repositories

package
v0.10.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 17, 2024 License: MIT Imports: 5 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var CheckEnableVulnerabilityAlerts = rules.Register(
	scan.Rule{
		AVDID:      "AVD-GIT-0003",
		Provider:   providers.GitHubProvider,
		Service:    "repositories",
		ShortCode:  "enable_vulnerability_alerts",
		Summary:    "GitHub repository has vulnerability alerts disabled.",
		Impact:     "Known vulnerabilities may not be discovered",
		Resolution: "Enable vulnerability alerts",
		Explanation: `GitHub repository should be set to use vulnerability alerts.

You can do this by setting the <code>vulnerability_alerts</code> attribute to 'true'.`,
		Links: []string{
			"https://docs.github.com/en/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies",
		},
		Terraform: &scan.EngineMetadata{
			GoodExamples:        terraformEnableVulnerabilityAlertsGoodExamples,
			BadExamples:         terraformEnableVulnerabilityAlertsBadExamples,
			Links:               terraformEnableVulnerabilityAlertsLinks,
			RemediationMarkdown: terraformEnableVulnerabilityAlertsRemediationMarkdown,
		},
		Severity: severity.High,
	},
	func(s *state.State) (results scan.Results) {
		for _, repo := range s.GitHub.Repositories {
			if repo.Metadata.IsUnmanaged() {
				continue
			}
			if repo.IsArchived() {
				continue
			}
			if repo.VulnerabilityAlerts.IsFalse() {
				results.Add(
					"Repository does not have vulnerability alerts enabled,",
					repo.VulnerabilityAlerts,
				)
			} else {
				results.AddPassed(repo)
			}
		}
		return
	},
)
View Source
var CheckPrivate = rules.Register(
	scan.Rule{
		AVDID:      "AVD-GIT-0001",
		Provider:   providers.GitHubProvider,
		Service:    "repositories",
		ShortCode:  "private",
		Summary:    "Github repository shouldn't be public.",
		Impact:     "Anyone can read the contents of the GitHub repository and leak IP",
		Resolution: "Make sensitive or commercially important repositories private",
		Explanation: `Github repository should be set to be private.

You can do this by either setting <code>private</code> attribute to 'true' or <code>visibility</code> attribute to 'internal' or 'private'.`,
		Links: []string{
			"https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-repository-visibility",
			"https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-repository-visibility#about-internal-repositories",
		},
		Terraform: &scan.EngineMetadata{
			GoodExamples:        terraformPrivateGoodExamples,
			BadExamples:         terraformPrivateBadExamples,
			Links:               terraformPrivateLinks,
			RemediationMarkdown: terraformPrivateRemediationMarkdown,
		},
		Severity: severity.Critical,
	},
	func(s *state.State) (results scan.Results) {
		for _, repo := range s.GitHub.Repositories {
			if repo.Metadata.IsUnmanaged() {
				continue
			}
			if repo.Public.IsTrue() {
				results.Add(
					"Repository is public,",
					repo.Public,
				)
			} else {
				results.AddPassed(repo)
			}
		}
		return
	},
)

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL