advanced-security-compliance
advanced-security-compliance copied to clipboard
GeekMasher
GitHub Advance Security Compliance Action
**Describe the bug** Running this action on our workflow we get an error we can't understand. **To Reproduce** Steps to reproduce the behavior: 1. Add action "build-and-test.yaml" to workflow 2....
**Describe the bug** I've got a sample license and policy file in a repo (see this [current PR](https://github.com/10up/insert-special-characters/pull/122)), but the [action run is saying the repo can not be cloned](https://github.com/10up/insert-special-characters/runs/6025938094?check_suite_focus=true)....
**Describe the bug** If a secret exists in one branch of the repository, the advanced compliance action will alert on that secret on every other branch in that repository. This...
Dependabot sometimes fails to get the license information as it is not well documented in a repository for example: - https://github.com/pugjs/pug - https://github.com/jrburke/amdefine The idea would be to: - each...
**Describe the bug** Licensing: Condition ID check not implemented When a licensing policy with only condition ids such as: ``` licensing: conditions: ids: - GPL* ``` The GraphQL query on...
### Description PURL is the standard when it comes to dependency formats. This should be supported versus the custom GHASC format. ### Propose Solution Implement the spec standard. https://github.com/package-url/purl-spec
### Description We need some introductional docs on how to setup and use this Action using a GitHub App. **Related:** - #50 - #51 +cc @4bg0P ### Propose Solution -...
**Describe the bug** When a block like Secret Scanning is not present and no check will be performed, the engine shouldn't request those endpoints and perform the tests in the...
### Description Create a number of common examples and use cases for using this Action. - #46 ### Propose Solution - https://github.com/GeekMasher/advanced-security-compliance/tree/main/examples/policies - https://github.com/GeekMasher/advanced-security-compliance/tree/main/examples/workflows - https://github.com/GeekMasher/advanced-security-compliance/tree/main/examples/scripts