add catalog check

README.md

@@ -1,4 +1,4 @@
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ossf/allstar/badge)](https://api.securityscorecards.dev/projects/github.com/ossf/allstar)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/contentful/allstar/badge)](https://api.securityscorecards.dev/projects/github.com/contentful/allstar)
 
 <img align="right" src="artwork/openssf_allstar_alt.png" width="300" height="400">
 
@@ -268,7 +268,7 @@ The details of how the `fix` action works for each policy is detailed below. If
 
 This policy's config file is named `branch_protection.yaml`, and the [config
 definitions are
-here](https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/branch#OrgConfig).
+here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/branch#OrgConfig).
 
 The branch protection policy checks that GitHub's [branch protection
 settings](https://docs.github.com/en/github/administering-a-repository/defining-the-mergeability-of-pull-requests/about-protected-branches)
@@ -283,7 +283,7 @@ The `fix` action will change the branch protection settings to be in compliance
 
 This policy's config file is named `binary_artifacts.yaml`, and the [config
 definitions are
-here](https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/binary#OrgConfig).
+here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/binary#OrgConfig).
 
 This policy incorporates the [check from
 scorecard](https://github.com/ossf/scorecard/#scorecard-checks). Remove the
@@ -295,7 +295,7 @@ itself](https://github.com/ossf/scorecard) to see all the detailed information.
 
 This policy's config file is named `outside.yaml`, and the [config definitions
 are
-here](https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/outside#OrgConfig).
+here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/outside#OrgConfig).
 
 This policy checks if any [Outside
 Collaborators](https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories/adding-outside-collaborators-to-repositories-in-your-organization)
@@ -307,7 +307,7 @@ untrusted members can change admin level settings and commit malicious code.
 
 This policy's config file is named `security.yaml`, and the [config definitions
 are
-here](https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/security#OrgConfig).
+here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/security#OrgConfig).
 
 This policy checks that the repository has a security policy file in
 `SECURITY.md` and that it is not empty. The created issue will have a link to
@@ -319,7 +319,7 @@ that helps you commit a security policy to your repository.
 
 This policy's config file is named `dangerous_workflow.yaml`, and the [config
 definitions are
-here](https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/workflow#OrgConfig).
+here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/workflow#OrgConfig).
 
 This policy checks the GitHub Actions workflow configuration files
 (`.github/workflows`), for any patterns that match known dangerous
@@ -331,7 +331,7 @@ for more information on this check.
 
 This policy's config file is named `scorecard.yaml`, and the [config definitions
 are
-here](https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/scorecard#OrgConfig).
+here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/scorecard#OrgConfig).
 
 This policy runs any scorecard check listed in the `checks` configuration. All
 checks run must have a score equal or above the `threshold` setting. Please see
@@ -343,7 +343,7 @@ for more information on each check.
 
 This policy's config file is named `actions.yaml`, and the [config definitions
 are
-here](https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/action#OrgConfig).
+here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/action#OrgConfig).
 
 This policy checks the GitHub Actions workflow configuration files
 (`.github/workflows`) (and workflow runs in some cases) in each repo to ensure
@@ -354,7 +354,7 @@ organization-level config for the policy.
 
 This policy's config file is named `admin.yaml`, and the [config definitions
 are
-here](https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/admin#OrgConfig).
+here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/admin#OrgConfig).
 
 This policy checks that by default all repositories must have a user or group assigned as an Administrator. It allows you to optionally configure if users are allowed to be administrators (as opposed to teams).
 
@@ -374,8 +374,8 @@ organization.
 
 ### Configuration Definitions
 
-- [Organization level enable configuration](https://pkg.go.dev/github.com/ossf/allstar/pkg/config#OrgOptConfig)
-- [Repository Override enable configuration]( https://pkg.go.dev/github.com/ossf/allstar/pkg/config#RepoOptConfig)
+- [Organization level enable configuration](https://pkg.go.dev/github.com/contentful/allstar/pkg/config#OrgOptConfig)
+- [Repository Override enable configuration]( https://pkg.go.dev/github.com/contentful/allstar/pkg/config#RepoOptConfig)
 
