Closed incertum closed 6 months ago
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Hey @incertum , @Andreagit97 . I am interested in this issue, can you please tell me more about it. Thanks!
Amazing @h4l0gen - we haven't discussed any ideas. Hence we are open to suggestions and recommendations! Thanks for taking this on!
@incertum @Andreagit97 we can use yamllint library for validating rules-yaml file's syntax. WDYT🤔? Please check it once. Thank you!
yamllint
It has GPL-3.0 license which requires a license exception with the CNCF. Could we find a project that has CNCF approved licenses?
- BSD-2-Clause
- BSD-2-Clause-FreeBSD
- BSD-3-Clause
- MIT
- ISC
- Python-2.0
- PostgreSQL
- X11
- Zlib
- Google patent license for Golang (https://golang.org/PATENTS)
all these + Apache2 are ok
CC @leogr
@incertum @leogr we can consider this one https://github.com/CICDToolbox/yaml-lint?tab=readme-ov-file it has MIT license. please take a look. Thank you!
@incertum @leogr we can consider this one https://github.com/CICDToolbox/yaml-lint?tab=readme-ov-file it has MIT license. please take a look. Thank you!
This would not be ok because it has less than 10 github stars https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md#cncf-allowlist-license-policy
Anyway the purpose of this is "linting yaml files only", I recommend just using one of the existing GitHub actions: https://github.com/marketplace?category=&type=actions&verification=&query=sort%3Apopularity-desc+yaml+lint
If we only run a third-party GitHub Action in our CI (without importing its source code into our code base), the CNCF IP policy does not apply and we don't have any license restriction.
@leogr @incertum, if you both agree on using GitHub Actions, I would like to proceed by writing a YAML file.
@leogr @incertum, if you both agree on using GitHub Actions, I would like to proceed by writing a YAML file.
ok :+1:
/assign
Motivation
Consider adding a yaml-linter for the rules files, see @Andreagit97 suggestion https://github.com/falcosecurity/rules/pull/142/files#r1308818842. This may help to enforce the new rules style guide consistently.