-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ Use checks.yaml to store which repo types are supported by each check #1195
Conversation
@@ -18,6 +18,7 @@ checks: | |||
Maintained: | |||
risk: High | |||
tags: supply-chain, security | |||
repos: GitHub |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe simpler to add a boolean like run-on-local-files
? That way checks.yaml
doesn't have to be updated with newer repo implementations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you don't mind, I'll keep it as-is because it lends itself well to supporting other interfaces: gitlab, local-git, etc. I don't think we'll be able to support all of them with a binary "run on local file or not".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
546075b
to
4eb271c
Compare
This is a feature with no breaking changes.
close #1184
The general behavior for check selection is as follows:
--repo=X
=> uses all checks supported by the repo interface--repo=X --check=Y
=> uses check Y and verifies it's supported by repo interface--repo=X --policy=Z
=> uses all checks defined in the policy file AND supported by repo interface--repo=X --policy=Z --checks=Y
=> uses Y AND verifies Y is defined in the policy and verifies Y checks are supported by the repo interfaceThe one thing I don't like is that, if a user passes a policy, we're silently discarding checks not supported by the interface. I wonder if this may be confusing for users.