Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Compliance check: preventBranchProtectionBypass #76

Open
24 tasks
UlisesGascon opened this issue Dec 13, 2024 · 1 comment
Open
24 tasks

Add Compliance check: preventBranchProtectionBypass #76

UlisesGascon opened this issue Dec 13, 2024 · 1 comment
Assignees
@UlisesGascon
Labels
blocked This PR/issue is waiting for external factors compliance-checks Priority-Group-04
Milestone
Include all the c...

Comments

@UlisesGascon
Copy link
Member

How the Check Works

Provide a clear definition based on the spreadsheet

Pending Tasks

You can find more details in the contributing guide

  • 1. Define a Good Implementation Example
    • Read the documentation (guidelines, best practices...)
    • Brainstorm how to implement this check (logic, alerts, tasks, validations, edge cases...).
    • Achieve an agreement on the implementation details before starting to work on this.
  • 2. Update Check Record Example
    • Update the compliance_checks row with the following fields: how_to_url, implementation_status, implementation_type and implementation_details_reference
    • Check the migration scripts using npm run db:migrate and npm run db:rollback
    • Update the database schema by running npm run db:generate-schema
  • 3. Implement the Business Logic Validator Example and Check Example
    • Add the specific validator in src/checks/validators/index.js
    • Add the check logic in src/checks/complianceChecks
    • Ensure that the check is in scope for the organization (use isCheckApplicableToProjectCategory)
    • Ensure that the severity value is well calculated (use getSeverityFromPriorityGroup)
    • Add the alert row in the compliance_checks_alerts table when is needed.
    • Add the task row in the compliance_checks_tasks table when is needed.
    • Add the result row in the compliance_checks_results table.
  • 4. Ensure It Works as Expected
    • Add new unit tests for the validator check.
    • Add new integration test cases for this check.
    • Verify that all tests are passing.
    • Run the command check run --name {check_code_name} and verify the changes in the database. Update the seed script if needed (npm run db:seed)
  • 5. Update the website Example
@UlisesGascon UlisesGascon self-assigned this Dec 13, 2024
@UlisesGascon UlisesGascon mentioned this issue Dec 14, 2024
Open
@UlisesGascon
Copy link
Member Author

UlisesGascon commented Dec 14, 2024
edited
Loading

This is blocked by #146 and #147.

But the check should be on the column default_branch_enforce_admins within the table github_repositories and expect that all the repositories in the project have the value as true in order to consider this check as passed otherwise is not and requires alerts and tasks as it is a PG04

@UlisesGascon UlisesGascon added blocked This PR/issue is waiting for external factors and removed research-needed labels Dec 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@UlisesGascon UlisesGascon

Labels
blocked This PR/issue is waiting for external factors compliance-checks Priority-Group-04
Projects
None yet
Milestone
Include all the compliance checks
Development

No branches or pull requests
1 participant
@UlisesGascon