The highest tagged major version is
Documentation
¶
Index ¶
- type AttestationPolicy
- type CodeReviewRequirements
- type Dependency
- type PolicyResult
- func CheckCodeReviewed(reqs CodeReviewRequirements, results *checker.RawResults, logger *sclog.Logger) (PolicyResult, error)
- func CheckNoUnpinnedDependencies(allowed []Dependency, results *checker.RawResults, logger *sclog.Logger) (PolicyResult, error)
- func CheckNoVulnerabilities(results *checker.RawResults, logger *sclog.Logger) (PolicyResult, error)
- func CheckPreventBinaryArtifacts(allowedBinaryArtifacts []string, results *checker.RawResults, ...) (PolicyResult, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AttestationPolicy ¶
type AttestationPolicy struct {
// PreventBinaryArtifacts : set to true to require that this project's SCM repo is
// free of binary artifacts
PreventBinaryArtifacts bool `yaml:"preventBinaryArtifacts"`
// AllowedBinaryArtifacts : List of binary artifact paths to ignore
// when checking for binary artifacts in a repo
AllowedBinaryArtifacts []string `yaml:"allowedBinaryArtifacts"`
// PreventKnownVulnerabilities : set to true to require that this project is free
// of vulnerabilities, as discovered from the OSV service
PreventKnownVulnerabilities bool `yaml:"preventKnownVulnerabilities"`
// PreventUnpinnedDependencies : set to true to require that this project pin dependencies
// by hash/commit SHA
PreventUnpinnedDependencies bool `yaml:"preventUnpinnedDependencies"`
// AllowedUnpinnedDependencies : set of dependencies to ignore when checking for
// unpinned dependencies
AllowedUnpinnedDependencies []Dependency `yaml:"allowedUnpinnedDependencies"`
// EnsureCodeReviewed : set to true to require that the most recent commits in
// this project have gone through a code review process
EnsureCodeReviewed bool `yaml:"ensureCodeReviewed"`
// CodeReviewRequirements : define specific code review requirements that the default
// branch must have met, e.g. required approvers
CodeReviewRequirements CodeReviewRequirements `yaml:"codeReviewRequirements"`
}
func ParseAttestationPolicyFromFile ¶
func ParseAttestationPolicyFromFile(policyFile string) (*AttestationPolicy, error)
ParseAttestationPolicyFromFile takes a policy file and returns an AttestationPolicy.
func ParseAttestationPolicyFromYAML ¶
func ParseAttestationPolicyFromYAML(b []byte) (*AttestationPolicy, error)
ParseAttestationPolicyFromYAML parses a policy file and returns a AttestationPolicy.
func (*AttestationPolicy) EvaluateResults ¶
func (ap *AttestationPolicy) EvaluateResults(raw *checker.RawResults) (PolicyResult, error)
EvaluateResults Run attestation policy checks on raw data.
func (*AttestationPolicy) GetRequiredChecksForPolicy ¶
func (ap *AttestationPolicy) GetRequiredChecksForPolicy() map[string]bool
GetRequiredChecksForPolicy Allows us to run fewer scorecard checks if some policy values are don't-cares.
type CodeReviewRequirements ¶
type Dependency ¶
type PolicyResult ¶
type PolicyResult = bool
const ( Pass PolicyResult = true Fail PolicyResult = false )
func CheckCodeReviewed ¶
func CheckCodeReviewed( reqs CodeReviewRequirements, results *checker.RawResults, logger *sclog.Logger, ) (PolicyResult, error)
func CheckNoUnpinnedDependencies ¶
func CheckNoUnpinnedDependencies( allowed []Dependency, results *checker.RawResults, logger *sclog.Logger, ) (PolicyResult, error)
func CheckNoVulnerabilities ¶
func CheckNoVulnerabilities(results *checker.RawResults, logger *sclog.Logger) (PolicyResult, error)
func CheckPreventBinaryArtifacts ¶
func CheckPreventBinaryArtifacts( allowedBinaryArtifacts []string, results *checker.RawResults, logger *sclog.Logger, ) (PolicyResult, error)
Source Files
Click to show internal directories.
Click to hide internal directories.