Protecting Your Production Pipelines!

What is Allero?

Allero is a CLI policy enforcement tool that prevents bad practices in any CI/CD pipeline. CI/CD pipelines tend to be messy, and there are so many variations of pipeline manifests spread across different repositories. This makes it difficult to ensure security, code quality, and compliance standards are in place in every pipeline.

By running Allero, you can easily reveal and prevent problematic pipelines across multiple oragnizations and repositories.

Getting Started

Allero CLI can be run from anywhere! We recommend running Allero directly from a GitHub Action to ensure bad practices are validated on a regular basis (just like crontab).

🏎️ One minute installation to run allero validation on a daily basis (most recommended)

Allero repo has a GitHub Action that runs the CLI every day at 8am on your entire organization. By forking the allero repo you'll get the same setup.

1. Fork Allero repo
2. Create a GitHub Personal Access Token and store it in your forked repo as an encrypted secret named ALLERO_GITHUB_TOKEN.
3. GitHub disables scheduled Actions on a forked repo by default. To enable the Allero Action, browse to your forked allero repo, navigate to GitHub Actions and click enable workflow.

• You can of course change the schedule and the fetched repos by editing the workflow file!

👩‍💻 CLI Installation

Since Allero is a CLI, you can run it everywhere - including your local machine! Download our CLI now!

# Get allero cli
curl https://get.allero.io | /bin/bash
# Fetch one or more organizations / repos
allero fetch github allero-io dapr/dapr
# Run allero validation!
allero validate

Homebrew

# Install allero cli
brew install allero-io/allero/allero
 # Fetch one or more organizations / repos
allero fetch github allero-io dapr/dapr
# Run allero validation!
allero validate

GitHub Token

Fetching data from a private GitHub organization requires a personal access token (PAT).

1. Create a GitHub PAT with access to the repos you want to scan. Click here to learn how to create a Github PAT. Generate the token with the following permissions:

   • [x] repo:
     • [x] repo:status
     • [x] repo_deployment
     • [x] public_repo
     • [x] repo:invite
     • [x] security_events

2. The PAT should be stored as an environment variable named ALLERO_GITHUB_TOKEN.

• When running Allero from GitHub Actions, the PAT should be stored as an encrypted secret.

🚨 Supported Rules

Adding your own rules

Rules can be defined using the Json Schema format. Json Schema rules should be based on our data schema. An example of our data schema structure can be found here.

1. Create a new json file and define your rule. Example rules can be found here. Make sure to update the rule description and failureMessage.
2. Copy-paste the file to "~/.allero/rules/github/"
3. Run allero validate

Contribution

We encourage you to contribute to Allero!

Created a new rule and want to give back to the community?

1. Fork our repo
2. Add your rule to pkg/rulesConfig/github directory.
3. Create a PR!

Interested in contributing more to the CLI? We will provide a more detailed explanation on how to contribute soon. If you're intrested, you can contact us to get our help with your first PR!

🔏 Privacy

Your privacy and code integrity are very important to us. That's why our CLI operates locally only, and doesn't save any sensitive information related to your code anywhere. We only track metrics that reflect your usage of the CLI :)

Contact Us

Open an issue or shoot us an email.