allstar icon indicating copy to clipboard operation
allstar copied to clipboard

Published 20 hours ago verified publisher icon ossf

Update examples

Open agonzalez-plume opened this issue 1 year ago • 2 comments

Seems the link to the example repo is not up-to-date with latest checks: actions.yaml, scorecard.yaml, dangerous_workflow.yaml.

I may be missing something, but for most of the yaml it's straightforward to create the format, but some are a bit more difficult. I'm having to read the code to see how the args are used, which seems a bit too onerous.

Can the example repo be changed or updated? I know it points to the GoogleContainerTool. Maybe having a folder called examples would suffice under allstar itself?

agonzalez-plume avatar Nov 15 '22 16:11 agonzalez-plume

For instance, I may have missed an example that would have helped for actions.yaml.

I created this Org actions.yaml by reading through the action.go file. I'll find out tomorrow if this will work so it's not ideal.

optConfig:
  optOutStrategy: true
action: issue
groups:
  name: Check Infosec
  rules: 
    rule: 
      method: require
      priority: high
      actions: 
        name: *compliance-scan*

agonzalez-plume avatar Nov 15 '22 16:11 agonzalez-plume

Yes, an examples directory would be great. Detailed docs on each policies options is on the wish list, we hope that the config struct definition comments are ok until we have that, ex: https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/outside#OrgConfig

jeffmendoza avatar Nov 17 '22 00:11 jeffmendoza