Documentation
¶
Overview ¶
Package binary implements the Binary Artifacts security policy check from scorecard.
Index ¶
- func NewBinary() policydef.Policy
- type Binary
- func (b Binary) Check(ctx context.Context, c *github.Client, owner, repo string) (*policydef.Result, error)
- func (b Binary) Fix(ctx context.Context, c *github.Client, owner, repo string) error
- func (b Binary) GetAction(ctx context.Context, c *github.Client, owner, repo string) string
- func (b Binary) IsEnabled(ctx context.Context, c *github.Client, owner, repo string) (bool, error)
- func (b Binary) Name() string
- type OrgConfig
- type RepoConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Binary ¶
type Binary bool
Binary is the Binary Artifacts policy object, implements policydef.Policy.
func (Binary) Check ¶
func (b Binary) Check(ctx context.Context, c *github.Client, owner, repo string) (*policydef.Result, error)
Check performs the policy check for this policy based on the configuration stored in the org/repo, implementing policydef.Policy.Check()
func (Binary) Fix ¶
Fix implementing policydef.Policy.Fix(). Scorecard checks will not have a Fix option.
func (Binary) GetAction ¶
GetAction returns the configured action from this policy's configuration stored in the org-level repo, default log. Implementing policydef.Policy.GetAction()
type OrgConfig ¶
type OrgConfig struct {
// OptConfig is the standard org-level opt in/out config, RepoOverride applies to all
// config.
OptConfig config.OrgOptConfig `json:"optConfig"`
// Action defines which action to take, default log, other: issue...
Action string `json:"action"`
// IgnoreFiles is a list of file names to ignore. Any Binary Artifacts found
// with these names are allowed, and the policy may still pass. These are
// just the file name, not a full path. Globs are not allowed.
IgnoreFiles []string `json:"ignoreFiles"`
}
OrgConfig is the org-level config definition for this policy.
type RepoConfig ¶
type RepoConfig struct {
// OptConfig is the standard repo-level opt in/out config.
OptConfig config.RepoOptConfig `json:"optConfig"`
// Action overrides the same setting in org-level, only if present.
Action *string `json:"action"`
// IgnorePaths is a list of full paths to ignore. If these are reported as a
// Binary Artifact, they will be ignored and the policy may still pass. These
// must be full paths with directories. Globs are not allowed. These are
// allowed even if RepoOverride is false.
IgnorePaths []string `json:"ignorePaths"`
}
RepoConfig is the repo-level config for this policy.
Source Files
Click to show internal directories.
Click to hide internal directories.