search

aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Apache License 2.0
715 stars 62 forks source link

Provide a directly actionable solution whenever possible as part of the remediation #34

Open rgreinho opened 2 years ago

rgreinho commented 2 years ago

When a check fails, it is most of the time possible to fix it using the GitHub API.

For example, the number of reviewers required can be updated with one REST request:

curl -s \
  -X PATCH \
  -H "Accept: application/vnd.github.v3+json" \
  -H "Authorization: token $GITHUB_TOKEN" \
  https://api.github.com/repos/buildsec/frsca/branches/main/protection/required_pull_request_reviews \
  -d '{"required_approving_review_count":2}'

Attaching this snippet to the remediation explanation (https://avd.aquasec.com/compliance/softwaresupplychain/cis-1.0/cis-1.0-sourcecode/1.1) would help the end users to resolve the issue.

morwn commented 2 years ago

Hi @rgreinho, Nice suggestion, we plan to add support for adding dynamic remediation instructions soon.

@naortalmor1 - FYI