Skip to content

REFERENCES.md

Latest commit

 

History

History
69 lines (49 loc) · 5.15 KB

REFERENCES.md

File metadata and controls

69 lines (49 loc) · 5.15 KB

Security References

An index of all external links referenced across the security documentation in this repository.

GitHub Platform Security

Dependabot Configuration Examples

Repository File
torrust-tracker https://github.com/torrust/torrust-tracker/blob/develop/.github/dependabot.yaml

CODEOWNERS Examples

Repository File
torrust-tracker https://github.com/torrust/torrust-tracker/blob/develop/.github/CODEOWNERS

Vulnerability Scanning

Torrust Linter

Resource URL
torrust-linting repository https://github.com/torrust/torrust-linting
ShellCheck linter implementation https://github.com/torrust/torrust-linting/blob/main/src/linters/shellcheck.rs
Clippy linter implementation https://github.com/torrust/torrust-linting/blob/main/src/linters/clippy.rs

Security Workflows (torrust-tracker-deployer)

Workflow File
Cargo Security Audit (cargo audit + RustSec) https://github.com/torrust/torrust-tracker-deployer/blob/main/.github/workflows/cargo-security-audit.yml
CodeQL Advanced (Rust + Actions) https://github.com/torrust/torrust-tracker-deployer/blob/main/.github/workflows/codeql.yml
Docker Security Scan (Trivy, project + third-party images) https://github.com/torrust/torrust-tracker-deployer/blob/main/.github/workflows/docker-security-scan.yml
Code Statistics (tokei) https://github.com/torrust/torrust-tracker-deployer/blob/main/.github/workflows/code-statistics.yml

CI/CD Pipeline Security

PR Review & Merge Process

Resource URL
Bitcoin Core github-merge.py (merge script) https://github.com/cirocosta/bitcoin/blob/master/contrib/devtools/github-merge.py

Workflow Files (torrust-tracker)

Workflow File
Testing (unit + E2E) https://github.com/torrust/torrust-tracker/blob/develop/.github/workflows/testing.yaml
Container build & publish https://github.com/torrust/torrust-tracker/blob/develop/.github/workflows/container.yaml
Docs lint https://github.com/torrust/torrust-tracker/blob/develop/.github/workflows/docs-lint.yaml
Coverage https://github.com/torrust/torrust-tracker/blob/develop/.github/workflows/coverage.yaml

Production Infrastructure Security

Deployer Security Documentation

Resource URL
Security overview (docs/security/) https://github.com/torrust/torrust-tracker-deployer/tree/main/docs/security
Production image scan results https://github.com/torrust/torrust-tracker-deployer/tree/main/docs/security/production/scans
Deployer tooling image scan results https://github.com/torrust/torrust-tracker-deployer/tree/main/docs/security/deployer/docker/scans
Rust dependency audit history https://github.com/torrust/torrust-tracker-deployer/tree/main/docs/security/deployer/dependencies/scans
Testing image scan results https://github.com/torrust/torrust-tracker-deployer/tree/main/docs/security/testing/scans
AI agents and secrets guidance https://github.com/torrust/torrust-tracker-deployer/blob/main/docs/security/user-security/ai-agents-and-secrets.md
SSH root access on Hetzner Cloud https://github.com/torrust/torrust-tracker-deployer/blob/main/docs/security/user-security/ssh-root-access-hetzner.md