-
Notifications
You must be signed in to change notification settings - Fork 97
Expand file tree
/
Copy pathfs-generic.yml
More file actions
43 lines (42 loc) · 1.52 KB
/
fs-generic.yml
File metadata and controls
43 lines (42 loc) · 1.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
name: General Purpose OSS Best Practices
description: |
This filter suite contains rules for implementing general purpose OSS
consumption best practices for an organization.
tags:
- general
- safedep-managed
filters:
- name: critical-or-high-vulns
check_type: CheckTypeVulnerability
summary: Critical or high risk vulnerabilities were found
value: |
vulns.critical.exists(p, true) || vulns.high.exists(p, true)
- name: low-popularity
check_type: CheckTypePopularity
summary: Component popularity is low by Github stars count
value: |
projects.exists(p, (p.type == "GITHUB") && (p.stars < 10))
- name: risky-oss-licenses
check_type: CheckTypeLicense
summary: Risky OSS license was detected
value: |
licenses.exists(p, p == "GPL-2.0") ||
licenses.exists(p, p == "GPL-2.0-only") ||
licenses.exists(p, p == "GPL-3.0") ||
licenses.exists(p, p == "GPL-3.0-only") ||
licenses.exists(p, p == "BSD-3-Clause OR GPL-2.0")
- name: ossf-unmaintained
check_type: CheckTypeMaintenance
summary: Component appears to be unmaintained
value: |
scorecard.scores["Maintained"] == 0
- name: osv-malware
check_type: CheckTypeMalware
summary: Malicious (malware) component detected
value: |
vulns.all.exists(v, v.id.startsWith("MAL-"))
- name: ossf-dangerous-workflow
check_type: CheckTypeSecurityScorecard
summary: Component release pipeline appear to use dangerous workflows
value: |
scorecard.scores["Dangerous-Workflow"] == 0