Add minder OSPS minder profiles and first rules #107
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit adds thre minder profiles capturing the current OSPS checks. Each file has the skeleton for a profile that implements rules to verify each of the checks in levels 1,2 3. Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
This commit adds a README file with instructions on how to use the OSPS profiles with Minder. Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
puerco
force-pushed
the
minder-profile
branch
from
5c11d0e to
3795305
Compare
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
Co-authored-by: Michelangelo Mori <[email protected]> Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
puerco
force-pushed
the
minder-profile
branch
from
5270c20 to
60392bb
Compare
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
SecurityCRob
approved these changes
Dec 16, 2024
| in your software project. | ||
|
|
||
| This directory contains three [Minder](https://github.com/mindersec/minder) | ||
| profiles that any project can use to monitor its compliance with the |
There was a problem hiding this comment.
Suggested change
| profiles that any project can use to monitor its compliance with the | |
| profiles that any project can use to experimentally monitor its compliance with the |
|
|
||
| This directory contains three [Minder](https://github.com/mindersec/minder) | ||
| profiles that any project can use to monitor its compliance with the | ||
| Open Source Project Security Baseline. |
There was a problem hiding this comment.
Suggested change
| Open Source Project Security Baseline. | |
| Open Source Project Security Baseline. | |
| Note that the baseline is still in development, as are these profiles. |
|
Since we're still working on some things, I think it's really important to be up-front that this is early-stage work. I applaud early-stage work, don't get me wrong, I just don't want people to grab this & think it's all done now. :-). I made a few tweaks above. As long as we mark things like that (it could be noted differently), so people understand its early nature, then wonderful! |
eddie-knight
requested changes
Dec 20, 2024
There was a problem hiding this comment.
Agree with @david-a-wheeler, and I think we should stabilize this before merging it in
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds the three skeletons for minder profiles for each level of the baseline, the are written to be applied incrementally as a project matures:
osps-baseline-level1.yaml→ Level 1osps-baseline-level2.yaml→ Level 2osps-baseline-level3.yaml→ Level 3This PR is intended to add the initial template for the profiles, but it already includes a number of rule types that can check for the following controls:
Signed-off-by: Adolfo García Veytia (puerco) [email protected]