 ### Secondary Org-Level configuration location
 

cmd/allstar/main.go

@@ -25,9 +25,9 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/ossf/allstar/pkg/enforce"
-	"github.com/ossf/allstar/pkg/ghclients"
-	"github.com/ossf/allstar/pkg/policies"
+	"github.com/contentful/allstar/pkg/enforce"
+	"github.com/contentful/allstar/pkg/ghclients"
+	"github.com/contentful/allstar/pkg/policies"
 
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"

cmd/reviewbot/main.go

@@ -19,7 +19,7 @@ import (
 	"os"
 	"strconv"
 
-	"github.com/ossf/allstar/pkg/reviewbot"
+	"github.com/contentful/allstar/pkg/reviewbot"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 )

go.mod

@@ -1,4 +1,4 @@
-module github.com/ossf/allstar
+module github.com/contentful/allstar
 
 go 1.16
 

pkg/config/config.go

@@ -22,7 +22,7 @@ import (
 	"path"
 	"strings"
 
-	"github.com/ossf/allstar/pkg/config/operator"
+	"github.com/contentful/allstar/pkg/config/operator"
 
 	jsonpatch "github.com/evanphx/json-patch"
 	"github.com/google/go-github/v50/github"

pkg/config/config_test.go

@@ -22,9 +22,9 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/contentful/allstar/pkg/config/operator"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-github/v50/github"
-	"github.com/ossf/allstar/pkg/config/operator"
 	"sigs.k8s.io/yaml"
 )
 

pkg/config/location.go

@@ -19,7 +19,7 @@ import (
 	"net/http"
 	"sync"
 
-	"github.com/ossf/allstar/pkg/config/operator"
+	"github.com/contentful/allstar/pkg/config/operator"
 )
 
 type instLoc struct {

pkg/config/operator/operator.go

@@ -82,7 +82,7 @@ const GitHubIssueLabel = "allstar"
 // GitHubIssueFooter is added to the end of GitHub issues.
 const GitHubIssueFooter = `This issue will auto resolve when the policy is in compliance.
 
-Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.`
+Issue created by Allstar. See https://github.com/contentful/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.`
 
 // AllowedOrganizations is the set of GitHub repositories on which this Allstar instance
 // is allowed to be installed. This allows a public GitHub app to be shared between GitHub

pkg/config/schedule/schedule.go

@@ -20,7 +20,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/ossf/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/config"
 	"github.com/rs/zerolog/log"
 )
 

pkg/config/schedule/schedule_test.go

@@ -18,7 +18,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/ossf/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/config"
 )
 
 func timeFromDay(wd time.Weekday) time.Time {

pkg/enforce/enforce.go

@@ -22,13 +22,13 @@ import (
 	"sync"
 	"time"
 
-	"github.com/ossf/allstar/pkg/config"
-	"github.com/ossf/allstar/pkg/config/operator"
-	"github.com/ossf/allstar/pkg/ghclients"
-	"github.com/ossf/allstar/pkg/issue"
-	"github.com/ossf/allstar/pkg/policies"
-	"github.com/ossf/allstar/pkg/policydef"
-	"github.com/ossf/allstar/pkg/scorecard"
+	"github.com/contentful/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/config/operator"
+	"github.com/contentful/allstar/pkg/ghclients"
+	"github.com/contentful/allstar/pkg/issue"
+	"github.com/contentful/allstar/pkg/policies"
+	"github.com/contentful/allstar/pkg/policydef"
+	"github.com/contentful/allstar/pkg/scorecard"
 	"golang.org/x/sync/errgroup"
 
 	"github.com/google/go-github/v50/github"

pkg/enforce/enforce_test.go

@@ -23,10 +23,10 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/contentful/allstar/pkg/config/operator"
+	"github.com/contentful/allstar/pkg/policydef"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-github/v50/github"
-	"github.com/ossf/allstar/pkg/config/operator"
-	"github.com/ossf/allstar/pkg/policydef"
 )
 
 var policy1Results policyRepoResults

pkg/ghclients/ghclients.go

@@ -21,9 +21,9 @@ import (
 	"net/http"
 
