From 87a26847fea103a3c83e9b311ec110f5803c9462 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 12 Apr 2024 09:38:13 +0200 Subject: [PATCH] Minor ruletype descriptions A bunch of ruletype text updates I found while I was testing different ruletypes through UI - more ecosystem examples for the popular dependabot ecosystems - provide a reasonable default for codeQL schedule - say that minder will use builtin defaults for the OSV ruletype to make it clear that the user doesn't have to fill them in - fix description of exclude for the action pinning ruletype --- rule-types/github/actions_check_pinned_tags.yaml | 2 +- rule-types/github/codeql_enabled.yaml | 3 ++- rule-types/github/dependabot_configured.yaml | 2 +- rule-types/github/pr_vulnerability_check.yaml | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/rule-types/github/actions_check_pinned_tags.yaml b/rule-types/github/actions_check_pinned_tags.yaml index b5d3ac9..bf38a0f 100644 --- a/rule-types/github/actions_check_pinned_tags.yaml +++ b/rule-types/github/actions_check_pinned_tags.yaml @@ -35,7 +35,7 @@ def: type: string description: | Exclude actions from being checked and remediated. Useful for actions that don't support SHA pinning such - as slsa-github-generator. Use the full owner/action@tag string here, e.g. actions/checkout@v3 + as slsa-github-generator. Use the full owner/action format here, e.g. actions/checkout # Defines the configuration for ingesting data relevant for the rule ingest: type: git diff --git a/rule-types/github/codeql_enabled.yaml b/rule-types/github/codeql_enabled.yaml index e97f491..4af36ea 100644 --- a/rule-types/github/codeql_enabled.yaml +++ b/rule-types/github/codeql_enabled.yaml @@ -38,7 +38,8 @@ def: schedule_interval: type: string description: | - Only applicable for remediation. Sets the schedule interval for the workflow. + Sets the schedule interval in cron format for the workflow. Only applicable for remediation. + default: '30 * * * *' required: - languages - schedule_interval diff --git a/rule-types/github/dependabot_configured.yaml b/rule-types/github/dependabot_configured.yaml index 061d9df..ae02d49 100644 --- a/rule-types/github/dependabot_configured.yaml +++ b/rule-types/github/dependabot_configured.yaml @@ -30,7 +30,7 @@ def: type: string description: | The package ecosystem that the rule applies to. - For example, npm, docker, github-actions, etc. + For example pip, gomod, npm, docker, github-actions, etc. schedule_interval: type: string description: | diff --git a/rule-types/github/pr_vulnerability_check.yaml b/rule-types/github/pr_vulnerability_check.yaml index 3a36495..7e527a5 100644 --- a/rule-types/github/pr_vulnerability_check.yaml +++ b/rule-types/github/pr_vulnerability_check.yaml @@ -37,7 +37,7 @@ def: default: review ecosystem_config: type: array - description: "The configuration for the ecosystems to check." + description: "The configuration for the ecosystems to check. Optional. If not explicitly set, Minder's default configuration will be used." items: type: object properties: