Skip to content

Commit 04161a1

Browse files
gusfcarvalhogusfcarvalho
authored
feat: introduces plugin v2
1 parent f930635 commit 04161a1

5 files changed

Lines changed: 337 additions & 227 deletions

File tree

.github/workflows/build-and-upload.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
env:
1919
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2020
- name: Install gooci cli
21-
run: go install github.com/compliance-framework/gooci@latest
21+
run: go install github.com/compliance-framework/gooci@v0.0.7
2222
- name: Authenticate gooci cli
2323
run: gooci login ghcr.io --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
2424
- name: gooci Upload Version

examples/policies/gh_org_mfa_enabled.rego

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
11
package compliance_framework.mfa_enabled
22

33
violation[{
4-
"title": "Two Factor Authentication is required at an organization level",
5-
"description": "Two factor authentication should be enabled and enforced for all users within the Github Organization to make it harder for malicious actors to gain access to the organizations settings and repositories & settings",
64
"remarks": "More information from Github can be found here: https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization"
75
}] if {
86
input.settings.two_factor_requirement_enabled == false
9-
}
7+
}
8+
9+
title := "Two Factor Authentication is required at an organization level"
10+
description := "Two factor authentication should be enabled and enforced for all users within the Github Organization to make it harder for malicious actors to gain access to the organizations settings and repositories & settings"

go.mod

Lines changed: 42 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -1,60 +1,66 @@
11
module github.com/compliance-framework/plugin-github-settings
22

3-
go 1.23.6
4-
5-
toolchain go1.24.1
3+
go 1.25.8
64

75
require (
8-
github.com/compliance-framework/agent v0.2.1
6+
github.com/compliance-framework/agent v0.3.1
97
github.com/google/go-github/v71 v71.0.0
108
github.com/hashicorp/go-hclog v1.6.3
11-
github.com/hashicorp/go-plugin v1.6.3
9+
github.com/hashicorp/go-plugin v1.7.0
1210
github.com/mitchellh/mapstructure v1.5.0
1311
)
1412

1513
require (
1614
github.com/agnivade/levenshtein v1.2.1 // indirect
17-
github.com/beorn7/perks v1.0.1 // indirect
1815
github.com/cespare/xxhash/v2 v2.3.0 // indirect
19-
github.com/compliance-framework/api v0.4.0 // indirect
20-
github.com/defenseunicorns/go-oscal v0.6.2 // indirect
16+
github.com/compliance-framework/api v0.13.0 // indirect
17+
github.com/containerd/errdefs/pkg v0.3.0 // indirect
18+
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.1 // indirect
19+
github.com/defenseunicorns/go-oscal v0.7.0 // indirect
20+
github.com/docker/docker v28.5.2+incompatible // indirect
2121
github.com/fatih/color v1.18.0 // indirect
22-
github.com/go-ini/ini v1.67.0 // indirect
23-
github.com/go-logr/logr v1.4.2 // indirect
24-
github.com/go-logr/stdr v1.2.2 // indirect
25-
github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
22+
github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
2623
github.com/gobwas/glob v0.2.3 // indirect
24+
github.com/goccy/go-json v0.10.5 // indirect
2725
github.com/golang/protobuf v1.5.4 // indirect
2826
github.com/google/go-querystring v1.1.0 // indirect
2927
github.com/google/uuid v1.6.0 // indirect
30-
github.com/gorilla/mux v1.8.1 // indirect
3128
github.com/hashicorp/yamux v0.1.2 // indirect
29+
github.com/lestrrat-go/blackmagic v1.0.4 // indirect
30+
github.com/lestrrat-go/dsig v1.0.0 // indirect
31+
github.com/lestrrat-go/dsig-secp256k1 v1.0.0 // indirect
32+
github.com/lestrrat-go/httpcc v1.0.1 // indirect
33+
github.com/lestrrat-go/httprc/v3 v3.0.4 // indirect
34+
github.com/lestrrat-go/jwx/v3 v3.0.13 // indirect
35+
github.com/lestrrat-go/option/v2 v2.0.0 // indirect
3236
github.com/mattn/go-colorable v0.1.14 // indirect
3337
github.com/mattn/go-isatty v0.0.20 // indirect
34-
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
35-
github.com/oklog/run v1.1.0 // indirect
36-
github.com/open-policy-agent/opa v1.2.0 // indirect
37-
github.com/prometheus/client_golang v1.21.1 // indirect
38-
github.com/prometheus/client_model v0.6.1 // indirect
39-
github.com/prometheus/common v0.63.0 // indirect
40-
github.com/prometheus/procfs v0.16.0 // indirect
41-
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
42-
github.com/sirupsen/logrus v1.9.3 // indirect
43-
github.com/tchap/go-patricia/v2 v2.3.2 // indirect
38+
github.com/oklog/run v1.2.0 // indirect
39+
github.com/open-policy-agent/opa v1.14.1 // indirect
40+
github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 // indirect
41+
github.com/segmentio/asm v1.2.1 // indirect
42+
github.com/sirupsen/logrus v1.9.4 // indirect
43+
github.com/tchap/go-patricia/v2 v2.3.3 // indirect
44+
github.com/valyala/fastjson v1.6.10 // indirect
45+
github.com/vektah/gqlparser/v2 v2.5.32 // indirect
4446
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
4547
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
4648
github.com/yashtewari/glob-intersection v0.2.0 // indirect
47-
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
48-
go.opentelemetry.io/otel v1.35.0 // indirect
49-
go.opentelemetry.io/otel/metric v1.35.0 // indirect
50-
go.opentelemetry.io/otel/sdk v1.35.0 // indirect
51-
go.opentelemetry.io/otel/trace v1.35.0 // indirect
52-
golang.org/x/net v0.38.0 // indirect
53-
golang.org/x/sys v0.33.0 // indirect
54-
golang.org/x/text v0.24.0 // indirect
55-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect
56-
google.golang.org/grpc v1.71.0 // indirect
57-
google.golang.org/protobuf v1.36.6 // indirect
58-
gopkg.in/yaml.v3 v3.0.1 // indirect
59-
sigs.k8s.io/yaml v1.4.0 // indirect
49+
go.opentelemetry.io/otel/metric v1.42.0 // indirect
50+
go.opentelemetry.io/otel/trace v1.42.0 // indirect
51+
go.uber.org/multierr v1.11.0 // indirect
52+
go.uber.org/zap v1.27.1 // indirect
53+
go.yaml.in/yaml/v2 v2.4.4 // indirect
54+
go.yaml.in/yaml/v3 v3.0.4 // indirect
55+
golang.org/x/crypto v0.48.0 // indirect
56+
golang.org/x/net v0.51.0 // indirect
57+
golang.org/x/oauth2 v0.35.0 // indirect
58+
golang.org/x/sync v0.20.0 // indirect
59+
golang.org/x/sys v0.42.0 // indirect
60+
golang.org/x/text v0.34.0 // indirect
61+
golang.org/x/tools v0.42.0 // indirect
62+
google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 // indirect
63+
google.golang.org/grpc v1.79.3 // indirect
64+
google.golang.org/protobuf v1.36.11 // indirect
65+
sigs.k8s.io/yaml v1.6.0 // indirect
6066
)

0 commit comments

Comments
 (0)