Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CheckEnableVulnerabilityAlerts = rules.Register( scan.Rule{ AVDID: "AVD-GIT-0003", Provider: providers.GitHubProvider, Service: "repositories", ShortCode: "enable_vulnerability_alerts", Summary: "GitHub repository has vulnerability alerts disabled.", Impact: "Known vulnerabilities may not be discovered", Resolution: "Enable vulnerability alerts", Explanation: `GitHub repository should be set to use vulnerability alerts. You can do this by setting the <code>vulnerability_alerts</code> attribute to 'true'.`, Links: []string{ "https://docs.github.com/en/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies", }, Terraform: &scan.EngineMetadata{ GoodExamples: terraformEnableVulnerabilityAlertsGoodExamples, BadExamples: terraformEnableVulnerabilityAlertsBadExamples, Links: terraformEnableVulnerabilityAlertsLinks, RemediationMarkdown: terraformEnableVulnerabilityAlertsRemediationMarkdown, }, Severity: severity.High, }, func(s *state.State) (results scan.Results) { for _, repo := range s.GitHub.Repositories { if repo.IsUnmanaged() { continue } if repo.IsArchived() { continue } if repo.VulnerabilityAlerts.IsFalse() { results.Add( "Repository does not have vulnerability alerts enabled,", repo.VulnerabilityAlerts, ) } else { results.AddPassed(repo) } } return }, )
View Source
var CheckPrivate = rules.Register( scan.Rule{ AVDID: "AVD-GIT-0001", Provider: providers.GitHubProvider, Service: "repositories", ShortCode: "private", Summary: "Github repository shouldn't be public.", Impact: "Anyone can read the contents of the GitHub repository and leak IP", Resolution: "Make sensitive or commercially important repositories private", Explanation: `Github repository should be set to be private. You can do this by either setting <code>private</code> attribute to 'true' or <code>visibility</code> attribute to 'internal' or 'private'.`, Links: []string{ "https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-repository-visibility", "https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-repository-visibility#about-internal-repositories", }, Terraform: &scan.EngineMetadata{ GoodExamples: terraformPrivateGoodExamples, BadExamples: terraformPrivateBadExamples, Links: terraformPrivateLinks, RemediationMarkdown: terraformPrivateRemediationMarkdown, }, Severity: severity.Critical, }, func(s *state.State) (results scan.Results) { for _, repo := range s.GitHub.Repositories { if repo.IsUnmanaged() { continue } if repo.Public.IsTrue() { results.Add( "Repository is public,", repo.Public, ) } else { results.AddPassed(repo) } } return }, )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.