CLAassistant
commented
2 years ago
All committers have signed the CLA.
Closed rgreinho closed 2 years ago
CLAassistant
commented
2 years ago
All committers have signed the CLA.
rgreinho
commented
2 years ago The report file would now look like this (the results part in the snippet was shortened for readability):
{
"Metadata": {
"Date": "2022-06-28T13:40:36-05:00",
"Statistics": {
"Passed": 5,
"Failed": 23,
"Unknown": 8,
"Total": 36
}
},
"Results": [
{
"ID": "1.1.3",
"Name": "Ensure any change to code receives approval of two strongly authenticated users",
"Descrition": "Ensure that every code change is reviewed and approved by two authorized contributors who are strongly authenticated.",
"Remediation": "An organization can protect specific code branches — for example, the \"main\" branch which often is the version deployed to production — by setting protection rules. These rules secure your code repository from unwanted or unauthorized changes. You may set requirements for any code change to that branch, and thus specify a minimum number of reviewers required to approve a change.",
"Result": "Failed",
"Reason": "",
"Url": "https://avd.aquasec.com/compliance/softwaresupplychain/cis-1.0/cis-1.0-sourcecode/1.1"
}
]
}
This patch adds a new metadata section to the report file being generated by chain-bench.
This initial version adds the generation date, and the check statistics which is useful to compare different scans and their evolutions over time.
Fixes aquasecurity/chain-bench#38