mirror of
https://github.com/safedep/vet.git
synced 2025-12-10 12:07:30 -06:00
Merge pull request #195 from safedep/chore/vet-integrate-vet
ci: Add vet for vetting PR
This commit is contained in:
Abhisek Datta
GitHub
commit
948b411a6e
42
.github/vet/policy.yml
vendored
Normal file
42
.github/vet/policy.yml
vendored
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
name: SafeDep vet OSS suite
|
||||||
|
description: |
|
||||||
|
Customized filter suite for vet vetting vet.
|
||||||
|
tags:
|
||||||
|
- general
|
||||||
|
- safedep-vet
|
||||||
|
filters:
|
||||||
|
- name: critical-or-high-vulns
|
||||||
|
check_type: CheckTypeVulnerability
|
||||||
|
summary: Critical or high risk vulnerabilities were found
|
||||||
|
value: |
|
||||||
|
vulns.critical.exists(p, true) || vulns.high.exists(p, true)
|
||||||
|
- name: low-popularity
|
||||||
|
check_type: CheckTypePopularity
|
||||||
|
summary: Component popularity is low by Github stars count
|
||||||
|
value: |
|
||||||
|
projects.exists(p, (p.type == "GITHUB") && (p.stars < 10))
|
||||||
|
- name: risky-oss-licenses
|
||||||
|
check_type: CheckTypeLicense
|
||||||
|
summary: Risky OSS license was detected
|
||||||
|
value: |
|
||||||
|
licenses.exists(p, p == "GPL-2.0") ||
|
||||||
|
licenses.exists(p, p == "GPL-2.0-only") ||
|
||||||
|
licenses.exists(p, p == "GPL-3.0") ||
|
||||||
|
licenses.exists(p, p == "GPL-3.0-only") ||
|
||||||
|
licenses.exists(p, p == "BSD-3-Clause OR GPL-2.0")
|
||||||
|
- name: ossf-unmaintained
|
||||||
|
check_type: CheckTypeMaintenance
|
||||||
|
summary: Component appears to be unmaintained
|
||||||
|
value: |
|
||||||
|
scorecard.scores["Maintained"] == 0
|
||||||
|
- name: osv-malware
|
||||||
|
check_type: CheckTypeMalware
|
||||||
|
summary: Malicious (malware) component detected
|
||||||
|
value: |
|
||||||
|
vulns.all.exists(v, v.id.startsWith("MAL-"))
|
||||||
|
- name: ossf-dangerous-workflow
|
||||||
|
check_type: CheckTypeSecurityScorecard
|
||||||
|
summary: Component release pipeline appear to use dangerous workflows
|
||||||
|
value: |
|
||||||
|
scorecard.scores["Dangerous-Workflow"] == 0
|
||||||
|
|
||||||
4
.github/workflows/ci.yml
vendored
4
.github/workflows/ci.yml
vendored
@ -29,6 +29,10 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
VET_E2E: true
|
VET_E2E: true
|
||||||
|
|
||||||
|
# Used to avoid rate limiting issue while running
|
||||||
|
# test suites that use GitHub API
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
run-e2e:
|
run-e2e:
|
||||||
timeout-minutes: 30
|
timeout-minutes: 30
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|||||||
30
.github/workflows/vet-ci.yml
vendored
Normal file
30
.github/workflows/vet-ci.yml
vendored
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
name: vet OSS Components
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
issues: write
|
||||||
|
pull-requests: write
|
||||||
|
security-events: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
vet:
|
||||||
|
name: vet
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
id: checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Run vet
|
||||||
|
uses: safedep/vet-action@v1
|
||||||
|
with:
|
||||||
|
policy: .github/vet/policy.yml
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
Loading…
x
Reference in New Issue
Block a user