Comments (6)
@olivekl Can you take a look and share your thoughts? Thanks!
from allstar.
All minor stuff:
Security Policy Violation
(capitalization for consistency with other headings)
For more information see the [Security Scorecards documentation] for Binary Artifacts.
(full Scorecards name and the policy name)
'Artifacts Found(caps again)
Binary Artifacts security policy has failed: binaries present in source code(change order for clarity)
This issue was automatically created by Allstar.(period at end)
which is a tool that scores a project's adherence to security best practices.` (reorder)
from allstar.
Updated:
This issue was automatically created by Allstar.
Security Policy Violation
Binary Artifacts security policy has failed: binaries present in source code
Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.
Remediation Steps
To remediate, remove the generated executable artifacts from the repository.
Artifacts Found
- dummy.dll
- dummy.exe
- dummy.jar
- dummy.so
Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.
Staging deploy of Allstar for testing, see https://github.com/ossf-tests/.allstar for config. (This is the custom footer)
This issue will auto resolve when the policy is in compliance. (This is current Allstar footer)
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.
from allstar.
Thanks, Jeff. I have one more thought now that I'm looking again with fresh eyes. What do you think of:
Project is out of compliance with Binary Artifacts policy: binaries present in source code
(since a policy doesn't fail, and we changed "check" to "policy")
Too long?
from allstar.
Sounds good, so now:
This issue was automatically created by Allstar.
Security Policy Violation
Project is out of compliance with Binary Artifacts policy: binaries present in source code
Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.
Remediation Steps
To remediate, remove the generated executable artifacts from the repository.
Artifacts Found
- dummy.dll
- dummy.exe
- dummy.jar
- dummy.so
Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.
Staging deploy of Allstar for testing, see https://github.com/ossf-tests/.allstar for config. (This is the custom footer)
This issue will auto resolve when the policy is in compliance. (This is current Allstar footer)
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.
from allstar.
LGTM!
from allstar.
Related Issues (20)
- [Feature Request]: Check rulesets for branch protection rules HOT 2
- Allstar not opening issue on a fork HOT 2
- FR: Add a check for pinned dependencies HOT 4
- OptConfig missing on GH action policies
- Having setup difficulty using ossf provided instance HOT 1
- Prevent enforcement of `Branch Protection` on archived repositories HOT 1
- Create GitHub private vulnerability reports as an action
- Policy for checking for arbitrary file existence HOT 8
- [bug] Issue in member repo is updated/edited when org config IssueRepo is set centrally HOT 1
- [improvement] Allow app running with --once to exit with error when policy errors are encountered HOT 1
- Time for a new release? HOT 4
- Feature: Add `issueDetails` option to the configuration files
- Emit logs with details about configuration origin and final configuration
- Outside collaborators should be override-able at the repo-level HOT 2
- Allstar operations overview follow-ups HOT 1
- Improve Allstar's Scorecard HOT 2
- Update emitted copy around OpenSSF Scorecard checks
- Document recent changes to the generic Scorecard policy HOT 1
- Interested in support for self-hosted GHE installation HOT 2
- Issue with Allstar Branch Protection Enforcement (404 errors upon action: fix) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from allstar.