miel.truyen/nx
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

docs(nx-dev): clarify security mention of caching policies (#31312)

Browse Source 
Clarified language on cache poisoning protection to emphasize trusted CI branches. Removed redundant content regarding personal access tied to identity providers for simplification.
This commit is contained in:
Benjamin Cabanes 2025-05-22 21:26:00 -04:00 committed by GitHub
parent 26110a6619
commit 560a53e558
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nx-dev/ui-enterprise/src/lib/security/cache-poisoning-protection.tsx
View File

@ -59,11 +59,11 @@ export function CachePoisoningProtection(): ReactElement {
aria-hidden="true"
className="absolute left-1 top-1 h-5 w-5"
/>
Writes only from trusted CI{' '}
Writes only from trusted CI branches{' '}
</span>
By default, the cache artifacts are reused within each pull
request. Only artifacts from verified CI pipelines can enter the
shared cache used by everyone. PR environments cant poison
request. Only artifacts from trusted CI pipelines should enter
the shared cache used by everyone. PR environments can't poison
main.
</li>
<li className="relative pl-9">

10
nx-dev/ui-enterprise/src/lib/security/personal-access.tsx
View File

@ -54,16 +54,6 @@ export function PersonalAccess(): ReactElement {
Access is tied to individual user authentication
</span>
</li>
<li className="relative pl-9">
<span className="inline font-semibold text-slate-950 dark:text-white">
<GitHubIcon
aria-hidden="true"
className="absolute left-1 top-1 h-5 w-5"
/>
Access is tied to your identity provider{' '}
</span>
when SSO or GitHub access is revoked, cache access is too.
</li>
<li className="relative pl-9">
<span className="inline font-semibold text-slate-950 dark:text-white">
<LinkSlashIcon