Merge pull request #65 from Omegapoint/feature/secret-scanning-control

Feature/secret scanning control
Omegapoint · Apr 16, 2024 · 97a3fcd · 97a3fcd
2 parents 7ea3d8a + e81898c
commit 97a3fcd
Show file tree

Hide file tree

Showing 13 changed files with 104 additions and 38 deletions.
diff --git a/README.md b/README.md
@@ -1,14 +1,16 @@
 [![OP Compliance Dashboard](https://img.shields.io/badge/OP%20Compliance%20Dashboard-click%20here-blue)](https://cydig.omegapoint.cloud/cydig)<br/><br/>
-![Timestamp](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-comp-state-prod.azurewebsites.net%2Fapi%2FReadToReadme%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX%26teamName%3DCyDig%26teamProjectName%3DCyDig%26codeRepositoryName%3Dcydig-compliance-action%26stateType%3Dtimestamp)<br/><br/>
-![threatModelingDate](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-comp-state-prod.azurewebsites.net%2Fapi%2FReadToReadme%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX%26teamName%3DCyDig%26teamProjectName%3DCyDig%26codeRepositoryName%3Dcydig-compliance-action%26stateType%3DthreatModelingDate)<br/>
-![numberOfReviewers](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-comp-state-prod.azurewebsites.net%2Fapi%2FReadToReadme%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX%26teamName%3DCyDig%26teamProjectName%3DCyDig%26codeRepositoryName%3Dcydig-compliance-action%26stateType%3DnumberOfReviewers)<br/>
-[![secureScore](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-comp-state-prod.azurewebsites.net%2Fapi%2FReadToReadme%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX%26teamName%3DCyDig%26teamProjectName%3DCyDig%26codeRepositoryName%3Dcydig-compliance-action%26stateType%3DsecureScore)](https://portal.azure.com/#view/Microsoft_Azure_Security/RecommendationsBladeV2/subscriptionIds~/%5B%2215c6235f-9e0f-4073-baf4-4fd0a7913d76%22%5D/source/SecurityPosture_ViewRecommendation)<br/>
-[![allowedLocationPolicy](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-comp-state-prod.azurewebsites.net%2Fapi%2FReadToReadme%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX%26teamName%3DCyDig%26teamProjectName%3DCyDig%26codeRepositoryName%3Dcydig-compliance-action%26stateType%3DallowedLocationPolicy)](https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyMenuBlade/~/Compliance)<br/>
-![pentestDate](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-comp-state-prod.azurewebsites.net%2Fapi%2FReadToReadme%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX%26teamName%3DCyDig%26teamProjectName%3DCyDig%26codeRepositoryName%3Dcydig-compliance-action%26stateType%3DpentestDate)<br/>
-![numberOfDeployedVMs](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-comp-state-prod.azurewebsites.net%2Fapi%2FReadToReadme%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX%26teamName%3DCyDig%26teamProjectName%3DCyDig%26codeRepositoryName%3Dcydig-compliance-action%26stateType%3DnumberOfDeployedVMs)<br/>
-![usersInProduction](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-comp-state-prod.azurewebsites.net%2Fapi%2FReadToReadme%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX%26teamName%3DCyDig%26teamProjectName%3DCyDig%26codeRepositoryName%3Dcydig-compliance-action%26stateType%3DusersInProduction)<br/>
-
-
+![Timestamp](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2Ftimestamp%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/><br/>
+![threatModelingDate](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FthreatModelingDate%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/>
+![numberOfReviewers](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FnumberOfReviewers%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/>
+![scaTool](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FscaTool%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/>
+![sastTool](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FsastTool%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/>
+[![secureScore](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FsecureScore%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)](https://portal.azure.com/#view/Microsoft_Azure_Security/RecommendationsBladeV2/subscriptionIds~/%5B%22***%22%5D/source/SecurityPosture_ViewRecommendation)<br/>
+[![allowedLocationPolicy](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FallowedLocationPolicy%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)](https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyMenuBlade/~/Compliance)<br/>
+![pentestDate](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FpentestDate%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/>
+![numberOfDeployedVMs](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FnumberOfDeployedVMs%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/>
+![numberOfExposedSecrets](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FnumberOfExposedSecrets%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/>
+![codeQualityTool](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FcodeQualityTool%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/>
+![usersInProduction](https://img.shields.io/endpoint?url=https%3A%2F%2Ffunc-cydig-badge-service-prod.azurewebsites.net%2Fapi%2Fteams%2FCyDig%2Fsources%2FGitHub%2Fprojects%2Fnot-specified%2Frepositories%2Fcydig-compliance-action%2Fcontrols%2FusersInProduction%3Fcode%3DxaEvCDsaK01y2Z6SBivwOKndN4o915lpOTt1VkmULgsxgsjkml7u1DOhgULzmAPX)<br/>
 
