allstar
allstar copied to clipboard
Update examples
Seems the link to the example repo is not up-to-date with latest checks: actions.yaml, scorecard.yaml, dangerous_workflow.yaml.
I may be missing something, but for most of the yaml it's straightforward to create the format, but some are a bit more difficult. I'm having to read the code to see how the args are used, which seems a bit too onerous.
Can the example repo be changed or updated? I know it points to the GoogleContainerTool. Maybe having a folder called examples
would suffice under allstar itself?
For instance, I may have missed an example that would have helped for actions.yaml.
I created this Org actions.yaml
by reading through the action.go file. I'll find out tomorrow if this will work so it's not ideal.
optConfig:
optOutStrategy: true
action: issue
groups:
name: Check Infosec
rules:
rule:
method: require
priority: high
actions:
name: *compliance-scan*
Yes, an examples directory would be great. Detailed docs on each policies options is on the wish list, we hope that the config struct definition comments are ok until we have that, ex: https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/outside#OrgConfig