The security SIG is looking to ensure that security tooling is setup consistently across the organization. As a result, we're asking maintainers to ensure the following tools are enabled in each repository:

• CodeQL enabled via GitHub Actions - enabled in opentelemetry-cpp here GitHub Actions
• Static code analysis tool - missing, see [CI] Add a C++ static code analyser in the build #2297
• Repository security settings
  • Security Policy ✅ - enabled
  • Security advisories ✅ - enabled
  • Private vulnerability reporting ✅ - enabled
  • Dependabot alerts ✅ - enabled
  • Code scanning alerts ✅ - enabled

Parent issue: open-telemetry/sig-security#12