From c0941b46a3be8ce6c5358c037bba43527bcde35c Mon Sep 17 00:00:00 2001 From: Uri Shamay Date: Sun, 7 Feb 2021 16:08:55 +0200 Subject: [PATCH] add latest spectral integration --- .github/workflows/build.yml | 14 ++++++++++++++ .spectral/ignores.yaml | 4 ++++ .spectral/rules/merchants.speql.yaml | 5 +++++ .spectral/rules/sample.yaml | 17 +++++++++++++++++ .spectral/spectral.yaml | 14 +++++++++----- README.md | 8 +++----- 6 files changed, 52 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/build.yml create mode 100644 .spectral/ignores.yaml create mode 100644 .spectral/rules/merchants.speql.yaml create mode 100644 .spectral/rules/sample.yaml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..a0536cb --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,14 @@ +name: Spectral +on: [push] +env: + SPECTRAL_DSN: ${{ secrets.SPECTRAL_DSN }} +jobs: + build: + name: Spectral + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Install + run: curl -L "https://get.spectralops.io/latest/sh?dsn=$SPECTRAL_DSN" | sudo sh + - name: Scan + run: spectral scan diff --git a/.spectral/ignores.yaml b/.spectral/ignores.yaml new file mode 100644 index 0000000..0735b2f --- /dev/null +++ b/.spectral/ignores.yaml @@ -0,0 +1,4 @@ +# ignores known and problematic files, per rule. +# "problematic" files can be test files, mock data files and so on. +AWS0001: + - .*create-react-context/.* \ No newline at end of file diff --git a/.spectral/rules/merchants.speql.yaml b/.spectral/rules/merchants.speql.yaml new file mode 100644 index 0000000..1efece2 --- /dev/null +++ b/.spectral/rules/merchants.speql.yaml @@ -0,0 +1,5 @@ +RL001: + name: Merchant IDs + or: + - pattern: MERK_.* + - pattern: MAR_FINDER.* \ No newline at end of file diff --git a/.spectral/rules/sample.yaml b/.spectral/rules/sample.yaml new file mode 100644 index 0000000..24d0b36 --- /dev/null +++ b/.spectral/rules/sample.yaml @@ -0,0 +1,17 @@ +rules: +- id: AWS0001 + name: No AWS secrets in python files. + finding: ".*/(.*).py" # python file name + subject: "(.*)[^/]*" # root folder + description: We should not have any AWS secrets in python files. + tags: + - python + applies_to: + - ".*\\.py$" + severity: info + pattern_group: + aggregate: or + scope: text + patterns: + - pattern: ".*A[KS]IA.*" + pattern_type: regex # This can also be 'dict', 'entropy'. For 'dict' see words.yaml \ No newline at end of file diff --git a/.spectral/spectral.yaml b/.spectral/spectral.yaml index c60d069..ab3f6f7 100644 --- a/.spectral/spectral.yaml +++ b/.spectral/spectral.yaml @@ -1,17 +1,21 @@ reporter: outputs: stylish: {} # nice looking CLI reports - log: # use a logger - json: true # enable JSON logging - file: out.json # put output in a file + log: # use a logger + json: true # enable JSON logging + file: out.json # put output in a file + +match_ignores: + ignores: + - path: ".*/.spectral/" projects: sample: project: name: sample input: - - local: src + - local: . name: sources rules: roots: - - rules \ No newline at end of file + - rules diff --git a/README.md b/README.md index 0d33db1..b8da45e 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,12 @@ In this example you'll see how to use a JSON output in addition to your regular This is great for cases where you want to ship logs to your SIEM system or your log management service. -You need to use Spectral v1.9x series (vNext: `curl -L spectralops.io/next | sh`). - Look in [.spectral/spectral.yaml](.spectral/spectral.yaml): reporter: outputs: stylish: {} # nice looking CLI reports - log: # use a logger - json: true # enable JSON logging - file: out.json # put output in a file + log: # use a logger + json: true # enable JSON logging + file: out.json # put output in a file