Contributors and security

As an open source project, you hope to attract external contributors. That’s a sign of a project that has developed a significant community. However, external contributors can be a security risk. In this section, we’ll discuss some of the best practices for managing external contributors in a secure way.

You’ll learn about

The principle of least privilege: That you should avoid giving anyone more access than they need.
The idea of vetting external contributors: That you should check out external contributors before trusting their contributions.
How to prevent malicious use of CI resources: That you should be careful about what you allow external contributors to do with your CI resources.

Use repository roles for team permissions on repositories Use the principle of least privilege