Add a display name for each rule type

rule-types/github/actions_check_default_permissions.yaml

@@ -1,6 +1,7 @@
 version: v1
 type: rule-type
 name: actions_check_default_permissions
+display_name: Ensure GitHub Actions workflows set their permissions
 severity:
   value: medium
 context:

rule-types/github/actions_check_pinned_tags.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: actions_check_pinned_tags
+display_name: Ensure immutable version of GitHub action
 severity:
   value: medium
 context:

rule-types/github/allowed_selected_actions.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: allowed_selected_actions
+display_name: Limit the permitted GitHub actions by creator
 severity:
   value: medium
 context:

rule-types/github/artifact_attestation_slsa.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: artifact_attestation_slsa
+display_name: Verify the integrity of an artifact
 context:
   provider: github
 description: |

rule-types/github/artifact_signature.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: artifact_signature
+display_name: Ensure artifacts are signed and verified
 severity:
   value: high
 context:

rule-types/github/automatic_branch_deletion.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: automatic_branch_deletion
+display_name: Automatically delete branch after merge
 severity:
   value: info
 context:

rule-types/github/branch_protection_allow_deletions.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_allow_deletions
+display_name: Prevent permanent branch deletion
 severity:
   value: medium
 context:

rule-types/github/branch_protection_allow_force_pushes.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_allow_force_pushes
+display_name: Prevent overwriting git history
 severity:
   value: medium
 context:

rule-types/github/branch_protection_allow_fork_syncing.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_allow_fork_syncing
+display_name: Allow forks to pull changes from locked branches
 severity:
   value: low
 context:

rule-types/github/branch_protection_enabled.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_enabled
+display_name: Ensure a branch protection rule is set up
 severity:
   value: high
 context:

rule-types/github/branch_protection_enforce_admins.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_enforce_admins
+display_name: Enforce branch protection rules for admins
 severity:
   value: medium
 context:

rule-types/github/branch_protection_lock_branch.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_lock_branch
+display_name: Set a branch as read-only
 severity:
   value: medium
 context:

rule-types/github/branch_protection_require_conversation_resolution.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_require_conversation_resolution
+display_name: Prevent merging PRs with unresolved conversations
 severity:
   value: info
 context:

rule-types/github/branch_protection_require_linear_history.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_require_linear_history
+display_name: Forbid merge commits
 severity:
   value: info
 context:

rule-types/github/branch_protection_require_pull_request_approving_review_count.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_require_pull_request_approving_review_count
+display_name: Require a number of reviews before merging a PR
 severity:
   value: medium
 context:

rule-types/github/branch_protection_require_pull_request_code_owners_review.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_require_pull_request_code_owners_review
+display_name: Require a code owner review before merging a PR
 severity:
   value: low
 context:

rule-types/github/branch_protection_require_pull_request_dismiss_stale_reviews.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_require_pull_request_dismiss_stale_reviews
+display_name: Forbid merging PRs with un-approved commits
 severity:
   value: info
 context:

rule-types/github/branch_protection_require_pull_request_last_push_approval.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_require_pull_request_last_push_approval
+display_name: Disregard self-approvals on PRs
 severity:
   value: low
 context:

rule-types/github/branch_protection_require_pull_requests.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_require_pull_requests
+display_name: Only merge code from pull requests
 severity:
   value: medium
 context:

rule-types/github/branch_protection_require_signatures.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: branch_protection_require_signatures
+display_name: Require commits to be signed
 severity:
   value: medium
 context:

rule-types/github/codeql_enabled.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: codeql_enabled
+display_name: Enable CodeQL for vulnerability scanning
 severity:
   value: medium
 context:

rule-types/github/default_workflow_permissions.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: default_workflow_permissions
+display_name: Customize the default GitHub workflow permissions
 severity:
   value: high
 context:

rule-types/github/dependabot_configured.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: dependabot_configured
+display_name: Enable Dependabot for automated dependency updates
 severity:
   value: medium
 context:

rule-types/github/dockerfile_no_latest_tag.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: dockerfile_no_latest_tag
+display_name: Prevent Dockerfile from using volatile 'latest' tag
 severity:
   value: medium
 context:

rule-types/github/github_actions_allowed.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: github_actions_allowed
+display_name: Limit the permitted GitHub actions by type
 severity:
   value: medium
 context:

rule-types/github/invisible_characters_check.yaml

@@ -1,6 +1,7 @@
 version: v1
 type: rule-type
 name: invisible_characters_check
+display_name: Check for invisible characters in pull requests
 severity:
   value: high
 context:

rule-types/github/license.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: license
+display_name: Ensure a license file is present
 severity:
   value: low
 context:

rule-types/github/mixed_scripts_check.yaml

@@ -1,6 +1,7 @@
 version: v1
 type: rule-type
 name: mixed_scripts_check
+display_name: Check for mixed scripts in pull requests
 severity:
   value: high
 context:

rule-types/github/no_binaries_in_repo.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: no_binaries_in_repo
+display_name: Ensure no binary artifacts are committed
 severity:
   value: medium
 context:

rule-types/github/no_open_security_advisories.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: no_open_security_advisories
+display_name: Verify there are no open security advisories
 severity:
   value: low
 context:

rule-types/github/pr_trusty_check.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: pr_trusty_check
+display_name: Ensure pull requests do not add dependencies with a low Trusty
 severity:
   value: medium
 context:

rule-types/github/pr_vulnerability_check.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: pr_vulnerability_check
+display_name: Ensure pull requests do not add vulnerable dependencies
 severity:
   value: medium
 context:

rule-types/github/repo_action_allow_list.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: repo_action_allow_list
+display_name: Ensure that only allowed GitHub actions run in a repository
 severity:
   value: info
 context:

rule-types/github/repo_workflow_access_level.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: repo_workflow_access_level
+display_name: Limit the external access of private repositories
 severity:
   value: medium
 context:

rule-types/github/scorecard_enabled.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: scorecard_enabled
+display_name: Enable the Scorecard GitHub Action
 severity:
   value: medium
 context:

rule-types/github/secret_push_protection.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: secret_push_protection
+display_name: Enable secret push protection to avoid pushing hardcoded secrets
 severity:
   value: high
 context:

rule-types/github/secret_scanning.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: secret_scanning
+display_name: Enable secret scanning to detect hardcoded secrets
 severity:
   value: high
 context:

rule-types/github/security_insights.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: security_insights
+display_name: Verify the presence of a Security Insights file
 severity:
   value: low
 context:

rule-types/github/security_insights_dep_policy.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: security_insights_dep_policy
+display_name: Verify a dependency policy exists in the Security Insights file
 severity:
   value: low
 context:

rule-types/github/security_policy.yaml

@@ -1,6 +1,7 @@
 version: v1
 type: rule-type
 name: security_policy
+display_name: Ensure a security policy file exists
 severity:
   value: medium
 context:

rule-types/github/trivy_action_enabled.yaml

@@ -2,6 +2,7 @@
 version: v1
 type: rule-type
 name: trivy_action_enabled
+display_name: Ensure Trivy is enabled for vulnerability scanning
 severity:
   value: medium
 context: