Comments (8)
noamd-legit
commented on June 23, 2024
2
Sorry, holidays season :) I will publish a fix today
from legitify.
mawl
commented on June 23, 2024
Should have been fixed with #243
from legitify.
mawl
commented on June 23, 2024
P.S. permissions_log.json is empty.
from legitify.
mawl
commented on June 23, 2024
After moving project back to group/project all policies have been found, so it is nothing concerning different permissions.
Legitify Findings Summary:
+---+------------+--------------------------------+----------+--------+--------+---------+
| # | Namespace | Policy | Severity | Passed | Failed | Skipped |
+---+------------+--------------------------------+----------+--------+--------+---------+
| 1 | repository | Default Branch Should Be | MEDIUM | 0 | 1 | 0 |
| | | Protected | | | | |
+---+------------+--------------------------------+----------+--------+--------+---------+
| 2 | repository | Default Branch Should Not | MEDIUM | 0 | 1 | 0 |
| | | Allow Force Pushes | | | | |
+---+------------+--------------------------------+----------+--------+--------+---------+
| 3 | repository | Project Should Require All | MEDIUM | 0 | 1 | 0 |
| | | Pipelines to Succeed | | | | |
+---+------------+--------------------------------+----------+--------+--------+---------+
from legitify.
noamd-legit
commented on June 23, 2024
All policies are shown and group gets analyzed, too.
Im not sure I understand this, when using the --repo flag it analyzes only the specific repository and only repository-related policies(namespace)
Could you attach the CLI command you're using? I can't replicate this behavior locally (you can send privately if you prefer).
from legitify.
mawl
commented on June 23, 2024
The command I use, is:
legitify analyze \
--scm gitlab \
--failed-only \
--ignore-policies-file ${LEGITIFY_IGNORE_POLICIES_FILE} \
--output-format json \
--error-file analyze.error.log \
--output-file ${LEGITIFY_JSON_OUTPUT} \
--repo "${CI_PROJECT_PATH}"
The project settings for both analysis are the same, I moved the project into a subgroup to test the new feature - and I wonder why policies are missing and the error couldn't find group group/subgroup appears in the log.
I use a policiesignore file to activate only some policies which are:
# missing_default_branch_protection
# missing_default_branch_protection_force_push
# project_not_maintained
# requires_status_checks
If you need more input please let me know.
from legitify.
mawl
commented on June 23, 2024
@noamd-legit: looking forward to your answer :)
from legitify.
mawl
commented on June 23, 2024
Thanks for the fix. It works :)
from legitify.
Related Issues (20)
- Report Script HOT 1
- Policy Skip Support for GitHub Action HOT 1
- Parameterize output report name in GH action HOT 2
- legitify analyze --repo doesn't support gitlab projects within subgroups HOT 5
- When the "ignore-policies" option is enabled, GitHub Action disregards the "extra" parameter HOT 4
- SARIF format results do no supply the actual violation results? HOT 2
- "organization_has_too_many_admins" policy doesn't flag an organization with 8 owners HOT 5
- Add the needed permissions/scopes to the custom action documentation HOT 4
- Running the GitHub action with ` scorecard: verbose` fails with error `failed to enrich scorecard: expecting []ScorecardCheck` HOT 1
- Support using legitify action with GITHUB_TOKEN
- 1.0.5 release did not get completed HOT 2
- "Reaching out" Message comes with every usage of legitify convert HOT 1
- Unmet prerequisite: premium, but premium license is used HOT 6
- Restricting email notifications (GitHub) HOT 2
- Skip evaluating archived GitHub repos in an org HOT 2
- GHA - unable to add extra: --namespace -unknown flag HOT 2
- GitHub Ruleset awareness HOT 1
- Gitlab group license discovery fails with 1.0.8
- Remediation Steps in Output are Formatted as Double Numbered List HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from legitify.