reglet/docs/examples/01-quickstart.yaml at main · reglet-dev/reglet · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Quickstart - Check basic project security
# Run: reglet check examples/01-quickstart.yaml --trust-plugins
#
# This profile checks basic files in the project.
# Demonstrates file plugin with accessible files.

profile:
  name: Project Security Quickstart
  description: Basic security checks for project files
  version: 1.0.0

plugins:
  - file

controls:
  items:
    - id: go-mod-exists
      name: Go module file exists
      description: Verify go.mod is present
      severity: high
      tags: [filesystem, project]
      observations:
        - plugin: file
          config:
            path: go.mod
          expect:
            - data.exists

    - id: readme-exists
      name: README file exists
      description: Project should have a README
      severity: low
      tags: [filesystem, documentation]
      observations:
        - plugin: file
          config:
            path: README.md
          expect:
            - data.exists

    - id: makefile-exists
      name: Makefile exists
      description: Build automation file should exist
      severity: low
      tags: [filesystem, build]
      observations:
        - plugin: file
          config:
            path: Makefile
          expect:
            - data.exists
            - data.size == 2785

    - id: go-mod-readable
      name: Go module file is readable
      description: go.mod should be readable
      severity: medium
      tags: [filesystem, project]
      observations:
        - plugin: file
          config:
            path: go.mod
          expect:
            - data.readable