Because this repository meets the archive recommendation threshold, the README archive notice is highly recommended for compliance with DOE requirements.
Contact: csoc@pnnl.gov
Action Requested: Review and Archive Inactive Public GitHub Repositories
Hi GitHub repository owners and organization admins,
We are asking for your help with a short, proactive security maintenance effort for public-facing repositories.
Following recent cyber events involving public GitHub instances, federal cybersecurity leaders are encouraging agencies to tighten the security posture of public repositories. As part of that effort, we have been asked to validate our public repository inventories and reduce risk from inactive or legacy code.
Requested Actions
Please help us complete the following:
-
Validate your public GitHub repositories
Confirm that our inventory of public-facing open-source repositories is accurate.
-
Archive inactive repositories
Mark repositories that are unused, inactive, or no longer maintained as archived or the equivalent read-only status.
-
Add an archive notice where appropriate
For any repository your team archives, we recommend adding the following notice to the README:
This repository has been archived and is no longer maintained.
The code is provided for historical reference and may contain unpatched or unknown vulnerabilities.
It should not be used in production systems.
Why This Matters
Archiving inactive repositories helps reduce confusion for the public, external researchers, and automated security tools. It also helps future vulnerability scans focus on active codebases instead of generating noise from legacy or unsupported projects.
If your team is unable to complete these updates directly, we may submit a pull request or GitHub issue to the affected repository with the requested changes.
Thank you for helping keep our public repositories accurate, clear, and more secure.
Because this repository meets the archive recommendation threshold, the README archive notice is highly recommended for compliance with DOE requirements.
Contact: csoc@pnnl.gov
Action Requested: Review and Archive Inactive Public GitHub Repositories
Hi GitHub repository owners and organization admins,
We are asking for your help with a short, proactive security maintenance effort for public-facing repositories.
Following recent cyber events involving public GitHub instances, federal cybersecurity leaders are encouraging agencies to tighten the security posture of public repositories. As part of that effort, we have been asked to validate our public repository inventories and reduce risk from inactive or legacy code.
Requested Actions
Please help us complete the following:
Validate your public GitHub repositories
Confirm that our inventory of public-facing open-source repositories is accurate.
Archive inactive repositories
Mark repositories that are unused, inactive, or no longer maintained as archived or the equivalent read-only status.
Add an archive notice where appropriate
For any repository your team archives, we recommend adding the following notice to the README:
Why This Matters
Archiving inactive repositories helps reduce confusion for the public, external researchers, and automated security tools. It also helps future vulnerability scans focus on active codebases instead of generating noise from legacy or unsupported projects.
If your team is unable to complete these updates directly, we may submit a pull request or GitHub issue to the affected repository with the requested changes.
Thank you for helping keep our public repositories accurate, clear, and more secure.