 	"github.com/bradleyfalzon/ghinstallation/v2"
+	"github.com/contentful/allstar/pkg/config/operator"
 	"github.com/google/go-github/v50/github"
 	"github.com/gregjones/httpcache"
-	"github.com/ossf/allstar/pkg/config/operator"
 	"gocloud.dev/runtimevar"
 	_ "gocloud.dev/runtimevar/awssecretsmanager"
 	_ "gocloud.dev/runtimevar/filevar"

pkg/issue/issue.go

@@ -24,9 +24,9 @@ import (
 	"strings"
 	"time"
 
-	"github.com/ossf/allstar/pkg/config"
-	"github.com/ossf/allstar/pkg/config/operator"
-	"github.com/ossf/allstar/pkg/config/schedule"
+	"github.com/contentful/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/config/operator"
+	"github.com/contentful/allstar/pkg/config/schedule"
 	"github.com/rs/zerolog/log"
 
 	"github.com/google/go-github/v50/github"
@@ -287,7 +287,7 @@ func createIssueBody(owner, repo, text, hash, footer string, isIssueRepo bool) s
 		refersTo = fmt.Sprintf(" and refers to [%s](https://github.com/%s)", ownerRepo, ownerRepo)
 	}
 	editHeader := issueSectionHeader(updateSectionName)
-	return fmt.Sprintf("_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/)%s._\n\n**Security Policy Violation**\n"+
+	return fmt.Sprintf("_This issue was automatically created by [Allstar](https://github.com/contentful/allstar/)%s._\n\n**Security Policy Violation**\n"+
 		"%v\n\n---\n\n%s%s%s\n%v",
 		refersTo, text, editHeader, fmt.Sprintf(resultTextHashCommentFormat, hash), editHeader, footer)
 }

pkg/issue/issue_test.go

@@ -21,8 +21,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/ossf/allstar/pkg/config"
-	"github.com/ossf/allstar/pkg/config/operator"
+	"github.com/contentful/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/config/operator"
 
 	"github.com/google/go-github/v50/github"
 )
@@ -70,8 +70,8 @@ func TestEnsure(t *testing.T) {
 	issueTitleOtherRepo := "Security Policy violation for repository \"\" thispolicy"
 	closed := "closed"
 	open := "open"
-	body := "_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n<!-- Edit section #updates --><!-- Current result text hash: 1ab61918ea1b7d10e20db2b40287c1a265a1617b998d87b28579a4462b2efac2 --><!-- Edit section #updates -->\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer."
-	bodyOtherRepo := "_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/) and refers to [/](https://github.com//)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n<!-- Edit section #updates --><!-- Current result text hash: 1ab61918ea1b7d10e20db2b40287c1a265a1617b998d87b28579a4462b2efac2 --><!-- Edit section #updates -->\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer."
+	body := "_This issue was automatically created by [Allstar](https://github.com/contentful/allstar/)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n<!-- Edit section #updates --><!-- Current result text hash: 1ab61918ea1b7d10e20db2b40287c1a265a1617b998d87b28579a4462b2efac2 --><!-- Edit section #updates -->\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/contentful/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer."
+	bodyOtherRepo := "_This issue was automatically created by [Allstar](https://github.com/contentful/allstar/) and refers to [/](https://github.com//)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n<!-- Edit section #updates --><!-- Current result text hash: 1ab61918ea1b7d10e20db2b40287c1a265a1617b998d87b28579a4462b2efac2 --><!-- Edit section #updates -->\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/contentful/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer."
 	configGetAppConfigs = func(context.Context, *github.Client, string, string) (*config.OrgConfig, *config.RepoConfig, *config.RepoConfig) {
 		return &config.OrgConfig{}, &config.RepoConfig{}, &config.RepoConfig{}
 	}
@@ -142,7 +142,7 @@ func TestEnsure(t *testing.T) {
 		configGetAppConfigs = func(context.Context, *github.Client, string, string) (*config.OrgConfig, *config.RepoConfig, *config.RepoConfig) {
 			return &config.OrgConfig{IssueFooter: "CustomFooter"}, &config.RepoConfig{}, &config.RepoConfig{}
 		}
-		bodyWithFooter := "_This issue was automatically created by [Allstar](https://github.com/ossf/allstar/)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n<!-- Edit section #updates --><!-- Current result text hash: 1ab61918ea1b7d10e20db2b40287c1a265a1617b998d87b28579a4462b2efac2 --><!-- Edit section #updates -->\nCustomFooter\n\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer."
+		bodyWithFooter := "_This issue was automatically created by [Allstar](https://github.com/contentful/allstar/)._\n\n**Security Policy Violation**\nStatus text\n\n---\n\n<!-- Edit section #updates --><!-- Current result text hash: 1ab61918ea1b7d10e20db2b40287c1a265a1617b998d87b28579a4462b2efac2 --><!-- Edit section #updates -->\nCustomFooter\n\nThis issue will auto resolve when the policy is in compliance.\n\nIssue created by Allstar. See https://github.com/contentful/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer."
 		listByRepo = func(ctx context.Context, owner string, repo string,
 			opts *github.IssueListByRepoOptions) ([]*github.Issue, *github.Response, error) {
 			return make([]*github.Issue, 0), &github.Response{NextPage: 0}, nil

