metadata updates

show_all.rego → block_all.rego

@@ -1,12 +1,13 @@
 # METADATA
-# title: Show All
+# title: Block All Issues
 # description: |
-#    Returns a violation for all identified issues
+#    Blocks all identified issues
 package policy.v1
 
 import rego.v1
 
-# Policy Violation
+# METADATA
+# title: Policy Violation
 deny contains issue if {
 	some issue in data.issues
 }

confirmed_malicious.rego

@@ -1,30 +1,34 @@
 # METADATA
 # title: Confirmed Malicious
 # description: |
-#   Return a violation if the pacakge or author is tied to known malicious behavior
+#   Blocks if the package or author is tied to known malicious behavior
 package policy.v1
 
 import rego.v1
 
-# Returns a violation if the author is known malicious
+# METADATA
+# title: Author is known malicious
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "CA0001"
 }
 
-# Returns a violation if the package contains verified malware
+# METADATA
+# title: Verified malware
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "CM0037"
 }
 
-# Returns a violation if the package contains a known-bad compiled binary
+# METADATA
+# title: Known-bad compiled binary
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "CM0038"
 }
 
-# Returns a violation if the package depends on a known malicious package
+# METADATA
+# title: Depends on a known malicious package
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "CM0039"

data_exfiltration.rego

@@ -1,18 +1,20 @@
 # METADATA
 # title: Data Exfiltration
 # description: |
-#    Returns a violation if the package contains common data exfiltration techniques
+#    Blocks common data exfiltration techniques
 package policy.v1
 
 import rego.v1
 
-# Package contains environment variable enumeration
+# METADATA
+# title: Environment variable enumeration
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "HM0025"
 }
 
-# Package contains webhook exfiltration
+# METADATA
+# title: Webhook exfiltration
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "HM0036"

dependency_confusion.rego

@@ -1,12 +1,13 @@
 # METADATA
 # title: Dependency Confusion
 # description: |
-#    Returns a violation if the package appears to be a dependency confusion
+#    Blocks dependency confusion
 package policy.v1
 
 import rego.v1
 
-# Package contains environment variable enumeration
+# METADATA
+# title: Dependency confusion
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "HM0018"

install_code.rego

@@ -1,12 +1,13 @@
 # METADATA
 # title: Install Code Execution
 # description: |
-#    Returns a violation if there is code execution on package install
+#    Blocks code execution on package install
 package policy.v1
 
 import rego.v1
 
-# Package contains code execution on install
+# METADATA
+# title: Code execution on install
 deny contains issue if {
 	some issue in data.issues
 	issue.tag in {"IM0042", "IM0043", "IM0044"}

install_code_suspicious.rego

@@ -1,18 +1,19 @@
 # METADATA
 # title: Install Code Execution (Suspicious)
 # description: |
-#    Returns a violation if there is suspicious code execution on pacakge install
+#    Blocks suspicious code execution on pacakge install
 package policy.v1
 
 import rego.v1
 
-# Package contains suspicious code execution on install
+# METADATA
+# title: Suspicious code execution on install
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "CM0007"
 }
 
-# Package contains suspicious code execution on install
+# title: Suspicious code execution on install
 deny contains issue if {
 	some issue in data.issues
 	endswith(issue.tag, "M0031")

license_mismatch.rego

@@ -1,12 +1,13 @@
 # METADATA
 # title: License Mismatch
 # description: |
-#    Returns a violation if there is a license mismatch between metadata and files
+#    Blocks a license mismatch between metadata and files
 package policy.v1
 
 import rego.v1
 
-# License mismatch
+# METADATA
+# title: License mismatch
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "IL0022"

minimal_code.rego

@@ -1,12 +1,13 @@
 # METADATA
 # title: Minimal Code
 # description: |
-#    Returns a violation if the package contains minimal code and is unlikley worth the security risk
+#    Blocks packages containing minimal code
 package policy.v1
 
 import rego.v1
 
-# Package contains minimal code
+# METADATA
+# title: Minimal code
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "IE0027"

obfuscated_code.rego

@@ -1,12 +1,13 @@
 # METADATA
 # title: Obfuscated Code
 # description: |
-#    Returns a violation if the package contains obfuscated code
+#    Blocks obfuscated code
 package policy.v1
 
 import rego.v1
 
-# Package contains obfuscated code
+# METADATA
+# title: Obfuscated code
 deny contains issue if {
 	some issue in data.issues
 	issue.tag in {"HM0029", "HM0099", "HM0023", "IM0040", "IM0041"}

runs_remote_code.rego

@@ -1,12 +1,13 @@
 # METADATA
 # title: Runs Remote Code
 # description: |
-#    Returns a violation if the package runs remote code
+#    Blocks packages that run remote code
 package policy.v1
 
 import rego.v1
 
-# Runs remote code
+# METADATA
+# title: Runs remote code
 deny contains issue if {
 	some issue in data.issues
 	issue.tag in {"CM0024", "MM0024", "HM0032"}

secret_non_test.rego

@@ -1,12 +1,13 @@
 # METADATA
-# title: Minimal Code
+# title: Secrets in non-test files
 # description: |
-#    Returns a violation if the package contains secrets/tokens excluding test/example files
+#    Blocks packages containing secrets/tokens in non-test files
 package policy.v1
 
 import rego.v1
 
-# Secrets in non-test file
+# METADATA
+# title: Secrets in non-test file
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "ME0016"

suspicious_url.rego

@@ -1,12 +1,13 @@
 # METADATA
 # title: Suspicious URL References
 # description: |
-#    Returns a violation if the package references sites uncommon to legitimate software
+#    Block packages referencing sites uncommon to legitimate software
 package policy.v1
 
 import rego.v1
 
-# Suspicious URL reference
+# METADATA
+# title: Suspicious URL reference
 deny contains issue if {
 	some issue in data.issues
 	issue.tag == "MM0028"

typosquat.rego

@@ -1,13 +1,14 @@
 # METADATA
 # title: Typosquat
 # description: |
-#    Returns a violation if the package contains a potential typosquat with malicious characteristics
+#    Blocks potential typosquat with malicious characteristics
 package policy.v1
 
 import data.phylum.domain
 import rego.v1
 
-# Potential typosquat with malicious characteristics
+# METADATA
+# title: Potential typosquat with malicious characteristics
 deny contains typosquat_issue if {
 	some dependency in data.dependencies
 

vuln_crit.rego

@@ -1,14 +1,15 @@
 # METADATA
-# title: Critical Software Vulnerability
+# title: Software Vulnerability - Critical
 # description: |
-#    Returns a violation if the package has a Critical software vulnerability
+#    Blocks Critical software vulnerabilities
 package policy.v1
 
 import data.phylum.domain
 import data.phylum.level
 import rego.v1
 
-# Critical software vulnerability
+# METADATA
+# title: Critical software vulnerability
 deny contains issue if {
 	some issue in data.issues
 	issue.domain == domain.VULNERABILITY

vuln_crit_high.rego

@@ -1,14 +1,15 @@
 # METADATA
-# title: Critical/High Software Vulnerability
+# title: Software Vulnerability - Critical/High
 # description: |
-#    Returns a violation if the package has a Critical or High software vulnerability
+#    Blocks Critical and High software vulnerabilities
 package policy.v1
 
 import data.phylum.domain
 import data.phylum.level
 import rego.v1
 
-# Critical or High software vulnerability
+# METADATA
+# title: Critical or High software vulnerability
 deny contains issue if {
 	some issue in data.issues
 	issue.domain == domain.VULNERABILITY