Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Dockerfile for Python script #38

Merged
merged 3 commits into from
Sep 22, 2023
Merged

Add Dockerfile for Python script #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
aeb667a
Add Dockerfile for Py script
luigigubello Sep 18, 2023
99510fc
Delete files
luigigubello Sep 18, 2023
7b2b88c
edit README
luigigubello Sep 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 0 additions & 42 deletions command-line-tool/README.md
View file
Open in desktop

This file was deleted.

11 changes: 11 additions & 0 deletions validators/python/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
FROM python:3.11-bullseye

WORKDIR /app

COPY . .

RUN pip install -r requirements.txt

RUN chmod +x validator-and-generator.py

RUN ln --symbolic /app/validator-and-generator.py /usr/bin/si-validator
42 changes: 42 additions & 0 deletions validators/python/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Command-line Generator and Validator

A Python command-line tool to help maintainters, developers, and contributors to generate or validate the SECURITY INSIGHTS yaml file.

## Usage

[Docker](https://www.docker.com/) needs to be installed. Build the container image:

```
docker build -t sec-insights .
```

If you want to validate a `SECURITY-INSIGHTS.yml`, run the following command:

```
docker run -v $(pwd)/../..:/security-insights -it sec-insights si-validator verify /security-insights/examples/security-insights-minimal-sample.yml /security-insights/security-insights-schema-1.0.0.yaml
```

If you want to create a new `SECURITY-INSIGHTS.yml` by complying the YAML schema, launch this command:

```
docker run -v $(pwd)/../..:/security-insights -it sec-insights si-validator create /security-insights/examples/security-insights-minimal-sample.yml /security-insights/security-insights-schema-1.0.0.yaml
```

and fill out the questionnaire by following the wizard. The questions labeled with `(optional)` are not mandatory and can be skipped.

## Bugs

If you find any bugs, please open an issue or submit a pull request.

### Known Bugs

- [ ] Value type and format are not printed in the wizard
- [ ] The script accepts just `True` or `False` for boolean values (case sensitive)
- [ ] The script supports just single-line comments

## Security

If you find a security vulnerability, please report it via [GitHub private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability).



0 command-line-tool/requirements.txt → validators/python/requirements.txt
View file
Open in desktop
File renamed without changes.
2 changes: 2 additions & 0 deletions command-line-tool/validator-and-generator.py → validators/python/validator-and-generator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
#!/usr/bin/env python

import collections
import click
import jsonschema
Expand Down