Update wording and formatting of Binary Artifacts issue about allstar HOT 6 CLOSED

@olivekl Can you take a look and share your thoughts? Thanks!

from allstar.

All minor stuff:

Security Policy Violation (capitalization for consistency with other headings)
For more information see the [Security Scorecards documentation] for Binary Artifacts. (full Scorecards name and the policy name)
'Artifacts Found(caps again)Binary Artifacts security policy has failed: binaries present in source code(change order for clarity)This issue was automatically created by Allstar.(period at end)which is a tool that scores a project's adherence to security best practices.` (reorder)

from allstar.

Updated:

This issue was automatically created by Allstar.

Security Policy Violation
Binary Artifacts security policy has failed: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

• dummy.dll
• dummy.exe
• dummy.jar
• dummy.so

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

Staging deploy of Allstar for testing, see https://github.com/ossf-tests/.allstar for config. (This is the custom footer)

This issue will auto resolve when the policy is in compliance. (This is current Allstar footer)

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

from allstar.

Thanks, Jeff. I have one more thought now that I'm looking again with fresh eyes. What do you think of:

Project is out of compliance with Binary Artifacts policy: binaries present in source code (since a policy doesn't fail, and we changed "check" to "policy")

Too long?

from allstar.

Sounds good, so now:

This issue was automatically created by Allstar.

Security Policy Violation
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

• dummy.dll
• dummy.exe
• dummy.jar
• dummy.so

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

Staging deploy of Allstar for testing, see https://github.com/ossf-tests/.allstar for config. (This is the custom footer)

This issue will auto resolve when the policy is in compliance. (This is current Allstar footer)

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

from allstar.

LGTM!

from allstar.