GitHub Tracking
Just before the Audit begins
The Auditor pool will be given access to the repo as collaborators if it is private, or the project will provide a link if it is public.
AuditOne checks if all pool auditors have a private repo. Else creates one for them.
During audit
Auditors will have a private repository on GitHub in collaboration with AuditOne, where they can create issues based on the templates provided by AuditOne for their auditing projects. These issues will not be visible to the project team or any other members of the audit pool.
After the audit period, auditors must move any issues to the private project repository created by AuditOne, in which all auditors and AuditOne are initially collaborators. A meeting with our head of security and triage will be held to finalize the issues and their severity.
The Project team is invited to collaborate and provide feedback on the findings discussed in the meeting. They can express their disagreement with any of the issues raised or accept them to resolve them before the final report is submitted.
After audit
AuditOne will check the issues finalized and issue a final report.
Last updated