Skip to content

DOE: archive notice requested#24

Open
GitBytes wants to merge 1 commit into
pnnl:masterfrom
GitBytes:doe-repository-review-archive-hundo
Open

DOE: archive notice requested#24
GitBytes wants to merge 1 commit into
pnnl:masterfrom
GitBytes:doe-repository-review-archive-hundo

Conversation

@GitBytes

Copy link
Copy Markdown

Because this repository meets the archive recommendation threshold, the README archive notice is highly recommended for compliance with DOE requirements.

Contact: csoc@pnnl.gov

Action Requested: Review and Archive Inactive Public GitHub Repositories

Hi GitHub repository owners and organization admins,

We are asking for your help with a short, proactive security maintenance effort for public-facing repositories.

Following recent cyber events involving public GitHub instances, federal cybersecurity leaders are encouraging agencies to tighten the security posture of public repositories. As part of that effort, we have been asked to validate our public repository inventories and reduce risk from inactive or legacy code.

Requested Actions

Please help us complete the following:

  1. Validate your public GitHub repositories
    Confirm that our inventory of public-facing open-source repositories is accurate.

  2. Archive inactive repositories
    Mark repositories that are unused, inactive, or no longer maintained as archived or the equivalent read-only status.

  3. Add an archive notice where appropriate
    For any repository your team archives, we recommend adding the following notice to the README:

This repository has been archived and is no longer maintained.
The code is provided for historical reference and may contain unpatched or unknown vulnerabilities.
It should not be used in production systems.

Why This Matters

Archiving inactive repositories helps reduce confusion for the public, external researchers, and automated security tools. It also helps future vulnerability scans focus on active codebases instead of generating noise from legacy or unsupported projects.

If your team is unable to complete these updates directly, we may submit a pull request or GitHub issue to the affected repository with the requested changes.

Thank you for helping keep our public repositories accurate, clear, and more secure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant