github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/github/repositories/enable_vulnerability_alerts.go (about) 1 package repositories 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckEnableVulnerabilityAlerts = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-GIT-0003", 14 Provider: providers.GitHubProvider, 15 Service: "repositories", 16 ShortCode: "enable_vulnerability_alerts", 17 Summary: "GitHub repository has vulnerability alerts disabled.", 18 Impact: "Known vulnerabilities may not be discovered", 19 Resolution: "Enable vulnerability alerts", 20 Explanation: `GitHub repository should be set to use vulnerability alerts. 21 22 You can do this by setting the <code>vulnerability_alerts</code> attribute to 'true'.`, 23 Links: []string{ 24 "https://docs.github.com/en/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies", 25 }, 26 Terraform: &scan.EngineMetadata{ 27 GoodExamples: terraformEnableVulnerabilityAlertsGoodExamples, 28 BadExamples: terraformEnableVulnerabilityAlertsBadExamples, 29 Links: terraformEnableVulnerabilityAlertsLinks, 30 RemediationMarkdown: terraformEnableVulnerabilityAlertsRemediationMarkdown, 31 }, 32 Severity: severity.High, 33 }, 34 func(s *state.State) (results scan.Results) { 35 for _, repo := range s.GitHub.Repositories { 36 if repo.Metadata.IsUnmanaged() { 37 continue 38 } 39 if repo.IsArchived() { 40 continue 41 } 42 if repo.VulnerabilityAlerts.IsFalse() { 43 results.Add( 44 "Repository does not have vulnerability alerts enabled,", 45 repo.VulnerabilityAlerts, 46 ) 47 } else { 48 results.AddPassed(repo) 49 } 50 } 51 return 52 }, 53 )