search

aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Apache License 2.0
715 stars 62 forks source link

make the keys in the json output lowercase #46

Closed naortalmor1 closed 2 years ago

naortalmor1 commented 2 years ago

Description

Related issues

Before:

[
  {
    "ID": "1.1.3",
    "Name": "Ensure any change to code receives approval of two strongly authenticated users",
    "Descrition": "Ensure that every code change is reviewed and approved by two authorized contributors who are strongly authenticated.",
    "Remediation": "An organization can protect specific code branches — for example, the \"main\" branch which often is the version deployed to production — by setting protection rules. These rules secure your code repository from unwanted or unauthorized changes. You may set requirements for any code change to that branch, and thus specify a minimum number of reviewers required to approve a change.",
    "Result": "Failed",
    "Reason": "",
    "Url": "https://avd.aquasec.com/compliance/softwaresupplychain/cis-1.0/cis-1.0-sourcecode/1.1"
  }
]

After

[
    {
      "id": "1.1.3",
      "name": "Ensure any change to code receives approval of two strongly authenticated users",
      "description": "Ensure that every code change is reviewed and approved by two authorized contributors who are strongly authenticated.",
      "remediation": "An organization can protect specific code branches — for example, the \"main\" branch which often is the version deployed to production — by setting protection rules. These rules secure your code repository from unwanted or unauthorized changes. You may set requirements for any code change to that branch, and thus specify a minimum number of reviewers required to approve a change.",
      "result": "Failed",
      "url": "https://avd.aquasec.com/compliance/softwaresupplychain/cis-1.0/cis-1.0-sourcecode/1.1"
    }
]

Checklist