GitHub Tracking

Just before the Audit begins

  1. The Auditor pool will be given access to the repo as collaborators if it is private, or the project will provide a link if it is public.

  2. AuditOne checks if all auditors of the pool have a private repo. Else creates one for them.

During audit

  1. Auditors will have a private repository on GitHub in collaboration with AuditOne, where they can create issues based on the templates provided by AuditOne for their auditing projects. These issues will not be visible to the project team or any other members of the audit pool.

  2. After the audit period, auditors must move any issues to the private project repository created by AuditOne, in which all auditors and AuditOne are initially collaborators. A meeting with our head of security and triage will be held to finalize the issues and their severity.

  3. The Project team is invited to collaborate and provide feedback on the findings discussed in the meeting. They can express their disagreement with any of the issues raised or accept them to resolve them before the final report is submitted.

After audit

  1. AuditOne will check the issues finalized and issue a final report.

Last updated