Open matthchr opened 3 weeks ago
In terms of doing this, if we wanted to support something like go does for mod (where you can pull from git repos based on tag), we could look at what go
does, which involves pulling a zip of the repo at a given hash and then hashing that zip for caching purposes:
Alternatively we could use the GitHub API, if we only wanted to support GitHub (which seems unlikely to me, but might be simple):
Either via just plain old HTTP(S) file queries or possibly via ORAS with something like https://github.com/opcr-io/policy - or possibly we could support both.
The advantage of this would be that we could define a set of common requirements for:
and then reuse them in different contexts. Main wins of reuse are for other projects like extensions that might run a subset of AKS linters but benefit from updates to the core security linters (rather than duplicate)