-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: Provide clarity in policy titles #140
docs: Provide clarity in policy titles #140
Conversation
This commit adopts the following in an attempt to provide clarity in policy titles and adopt some more standard RFC language. - Critical/High rules => Must - Medium/Low => Should Additionally, it updates some of the policy language to be more clear. Resolves: Legit-Labs#139 See Also: [RFC-2119](https://www.rfc-editor.org/rfc/rfc2119) See Also: [RFC-8174](https://www.rfc-editor.org/rfc/rfc8174)
👇 Click on the image for a new way to code review
Legend |
I'm not an expert on the Gitlab side, and I still think there's room for improvement with the language, so any feedback welcome. 😄 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome work 🔥
Two general requests:
- Your editor changed the indentation of the files which causes OPA to fail loading the policies, this is why the pr checks fail
- I rather use only the "Should" notation since even HIGH severity policies could be ok under some circumstances
Yaml is particular and needs spaces after colons. It can be hard to track this down when it's in a comment block. It's even more difficult when you are new to go and don't realize that the docstrings are pulled from the compiled code and not the source on disk. Whoops...
I resolved the title comments. Once you change the Must's to Should's I'll merge it. Thank you for putting in the effort @derekmurawsky! |
Per the conversation in [this PR](Legit-Labs#140 (comment)) I changed instanced of `must` to `should` as all of this advice is guidance that may be followed or not at the discretion of the implementation teams that use this tool.
This commit adopts the following in an attempt to provide clarity in policy titles and adopt some more standard RFC language.
Additionally, it updates some of the policy language to be more clear.
Resolves: #139
See Also: RFC-2119
See Also: RFC-8174
What's being changed?
Is this PR related to an existing issue?
Check off the following: