Fix a few typos and update the release phase for one of the ruletypes (…

…#159) Signed-off-by: Radoslav Dimitrov <[email protected]>
mindersec · Sep 11, 2024 · 2561434 · 2561434
1 parent d2124b7
commit 2561434
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 9 deletions.
diff --git a/rule-types/github/artifact_attestation_slsa.yaml b/rule-types/github/artifact_attestation_slsa.yaml
@@ -3,15 +3,15 @@ version: v1
 release_phase: alpha
 type: rule-type
 name: artifact_attestation_slsa
-display_name: Verify the integrity of an artifact
+display_name: Verify the integrity of an artifact using SLSA
 context:
   provider: github
 description: |
   Verifies a SLSA provenance attestation
 guidance: |
   Provenance attestations capture the build environment and parameters
   where a software artifact was created. By controlling the build
-  environment, developers can check the integity of the build
+  environment, developers can check the integrity of the build
   environment and that no malicious code was injected into the build
   process.
 

diff --git a/rule-types/github/branch_protection_lock_branch.yaml b/rule-types/github/branch_protection_lock_branch.yaml
@@ -12,7 +12,7 @@ description: Whether the branch is locked
 guidance: |
   Ensure that the branch is locked.
 
-  With this settingthe branch is marked as read-only. Users cannot
+  With this settings the branch is marked as read-only. Users cannot
   push to the branch.
 
   For more information, see [GitHub's

diff --git a/rule-types/github/codeql_enabled.yaml b/rule-types/github/codeql_enabled.yaml
@@ -131,7 +131,7 @@ def:
                 steps:
                   - name: Checkout repository
                     uses: actions/checkout@v3
-                  
+
                   # Initializes the CodeQL tools for scanning.
                   - name: Initialize CodeQL
                     uses: github/codeql-action/init@v2
@@ -141,7 +141,7 @@ def:
                         # If you wish to specify custom queries, you can do so here or in a config file.
                         # By default, queries listed here will override any specified in a config file.
                         # Prefix the list here with "+" to use these queries and those in the config file.
-                        
+
                         # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
                         # queries: security-extended,security-and-quality
                     {{ end }}

diff --git a/rule-types/github/invisible_characters_check.yaml b/rule-types/github/invisible_characters_check.yaml
@@ -7,12 +7,12 @@ severity:
   value: high
 context:
   provider: github
-description: |  
+description: |
   For every pull request submitted to a repository, this rule will
-  check if the pull request adds a new change patch with invisible characters. 
+  check if the pull request adds a new change patch with invisible characters.
   If it does, the rule will fail and the pull request will be commented on.
 
-  This detects and highlights the use of invisible characters 
+  This detects and highlights the use of invisible characters
   that could potentially hide malicious code.
   
   The characters classified as "invisible" can be found at

diff --git a/rule-types/github/repo_action_allow_list.yaml b/rule-types/github/repo_action_allow_list.yaml
@@ -1,6 +1,6 @@
 ---
 version: v1
-release_phase: alpha
+release_phase: beta
 type: rule-type
 name: repo_action_allow_list
 display_name: Ensure that only allowed GitHub actions run in a repository