DOE: archive notice requested#24
Open
GitBytes wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Because this repository meets the archive recommendation threshold, the README archive notice is highly recommended for compliance with DOE requirements.
Contact: csoc@pnnl.gov
Action Requested: Review and Archive Inactive Public GitHub Repositories
Hi GitHub repository owners and organization admins,
We are asking for your help with a short, proactive security maintenance effort for public-facing repositories.
Following recent cyber events involving public GitHub instances, federal cybersecurity leaders are encouraging agencies to tighten the security posture of public repositories. As part of that effort, we have been asked to validate our public repository inventories and reduce risk from inactive or legacy code.
Requested Actions
Please help us complete the following:
Validate your public GitHub repositories
Confirm that our inventory of public-facing open-source repositories is accurate.
Archive inactive repositories
Mark repositories that are unused, inactive, or no longer maintained as archived or the equivalent read-only status.
Add an archive notice where appropriate
For any repository your team archives, we recommend adding the following notice to the README:
Why This Matters
Archiving inactive repositories helps reduce confusion for the public, external researchers, and automated security tools. It also helps future vulnerability scans focus on active codebases instead of generating noise from legacy or unsupported projects.
If your team is unable to complete these updates directly, we may submit a pull request or GitHub issue to the affected repository with the requested changes.
Thank you for helping keep our public repositories accurate, clear, and more secure.