Giter Club home page Giter Club logo

Comments (3)

morwn avatar morwn commented on June 11, 2024 3

The actual reporting UI will be implemented soon

from chain-bench.

morwn avatar morwn commented on June 11, 2024 2

Hi @krol3,
I really like your idea, we will work on adding SLSA level as part of each checks metadata soon.

Meantime, Do you have in mind any expected behavior that you wish to see when running chain-bench?

Thanks,
Mor

from chain-bench.

krol3 avatar krol3 commented on June 11, 2024

Hi! @morwn, what about the output of this new SLSA report?
how can I see in the output, if it's following the SLSA level "slsa_level": [1,2,3,4] ?

Currently the output is like this:

chain-bench version 0.1.3

 2.3.1    Ensure all build steps are defined as code                                                      Passed
 2.3.5    Ensure access to the build process's triggering is minimized                                    Unknown   Organization is not fetched
 2.3.7    Ensure pipelines are automatically scanned for vulnerabilities                                  Passed
 2.3.8    Ensure scanners are in place to identify and prevent sensitive data in pipeline files           Failed    Repository is not scanned for secrets
 2.4.2    Ensure all external dependencies used in the build process are locked                           Failed    6 task(s) are not pinned
 2.4.6    Ensure pipeline steps produce an SBOM                                                           Failed    2 pipeline(s) contain a build job without SBOM generation
 3.1.7    Ensure dependencies are pinned to a specific, verified version                                  Failed    6 dependencies are not pinned
 3.2.2    Ensure packages are automatically scanned for known vulnerabilities                             Passed
 3.2.3    Ensure packages are automatically scanned for license implications                              Passed
 4.2.3    Ensure user's access to the package registry utilizes MFA                                       Unknown   Registry is not fetched
 4.2.5    Ensure anonymous access to artifacts is revoked                                                 Unknown   Registry is not fetched
 4.3.4    Ensure webhooks of the package registry are secured                                             Passed
-------- ----------------------------------------------------------------------------------------------- --------- -----------------------------------------------------------
 Total Passed Rules: 9 out of 26
2022-08-21 16:49:18 INF Scan completed: 4s

from chain-bench.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.