diff --git a/README.md b/README.md index 8d92c830..9b232471 100644 --- a/README.md +++ b/README.md @@ -266,10 +266,7 @@ The details of how the `fix` action works for each policy is detailed below. If ### Branch Protection -This policy's config file is named `branch_protection.yaml`, and the [config -definitions are -here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/branch#OrgConfig). - +This policy's config file is named `branch_protection.yaml` The branch protection policy checks that GitHub's [branch protection settings](https://docs.github.com/en/github/administering-a-repository/defining-the-mergeability-of-pull-requests/about-protected-branches) are setup correctly according to the specified configuration. The issue text @@ -281,10 +278,7 @@ The `fix` action will change the branch protection settings to be in compliance ### Binary Artifacts -This policy's config file is named `binary_artifacts.yaml`, and the [config -definitions are -here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/binary#OrgConfig). - +This policy's config file is named `binary_artifacts.yaml` This policy incorporates the [check from scorecard](https://github.com/ossf/scorecard/#scorecard-checks). Remove the binary artifact from the repository to achieve compliance. As the scorecard @@ -293,10 +287,7 @@ itself](https://github.com/ossf/scorecard) to see all the detailed information. ### Outside Collaborators -This policy's config file is named `outside.yaml`, and the [config definitions -are -here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/outside#OrgConfig). - +This policy's config file is named `outside.yaml` This policy checks if any [Outside Collaborators](https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories/adding-outside-collaborators-to-repositories-in-your-organization) have either administrator(default) or push(optional) access to the @@ -305,10 +296,7 @@ untrusted members can change admin level settings and commit malicious code. ### SECURITY.md -This policy's config file is named `security.yaml`, and the [config definitions -are -here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/security#OrgConfig). - +This policy's config file is named `security.yaml` This policy checks that the repository has a security policy file in `SECURITY.md` and that it is not empty. The created issue will have a link to the [GitHub @@ -317,10 +305,7 @@ that helps you commit a security policy to your repository. ### Dangerous Workflow -This policy's config file is named `dangerous_workflow.yaml`, and the [config -definitions are -here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/workflow#OrgConfig). - +This policy's config file is named `dangerous_workflow.yaml` This policy checks the GitHub Actions workflow configuration files (`.github/workflows`), for any patterns that match known dangerous behavior. See the [Security Scorecards @@ -329,10 +314,7 @@ for more information on this check. ### Generic Scorecard Check -This policy's config file is named `scorecard.yaml`, and the [config definitions -are -here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/scorecard#OrgConfig). - +This policy's config file is named `scorecard.yaml` This policy runs any scorecard check listed in the `checks` configuration. All checks run must have a score equal or above the `threshold` setting. Please see the [Security Scorecards @@ -341,10 +323,7 @@ for more information on each check. ### GitHub Actions -This policy's config file is named `actions.yaml`, and the [config definitions -are -here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/action#OrgConfig). - +This policy's config file is named `actions.yaml` This policy checks the GitHub Actions workflow configuration files (`.github/workflows`) (and workflow runs in some cases) in each repo to ensure they are in line with rules (eg. require, deny) defined in the @@ -352,10 +331,7 @@ organization-level config for the policy. ### Repository Administrators -This policy's config file is named `admin.yaml`, and the [config definitions -are -here](https://pkg.go.dev/github.com/contentful/allstar/pkg/policies/admin#OrgConfig). - +This policy's config file is named `admin.yaml` This policy checks that by default all repositories must have a user or group assigned as an Administrator. It allows you to optionally configure if users are allowed to be administrators (as opposed to teams). ### Future Policies @@ -374,8 +350,8 @@ organization. ### Configuration Definitions -- [Organization level enable configuration](https://pkg.go.dev/github.com/contentful/allstar/pkg/config#OrgOptConfig) -- [Repository Override enable configuration]( https://pkg.go.dev/github.com/contentful/allstar/pkg/config#RepoOptConfig) +- [Organization level enable configuration]() +- [Repository Override enable configuration]() ### Secondary Org-Level configuration location diff --git a/pkg/policies/catalog/catalog.go b/pkg/policies/catalog/catalog.go index e668a8d1..04dd6098 100644 --- a/pkg/policies/catalog/catalog.go +++ b/pkg/policies/catalog/catalog.go @@ -147,7 +147,7 @@ func check(ctx context.Context, c *github.Client, v4c v4client, owner, return &policydef.Result{ Enabled: enabled, Pass: false, - NotifyText: "catalog-info.yaml file not found.\n" + fmt.Sprintf(notifyText, owner, repo), + NotifyText: "catalog-info.yaml file not found.\n" + fmt.Sprint(notifyText, owner, repo), Details: details{ Enabled: false, },