves beyond this. ;)


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#73 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABLLE8N4PO3NxFCJR0wEhM49UKvtJFpYks5quD-ZgaJpZM4J3JlS
.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants