* add lifecycle field to probe yaml definitions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* classify existing probes
Some are listed as stable if they're not expected to change,
others are listed as experimental if there are still expected changes.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add lifecycle to probe readme
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add lifecycle for new probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe lifecycle to documentation
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* polish some probe yaml definitions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update references to probe naming and outcomes
now that #3654 is addressed, the naming restrictions can be relaxed.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* merge probe and finding packages
No one interacts with the probes directly,
and having them in the same package helps with follow up commits
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add extra field to indicate the outcome a probe should show remediation for
Signed-off-by: Spencer Schrock <sschrock@google.com>
* start all probes with remediate on 'False'
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make OutcomeTrue bad for hasOSVVulnerabilities
Signed-off-by: Spencer Schrock <sschrock@google.com>
* nest outcome trigger under remediation in yaml
Signed-off-by: Spencer Schrock <sschrock@google.com>
* invert outcomes for dangerous workflow probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename notArchived probe to archived
with the swap, the true outcome is now the bad outcome.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename notCreatedRecently probe to createRecently
with the rename, the true outcome is now bad
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch binary artifact probes so detecting binaries is a true outcome
Signed-off-by: Spencer Schrock <sschrock@google.com>
* appease the linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* dont export probe type
we can always make it public again later
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* 🌱 Add probe metadata about supported ecosystems
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add metadata for the rest of the probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix wrong formatting
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove oss-fuzz, osv, cii_blob, cii_http clients
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add github and gitlab clients for 2 probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* 🌱 convert Webhook check to probes
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add test + nits
Signed-off-by: AdamKorcz <adam@adalogics.com>
* replace probe with OutcomeNotApplicable
Signed-off-by: AdamKorcz <adam@adalogics.com>
* return one finding per webhook
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change wording in def.yml
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change wording in def.yml and checks.md
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove unused struct in test
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* align checks.md with checks.yaml
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* bring back experimental for webhooks
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'token' to 'secret' in probe
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* use checker.MinResultScore instead of 0
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Change test name
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* use checker.MinResultScore instead of 0
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix typo
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Use checker.MaxResultScore instead of 10
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* rename probe
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove the 'totalWebhooks' value from findings
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Adam Korczynski <adam@adalogics.com>