isaac-heist-slalom
commented
2 months ago Issues found when looking at #537
1) Jeff's first question - "I'm seeing that secureli init needs to be run on each clone of the client repo, even though my .secureli directory and .secureli.yaml are committed to the repo."
Yes, when a repo with secureli installed on it is cloned to another location, it does need to be initialized. Underlying files that are .gitignored and not committed are:
.secureli/repo-config.yaml.git/hooks/pre-commit
Install vs initialization. Verbiage and documentation use installation for both. Should this be cleaned up to avoid confusion?
seCureLI has not yet been installed, install now? [Y/n]:
to
seCureLI has not yet been initialized in this repo/directory, initialize now? [Y/n]:
Secureli scan on repo where secureli is initialized:
2) Initialization of repo with custom .secureli.yaml configs will auto format .secureli.yaml, even if linters were not chosen to be installed. Given that .secureli.yaml is a secureli file, is this expected behavior?
3) Error in main branch where secureli artifacts that are ignored by git carry over.
Says "seCureLI is installed and up-to-date for the following language(s)", even though secureli is not initialized completely in that branch. This is not an expected workflow, but can certainly occur.
As a SeCurLI user, when I run SeCureLI on a branch after initial install, I am prompted to reinstall.
This causes issues in the fact that if I reinstall my YAML files will be overwritten losing the information I have already gathered and populated.
To reproduce:
Results:
AC:
Open Questions: