Giter VIP home page Giter VIP logo

weave-policy-validator's Introduction

codecov

Weaveworks Infrastructure as Code Validator

Validates infrastucture as code against weave policies

Supported Resources

  • Helm
  • Kustomize

Supported CI/CD

Usage

USAGE:
   app [global options] command [command options] [arguments...]

VERSION:
   0.0.1

COMMANDS:
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --path value                       path to scan resources from
   --helm-values-file value           path to resources helm values file
   --policies-path value              path to policies source directory
   --policies-helm-values-file value  path to policies helm values file
   --git-repo-provider value          git repository provider [$WEAVE_REPO_PROVIDER]
   --git-repo-host value              git repository host [$WEAVE_REPO_HOST]
   --git-repo-url value               git repository url [$WEAVE_REPO_URL]
   --git-repo-branch value            git repository branch [$WEAVE_REPO_BRANCH]
   --git-repo-sha value               git repository commit sha [$WEAVE_REPO_SHA]
   --git-repo-token value             git repository token [$WEAVE_REPO_TOKEN]
   --azure-project value              azure project name [$AZURE_PROJECT]
   --sast value                       save result as gitlab sast format
   --sarif value                      save result as sarif format
   --json value                       save result as json format
   --generate-git-report              generate git report if supported (default: false) [$WEAVE_GENERATE_GIT_PROVIDER_REPORT]
   --remediate                        auto remediate resources if possible (default: false)
   --no-exit-error                    exit with no error (default: false)
   --help, -h                         show help (default: false)
   --version, -v                      print the version (default: false)

Examples

Github

See how to setup the Github Action

Gitlab

weave:
  image:
    name: weaveworks/weave-policy-validator:v1.4
  script:
  - weave-validator --path <path to resources> --policies-path <path to policies>

Enable Auto Remediation

  script:
  - weave-validator --path <path to resources> --policies-path <path to policies> --git-repo-token $GITLAB_TOKEN --remediate

Enable Static Application Security Testing

stages:
  - weave
  - sast

weave:
  stage: weave
  image:
    name: weaveworks/weave-policy-validator:v1.4
  script:
  - weave-validator <path to resources> --policies-path <path to policies> --sast sast.json
  artifacts:
    when: on_failure
    paths:
    - sast.json

upload_sast:
  stage: sast
  when: always
  script:
  - echo "creating sast report"
  artifacts:
    reports:
      sast: sast.json

Bitbucket

pipelines:
  default:
    - step:
        name: 'Weaveworks'
        image: weaveworks/weave-policy-validator:v1.4
        script:
          - weave-validator --path <path to resources> --policies-path <path to policies>

Enable Auto Remediation

  script:
    - weave-validator --path <path to resources> --policies-path <path to policies> --git-repo-token $TOKEN --remediate

Create Pipeline Report

  script:
    - weave-validator --path <path to resources> --policies-path <path to policies> --git-repo-token $TOKEN -generate-git-report

Circle CI

jobs:
  weave:
    docker:
    - image: weaveworks/weave-policy-validator:v1.4
    steps:
    - checkout
    - run:
        command: weave-validator --path <path to resources> --policies-path <path to policies>

Enable Auto Remediation

    - run:
        command: weave-validator --path <path to resources> --policies-path <path to policies> --git-repo-token ${GITHUB_TOKEN} --remediate

Azure DevOps

trigger:
- <list of branches to trigger the pipeline on>

pool:
  vmImage: ubuntu-latest

container:
  image: weaveworks/weave-policy-validator:v1.4-azure

steps:
- script: weave-validator --path <path to resources> --policies-path <path to policies> --git-repo-token $(TOKEN)

Enable Auto Remediation

steps:
- script: weave-validator --path <path to resources> --policies-path <path to policies> --git-repo-token $(TOKEN) --remediate

Contribution

Need help or want to contribute? Please see the links below.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.