From 0a1a90ccbca1a9d636ca4c6aa9e1341c5eddc616 Mon Sep 17 00:00:00 2001 From: Brad Crawford <34108612+furi0us333@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:27:56 -0500 Subject: [PATCH 1/3] Delete default.rego --- default.rego | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 default.rego diff --git a/default.rego b/default.rego deleted file mode 100644 index f36fd5c..0000000 --- a/default.rego +++ /dev/null @@ -1,8 +0,0 @@ -package policy - -import data.phylum.level -import rego.v1 - -issue contains "risk level cannot exceed medium" if { - data.issue.severity > level.MEDIUM -} From 10a53fdfeffc7932fcaf7349b1c6ae4a69ccbbfa Mon Sep 17 00:00:00 2001 From: Brad Crawford <34108612+furi0us333@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:28:11 -0500 Subject: [PATCH 2/3] Delete license_agpl.rego --- license_agpl.rego | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 license_agpl.rego diff --git a/license_agpl.rego b/license_agpl.rego deleted file mode 100644 index 6f474a4..0000000 --- a/license_agpl.rego +++ /dev/null @@ -1,20 +0,0 @@ -package policy - -import rego.v1 - -is_agpl if { - regex.match(`(?i)\bAffero\b`, data.dependency.license) -} - -is_agpl if { - regex.match(`(?i)\bAGPL\b`, data.dependency.license) -} - -# Returns a violation if the package license metadata indicates "Affero" or "AGPL" -# METADATA -# scope: rule -# schemas: -# - data.issue: schema.issue -dependency contains "AGPL licensed software is not allowed" if { - is_agpl -} From eae9f60c02efb5d5ed3b10e2258bd1526ac2de1c Mon Sep 17 00:00:00 2001 From: Brad Crawford <34108612+furi0us333@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:28:21 -0500 Subject: [PATCH 3/3] Delete per_domain.rego --- per_domain.rego | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 per_domain.rego diff --git a/per_domain.rego b/per_domain.rego deleted file mode 100644 index f49c67d..0000000 --- a/per_domain.rego +++ /dev/null @@ -1,20 +0,0 @@ -package policy - -import data.phylum.domain -import data.phylum.level -import rego.v1 - -issue contains "risk level cannot exceed medium" if { - data.issue.domain in {domain.AUTHOR, domain.ENGINEERING, domain.VULNERABILITY} - data.issue.severity > level.MEDIUM -} - -issue contains "malicious risk level cannot exceed low" if { - data.issue.domain == domain.MALICIOUS - data.issue.severity > level.LOW -} - -issue contains "license risk level cannot exceed high" if { - data.issue.domain == domain.LICENSE - data.issue.severity > level.HIGH -}