pkg/policies/action/action.go

@@ -23,8 +23,8 @@ import (
 	"strings"
 
 	"github.com/Masterminds/semver/v3"
-	"github.com/ossf/allstar/pkg/config"
-	"github.com/ossf/allstar/pkg/policydef"
+	"github.com/contentful/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/policydef"
 	"github.com/rhysd/actionlint"
 
 	"github.com/google/go-github/v50/github"

pkg/policies/action/action_test.go

@@ -21,9 +21,9 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/contentful/allstar/pkg/config"
 	"github.com/gobwas/glob"
 	"github.com/google/go-github/v50/github"
-	"github.com/ossf/allstar/pkg/config"
 	"github.com/rhysd/actionlint"
 )
 

pkg/policies/admin/admin.go

@@ -18,9 +18,9 @@ package admin
 import (
 	"context"
 
+	"github.com/contentful/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/policydef"
 	"github.com/gobwas/glob"
-	"github.com/ossf/allstar/pkg/config"
-	"github.com/ossf/allstar/pkg/policydef"
 
 	"github.com/google/go-github/v50/github"
 	"github.com/rs/zerolog/log"

pkg/policies/admin/admin_test.go

@@ -18,10 +18,10 @@ import (
 	"context"
 	"testing"
 
+	"github.com/contentful/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/policydef"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-github/v50/github"
-	"github.com/ossf/allstar/pkg/config"
-	"github.com/ossf/allstar/pkg/policydef"
 )
 
 var listCollaborators func(context.Context, string, string,

pkg/policies/binary/binary.go

@@ -21,9 +21,9 @@ import (
 	"fmt"
 	"path/filepath"
 
-	"github.com/ossf/allstar/pkg/config"
-	"github.com/ossf/allstar/pkg/policydef"
-	"github.com/ossf/allstar/pkg/scorecard"
+	"github.com/contentful/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/policydef"
+	"github.com/contentful/allstar/pkg/scorecard"
 	"github.com/ossf/scorecard/v4/checker"
 	"github.com/ossf/scorecard/v4/checks"
 

pkg/policies/binary/binary_test.go

@@ -18,9 +18,9 @@ import (
 	"context"
 	"testing"
 
+	"github.com/contentful/allstar/pkg/config"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-github/v50/github"
-	"github.com/ossf/allstar/pkg/config"
 )
 
 func TestConfigPrecedence(t *testing.T) {

pkg/policies/branch/branch.go

@@ -20,8 +20,8 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/ossf/allstar/pkg/config"
-	"github.com/ossf/allstar/pkg/policydef"
+	"github.com/contentful/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/policydef"
 
 	"github.com/google/go-github/v50/github"
 	"github.com/rs/zerolog/log"

pkg/policies/branch/branch_test.go

@@ -21,10 +21,10 @@ import (
 	"sort"
 	"testing"
 
+	"github.com/contentful/allstar/pkg/config"
+	"github.com/contentful/allstar/pkg/policydef"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-github/v50/github"
-	"github.com/ossf/allstar/pkg/config"
-	"github.com/ossf/allstar/pkg/policydef"
 )
 
 var get func(context.Context, string, string) (*github.Repository,