README
¶
Privateer Plugin for GitHub Repositories
This application performs automated assessments against GitHub repositories using controls defined in the Open Source Project Security Baseline v2025.02.25. The application consumes the OSPS Baseline controls using Gemara layer 2 and produces results of the automated assessments using layer 4.
Many of the assessments depend upon the presence of a Security Insights file at the root of the repository, or ./github/security-insights.yml.
Work in Progress
Currently 39 control requirements across OSPS Baselines levels 1-3 are covered, with 13 not yet implemented. Maturity Level 1 requirements are the most rigorously tested and are recommended for use. The results of these layer 1 assessments are integrated into LFX Insights, powering the Security & Best Practices results.
Level 2 and Level 3 requirements are undergoing current development and may be less rigorously tested.
Docker Usage
# build the image
docker build . -t local
docker run \
--mount type=bind,source=./config.yml,destination=/.privateer/config.yml \
--mount type=bind,source=./evaluation_results,destination=/.privateer/bin/evaluation_results \
local
GitHub Actions Usage
See the OSPS Security Baseline Scanner
Contributing
Contributions are welcome! Please see our Contributing Guidelines for more information.
License
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.
Documentation
¶
There is no documentation for this package.
Source Files
Directories