Initial

README.md

@@ -0,0 +1,37 @@
+# Allstar configuration for `valitydev`
+
+[Allstar](https://github.com/ossf/allstar) is a security-policy GitHubApp. It is
+installed on this org, and this repo contains the configuration for that app. It
+is configured to create issues on repos that do not comply with the configured
+policy.
+
+## Enabled Repos
+
+Allstar is configured in opt-out.
+
+## Policy Configuration
+
+These are the expected settings to be in compliance
+
+### [Branch Protection](branch_protection.yaml)
+
+|                       |         |
+| --------------------- | ------- |
+| Branches enforced     | default |
+| Require approval      | yes     |
+| Approvals required    | 1       |
+| Dismiss stale reviews | yes     |
+| Block force push      | yes     |
+
+### [Binary Artifacts](binary_artifacts.yaml)
+
+- Binary artifacts not allowed.
+
+### [Outside Collaborators](outside.yaml)
+
+- Push access allowed.
+- Admin access not allowed.
+
+### [SECURITY.md](security.yaml)
+
+- SECURITY.md required.

allstar.yaml

@@ -0,0 +1,3 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true

binary_artifacts.yaml

@@ -0,0 +1,4 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true
+action: issue

branch_protection.yaml

@@ -0,0 +1,9 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true
+action: issue
+enforceDefault: true
+requireApproval: true
+approvalCount: 1
+dismissStale: true
+blockForce: true

outside.yaml

@@ -0,0 +1,4 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true
+action: issue

security.yaml

@@ -0,0 +1,4 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true
+action: issue