Update install_code_suspicious.rego

phylum-dev · Jul 3, 2024 · 3130ebd · 3130ebd
1 parent edcc8af
commit 3130ebd
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/install_code_suspicious.rego b/install_code_suspicious.rego
@@ -1,16 +1,20 @@
-package policy
+# METADATA
+# title: Install Code Execution (Suspicious)
+# description: |
+#    Returns a violation if there is suspicious code execution on pacakge install
+
+package policy.v1
 
 import rego.v1
 
-# Returns a violation if there is suspicious code execution on package install
-# METADATA
-# scope: rule
-# schemas:
-#   - data.issue: schema.issue
-issue contains "Package contains suspicious code execution on install" if {
-	data.issue.tag == "CM0007"
+# Package contains suspicious code execution on install
+deny contains issue if {
+   some issue in data.issues
+   issue.tag == "CM0007"
 }
 
-issue contains "Package contains suspicious code execution on install" if {
-	endswith(data.issue.tag, "M0031")
+# Package contains suspicious code execution on install
+deny contains issue if {
+   some issue in data.issues
+   endswith(issue.tag, "M0031")
 }