Reposaur
Reposaur is the open source compliance tool for development platforms.
Audit, verify and report on your data and configurations easily with pre-defined
and/or custom policies.
Supports GitHub. GitLab, BitBucket and Gitea
support soon.
⚠
From 0.7.0
onwards, policies namespaces must be prefixed with a provider name.
For example, policies with the repository
namespace are now github.repository
.
This change allows new providers to be added easily without namespaces colliding.
Quick Start
See also our Writing your first policy guide for a more in-depth walkthrough.
- Install the CLI in your machine (see Installation for available options)
- Write your first policy:
# ./repository.regopackage github.repository
innersource_files := ["README.md", "CONTRIBUTING.md", "LICENSE"]
# METADATA# title: Repository is not InnerSource ready# description: |-# InnerSource repositories (that have the `innersource` topic) must have all of# these files: `README.md`, `CONTRIBUTING.md` and `LICENSE`, and at least one# of them is missing.note_not_innersource_ready { # check if repository has the innersource topic input.topics[_] == "innersource"
# fetch all the root files resp := github.request("GET /repos/{owner}/{repo}/contents", { "owner": input.owner.login, "repo": input.name, })
# count how many of the files belong to the required files list total_innersource_files = count([f | f := resp.body[_].name == innersource_files[_]; f])
# if the total files differs from the total required files the repository # is missing some of them and is not InnerSource ready total_innersource_files != count(innersource_files)}
- Execute the policy against a repository:
$ gh api /repos/reposaur/test | rsr exec
The following SARIF report will be outputted:
{ "version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", "runs": [ { "tool": { "driver": { "informationUri": "https://github.com/reposaur/reposaur", "name": "Reposaur", "rules": [ { "id": "github.repository/note/not_innersource_ready", "name": "Repository is not InnerSource ready", "shortDescription": { "text": "Repository is not InnerSource ready" }, "fullDescription": { "text": "InnerSource repositories (that have the `innersource` topic) must have all of\nthese files: `README.md`, `CONTRIBUTING.md` and `LICENSE`, and at least one\nof them is missing.", "markdown": "InnerSource repositories (that have the `innersource` topic) must have all of\nthese files: `README.md`, `CONTRIBUTING.md` and `LICENSE`, and at least one\nof them is missing." }, "help": { "markdown": "InnerSource repositories (that have the `innersource` topic) must have all of\nthese files: `README.md`, `CONTRIBUTING.md` and `LICENSE`, and at least one\nof them is missing." }, "properties": { "security-severity": "1" } } ] } }, "results": [ { "ruleId": "github.repository/note/not_innersource_ready", "ruleIndex": 0, "level": "note", "message": { "text": "Repository is not InnerSource ready" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "." } } } ] } ], "properties": { "default_branch": "main", "owner": "reposaur", "repo": "test" } } ]}