scorecard

package

v0.0.0-...-3d71f35 Latest Latest Go to latest Published: Mar 27, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ossf/allstar

Links

Open Source Insights

Documentation ¶

Overview ¶

Package scorecard implements the generic Security Scorecards policy

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewScorecard ¶

func NewScorecard() policydef.Policy

NewScorecard returns a new Scorecard policy.

Types ¶

type OrgConfig ¶

type OrgConfig struct {
	// OptConfig is the standard org-level opt in/out config, RepoOverride
	// applies to all config.
	OptConfig config.OrgOptConfig `json:"optConfig"`

	// Action defines which action to take, default log, other: issue...
	Action string `json:"action"`

	// Checks is a list of check names to run from Security Scorecards. These
	// must match the name that the check uses in it's call to
	// "registerCheck". See the check code for each name:
	// https://github.com/ossf/scorecard/tree/main/checks For example, the name
	// for the Signed Releases check is "Signed-Releases".
	Checks []string `json:"checks"`

	// Threshold is the score threshold that checks must meet to pass the
	// policy. If all checks score equal or above the threshold, the Allstar
	// policy will pass. The default is checker.MaxResultScore:
	// https://pkg.go.dev/github.com/ossf/scorecard/v4@v4.4.0/checker#pkg-constants
	Threshold int `json:"threshold"`
}

OrgConfig is the org-level config definition for this policy.

type RepoConfig ¶

type RepoConfig struct {
	// OptConfig is the standard repo-level opt in/out config.
	OptConfig config.RepoOptConfig `json:"optConfig"`

	// Action overrides the same setting in org-level, only if present.
	Action *string `json:"action"`

	// Checks overrides the same setting in org-level, only if present.
	Checks *[]string `json:"checks"`

	// Threshold overrides the same setting in org-level, only if present.
	Threshold *int `json:"threshold"`
}

RepoConfig is the repo-level config for this policy.

type Scorecard ¶

type Scorecard bool

Scorecard is the Security Scorecard policy object, implements policydef.Policy.

func (Scorecard) Check ¶

func (b Scorecard) Check(ctx context.Context, c *github.Client, owner,
	repo string) (*policydef.Result, error)

Check performs the policy check for this policy based on the configuration stored in the org/repo, implementing policydef.Policy.Check()

func (Scorecard) Fix ¶

func (b Scorecard) Fix(ctx context.Context, c *github.Client, owner, repo string) error

Fix implementing policydef.Policy.Fix(). Scorecard checks will not have a Fix option.

func (Scorecard) GetAction ¶

func (b Scorecard) GetAction(ctx context.Context, c *github.Client, owner, repo string) string

GetAction returns the configured action from this policy's configuration stored in the org-level repo, default log. Implementing policydef.Policy.GetAction()

func (Scorecard) IsEnabled ¶

func (b Scorecard) IsEnabled(ctx context.Context, c *github.Client, owner, repo string) (bool, error)

Check whether this policy is enabled or not

func (Scorecard) Name ¶

func (b Scorecard) Name() string

Name returns the name of this policy, implementing policydef.Policy.Name()

Source Files ¶

View all Source files

scorecard.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL