checks

package
v2.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 26, 2021 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CheckActive = "Active"
)
View Source 
const CheckAutomaticDependencyUpdate = "Automatic-Dependency-Update"
View Source 
const CheckBinaryArtifacts string = "Binary-Artifacts"
View Source 
const (
	CheckBranchProtection = "Branch-Protection"
)
View Source 
const CheckCIIBestPractices = "CII-Best-Practices"

CheckCIIBestPractices is the registered name for CIIBestPractices.

View Source 
const (
	// CheckCITests is the registered name for CITests.
	CheckCITests = "CI-Tests"
)
View Source 
const CheckCodeReview = "Code-Review"

CheckCodeReview is the registered name for DoesCodeReview.

View Source 
const (

	// CheckContributors is the registered name for Contributors.
	CheckContributors = "Contributors"
)
View Source 
const CheckFrozenDeps = "Frozen-Deps"

CheckFrozenDeps is the registered name for FrozenDeps.

View Source 
const CheckFuzzing = "Fuzzing"

CheckFuzzing is the registered name for Fuzzing.

View Source 
const CheckPackaging = "Packaging"

CheckPackaging is the registered name for Packaging.

View Source 
const CheckPermissions = "Token-Permissions"
View Source 
const CheckPullRequests = "Pull-Requests"

CheckPullRequests is the registered name for PullRequests.

View Source 
const CheckSAST = "SAST"

CheckSAST is the registered name for SAST.

View Source 
const CheckSecurityPolicy = "Security-Policy"

CheckSecurityPolicy is the registred name for SecurityPolicy.

View Source 
const (
	// CheckSignedReleases is the registered name for SignedReleases.
	CheckSignedReleases = "Signed-Releases"
)
View Source 
const (
	// CheckSignedTags is the registered name for SignedTags.
	CheckSignedTags = "Signed-Tags"
)
View Source 
const (
	// CheckVulnerabilities is the registered name for the OSV check.
	CheckVulnerabilities = "Vulnerabilities"
)

Variables

View Source 
var AllChecks = checker.CheckNameToFnMap{}

AllChecks is the list of all security checks that will be run.

Functions

func AutomaticDependencyUpdate 

func AutomaticDependencyUpdate(c *checker.CheckRequest) checker.CheckResult

AutomaticDependencyUpdate will check the repository if it contains Automatic dependency update.

func BinaryArtifacts 

func BinaryArtifacts(c *checker.CheckRequest) checker.CheckResult

BinaryArtifacts will check the repository if it contains binary artifacts.

func BranchProtection 

func BranchProtection(c *checker.CheckRequest) checker.CheckResult

func CIIBestPractices 

func CIIBestPractices(c *checker.CheckRequest) checker.CheckResult

func CITests 

func CITests(c *checker.CheckRequest) checker.CheckResult

func CheckFilesContent 

func CheckFilesContent(shellPathFnPattern string,
	caseSensitive bool,
	c *checker.CheckRequest,
	onFileContent func(path string, content []byte,
		dl checker.DetailLogger) (bool, error),
) (bool, error)

CheckFilesContent downloads the tar of the repository and calls the onFileContent() function shellPathFnPattern is used for https://golang.org/pkg/path/#Match Warning: the pattern is used to match (1) the entire path AND (2) the filename alone. This means:

  • To scope the search to a directory, use "./dirname/*". Example, for the root directory, use "./*".
  • A pattern such as "*mypatern*" will match files containing mypattern in *any* directory.

nolint

func CheckIfFileExists 

func CheckIfFileExists(checkName string, c *checker.CheckRequest, onFile func(name string,
	dl checker.DetailLogger) (bool, error)) (bool, error)

CheckIfFileExists downloads the tar of the repository and calls the onFile() to check for the occurrence.

func CodeQLInCheckDefinitions 

func CodeQLInCheckDefinitions(c *checker.CheckRequest) (int, string, error)

nolint

func Contributors 

func Contributors(c *checker.CheckRequest) checker.CheckResult

func DoesCodeReview 

func DoesCodeReview(c *checker.CheckRequest) checker.CheckResult

DoesCodeReview attempts to determine whether a project requires review before code gets merged. It uses a set of heuristics: - Looking at the repo configuration to see if reviews are required. - Checking if most of the recent merged PRs were "Approved". - Looking for other well-known review labels.

func FrozenDeps 

func FrozenDeps(c *checker.CheckRequest) checker.CheckResult

FrozenDeps will check the repository if it contains frozen dependecies.

func Fuzzing 

func Fuzzing(c *checker.CheckRequest) checker.CheckResult

func HasUnfixedVulnerabilities 

func HasUnfixedVulnerabilities(c *checker.CheckRequest) checker.CheckResult

func IsActive 

func IsActive(c *checker.CheckRequest) checker.CheckResult

func IsBranchProtected 

func IsBranchProtected(protection *github.Protection, branch string, dl checker.DetailLogger) checker.CheckResult

func Packaging 

func Packaging(c *checker.CheckRequest) checker.CheckResult

func PullRequests 

func PullRequests(c *checker.CheckRequest) checker.CheckResult

func SAST 

func SAST(c *checker.CheckRequest) checker.CheckResult

func SASTToolInCheckRuns 

func SASTToolInCheckRuns(c *checker.CheckRequest) (int, string, error)

nolint

func SecurityPolicy 

func SecurityPolicy(c *checker.CheckRequest) checker.CheckResult

func SignedReleases 

func SignedReleases(c *checker.CheckRequest) checker.CheckResult

func SignedTags 

func SignedTags(c *checker.CheckRequest) checker.CheckResult

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.