From e99990a8f8c6559bbf85956074e98fcf3389cecf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Garc=C3=ADa=20Veytia=20=28Puerco=29?= Date: Wed, 8 May 2024 21:26:57 -0600 Subject: [PATCH] Trusty PR add provenance and activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Adolfo GarcĂ­a Veytia (Puerco) --- rule-types/github/pr_trusty_check.yaml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/rule-types/github/pr_trusty_check.yaml b/rule-types/github/pr_trusty_check.yaml index 178edfa..4d92685 100644 --- a/rule-types/github/pr_trusty_check.yaml +++ b/rule-types/github/pr_trusty_check.yaml @@ -36,18 +36,20 @@ def: properties: name: type: string - description: "The name of the ecosystem to check. Currently `npm`, `go` and `pypi` are supported." + description: "The name of the ecosystem to check. Currently only `go`, `npm` and `pypi` are supported." score: type: number description: "The minimum Trusty score for a dependency to be considered safe." default: 5 - evaluate_score: - type: string - description: "Which score to use for evaluation. When empty, the overall score is used." - enum: - - score - - provenance - default: score + provenance: + type: number + description: "Minimum provenance score to consider. Values are 0-10 where 10 represents the highest confidence in the computed origin of the package." + default: 0 + activity: + type: number + description: "Minimum level of activity to consider as healthy. Values are 0-10 where 10 represents the most active." + default: 0 + ingest: type: diff diff: