Open eddie-knight opened 1 year ago
Note: exemptions are tolerated, even for repos that are scanned as part of the official CNCF project.
See example here: https://github.com/cncf/clomonitor/blob/main/docs/metadata/.clomonitor.yml
Regarding the artifact hub check... I'm thinking the options available are to either:
Hi @eddie-knight 👋
Just in case it helps, the link in the Artifact Hub badge generated from the control panel points to the repository, not to a single package. In the case of the argo
repo, it should point to https://artifacthub.io/packages/search?repo=argo, covering all the charts 🙂
Thanks @tegioz -- appreciate the timely response!
@eddie-knight for dependency updates I found following combination based on this article
@pdrastil I just added an exclusion for dependency-related checks until we can get a good PR up to implement the dependency scanning and SBOM creation
The last change necessary for the Security checks would be to adjust the publish.yml
to use helm package
with package signing.
Currently that workflow is using helm/chart-releaser-action
, which is a wrapper for helm/chart-releaser
, and I found this note in chart-releaser:
If you wish to use advanced packaging options such as creating signed
packages or updating chart dependencies please use "helm package" instead.`,
https://github.com/helm/chart-releaser/blob/main/cr/cmd/package.go#L32-L33
Is this something we want to action?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Is your feature request related to a problem?
This relates to the discussion surrounding CLOMonitoring. I spoke offline with @pdrastil and it was determined that we should make an effort to hold this repository to a complete
code
standard as defined in the CLOMonitor docs.CLOMonitor report
Summary
Repository: argo-helm URL: https://github.com/argoproj/argo-helm Checks sets:
CODE
Score: 74Checks passed per category
Checks
Documentation [100%]
License [75%]
Best Practices [38%]
EXEMPT
Security [80%]
EXEMPT
EXEMPT
For more information about the checks sets available and how each of the checks work, please see the CLOMonitor's documentation.