add latest spectral integration

SpectralOps · Feb 7, 2021 · c0941b4 · c0941b4
1 parent 5d9112b
commit c0941b4
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 10 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,14 @@
+name: Spectral
+on: [push]
+env:
+  SPECTRAL_DSN: ${{ secrets.SPECTRAL_DSN }}
+jobs:
+  build:
+    name: Spectral
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install
+        run: curl -L "https://get.spectralops.io/latest/sh?dsn=$SPECTRAL_DSN" | sudo sh
+      - name: Scan
+        run: spectral scan
diff --git a/.spectral/ignores.yaml b/.spectral/ignores.yaml
@@ -0,0 +1,4 @@
+# ignores known and problematic files, per rule.
+# "problematic" files can be test files, mock data files and so on.
+AWS0001:
+    - .*create-react-context/.*
diff --git a/.spectral/rules/merchants.speql.yaml b/.spectral/rules/merchants.speql.yaml
@@ -0,0 +1,5 @@
+RL001:
+    name: Merchant IDs
+    or:
+    - pattern: MERK_.*
+    - pattern: MAR_FINDER.*
diff --git a/.spectral/rules/sample.yaml b/.spectral/rules/sample.yaml
@@ -0,0 +1,17 @@
+rules:
+- id: AWS0001
+  name: No AWS secrets in python files.
+  finding: ".*/(.*).py" # python file name
+  subject: "(.*)[^/]*"  # root folder
+  description: We should not have any AWS secrets in python files.
+  tags:
+  - python
+  applies_to:
+  - ".*\\.py$"
+  severity: info
+  pattern_group:
+    aggregate: or
+    scope: text
+    patterns:
+    - pattern: ".*A[KS]IA.*"
+      pattern_type: regex # This can also be 'dict', 'entropy'. For 'dict' see words.yaml
diff --git a/.spectral/spectral.yaml b/.spectral/spectral.yaml
@@ -1,17 +1,21 @@
 reporter:
     outputs:
         stylish: {}        # nice looking CLI reports
-        log:              # use a logger
-            json: true      # enable JSON logging
-            file: out.json  # put output in a file
+        log:               # use a logger
+            json: true     # enable JSON logging
+            file: out.json # put output in a file
+
+match_ignores:
+    ignores:
+    - path: ".*/.spectral/"
 
 projects:
     sample:
         project:
             name: sample
         input:
-            - local: src
+            - local: .
               name: sources
         rules:
             roots:
-            - rules
+            - rules
diff --git a/README.md b/README.md
@@ -4,14 +4,12 @@ In this example you'll see how to use a JSON output in addition to your regular
 
 This is great for cases where you want to ship logs to your SIEM system or your log management service.
 
-You need to use Spectral v1.9x series (vNext: `curl -L spectralops.io/next | sh`).
-
 Look in [.spectral/spectral.yaml](.spectral/spectral.yaml):
 
     reporter:
         outputs:
             stylish: {}        # nice looking CLI reports
-            log:              # use a logger
-                json: true      # enable JSON logging
-                file: out.json  # put output in a file
+            log:               # use a logger
+                json: true     # enable JSON logging
+                file: out.json # put output in a file