 # CyDig Compliance Action
 

diff --git a/src/azuredevopsboard/AzureDevOpsBoardService.ts b/src/azuredevopsboard/AzureDevOpsBoardService.ts
@@ -9,8 +9,7 @@ export class AzureDevOpsBoardService {
   public static async getStateOfAzureDevOpsBoards(cydigConfig: CyDigConfig): Promise<void> {
     if (cydigConfig.azureDevOps.boards) {
       try {
-        console.log('\n Running Azure DevOps Boards control');
-
+        console.log('--- Azure DevOps Boards control ---');
         const azureDevOpsConnection: AzureDevOpsConnection = new AzureDevOpsConnection(
           cydigConfig.azureDevOps.boards.organizationName,
           core.getInput('accessTokenAzureDevOps')
@@ -47,6 +46,7 @@ export class AzureDevOpsBoardService {
         core.warning('Error getting tickets for Azure DevOps Board!');
         console.log('Error:', error.message);
       }
+      console.log('\n');
     }
   }
 }
diff --git a/src/branchprotection/BranchProtectionService.ts b/src/branchprotection/BranchProtectionService.ts
@@ -5,7 +5,7 @@ import { GitHub } from '@actions/github/lib/utils';
 export class BranchProtectionService {
   public static async getStateOfBranchProtection(): Promise<void> {
     try {
-      console.log('\n Running branch protection control');
+      console.log('--- Branch protection control ---');
       const { owner, repo }: { owner: string; repo: string } = github.context.repo;
       const token: string = core.getInput('PAT-token');
 
@@ -35,13 +35,14 @@ export class BranchProtectionService {
     } catch (error) {
       // Status code '404' means 'Branch not protected'
       if (error.status === 404) {
-        console.log('Branch protection is not enabled for this repository');
+        core.warning('Branch protection is not enabled for this repository');
         core.exportVariable('numberOfReviewers', 0);
       } else {
         core.warning('Error getting branch protection!');
-        console.log('ERROR STATUS:', error.status);
-        console.log(error);
+        core.warning('Error status:', error.status);
+        core.warning(error.message);
       }
     }
+    console.log('\n');
   }
 }
diff --git a/src/codequalitytools/CodeQualityService.ts b/src/codequalitytools/CodeQualityService.ts
@@ -2,17 +2,18 @@ import * as core from '@actions/core';
 
 export class CodeQualityService {
   public static async getStateOfCodeQualityTool(codeQualityTool: { nameOfTool: string }): Promise<void> {
-    console.log('\n Running Code Quality control');
+    console.log('--- Code Quality control ---');
     if (process.env.codeQualityTool) {
-      console.log(`Code Quality Tool: ${process.env.codeQualityTool}`);
+      console.log(`Tool:`, `${process.env.codeQualityTool}`);
       core.exportVariable('codeQualityTool', process.env.codeQualityTool);
     } else {
       if (!codeQualityTool.nameOfTool || codeQualityTool.nameOfTool === 'name-of-tool') {
         core.warning('Code Quality Tool is not set!');
         return;
       }
-      console.log(`Code Quality Tool: ${codeQualityTool.nameOfTool}`);
+      console.log(`Tool:`, `${codeQualityTool.nameOfTool}`);
       core.exportVariable('codeQualityTool', codeQualityTool.nameOfTool);
     }
+    console.log('\n');
   }
 }
diff --git a/src/index.ts b/src/index.ts
@@ -8,18 +8,20 @@ import { AzureDevOpsBoardService } from './azuredevopsboard/AzureDevOpsBoardServ
 import { CodeQualityService } from './codequalitytools/CodeQualityService';
 import { SastService } from './sasttools/SastService';
 import { ScaService } from './scatools/ScaService';
+import { SecretScanningService } from './secretscanning/SecretScanningService';
 /**
  * The main function for the action.
  * @returns {Promise<void>} Resolves when the action is complete.
  */
 export async function run(): Promise<void> {
   try {
-    console.log('\n Running controls on your repository');
+    console.log('Running compliance controls \n');
     const cydigConfig: CyDigConfig = getContentOfFile(core.getInput('cydigConfigPath'));
 
     await CodeQualityService.getStateOfCodeQualityTool(cydigConfig.codeQualityTool);
     await SastService.getStateOfSastTool(cydigConfig.sastTool);
     await ScaService.getStateOfScaTool(cydigConfig.scaTool);
+    await SecretScanningService.getStateOfExposedSecrets();
 
     await BranchProtectionService.getStateOfBranchProtection();
 

diff --git a/src/pentest/PentestService.ts b/src/pentest/PentestService.ts
@@ -2,14 +2,18 @@ import * as core from '@actions/core';
 
 export class PentestService {
   public static async getStateOfPentest(pentest: { date: string; boardsTag?: string }): Promise<void> {
+    console.log('--- Pentest control ---');
     if (process.env.pentestDate) {
+      console.log('Pentest date was found');
       core.exportVariable('pentestDate', process.env.pentestDate);
     } else {
       if (!pentest.date || pentest.date === 'date-of-pentest') {
         core.warning('Pentest Date is not set!');
         return;
       }
+      console.log('Pentest date was found');
       core.exportVariable('pentestDate', pentest.date);
     }
+    console.log('\n');
   }
 }
diff --git a/src/sasttools/CodeQLService.ts b/src/sasttools/CodeQLService.ts
@@ -54,17 +54,19 @@ export class CodeQLService {
         }
       }
 
-      console.log('SASTNumberOfSeveritylow: ' + sastNumberOfSeverity1);
-      console.log('SASTNumberOfSeverityMedium: ' + sastNumberOfSeverity2);
-      console.log('SASTNumberOfSeverityHigh: ' + sastNumberOfSeverity3);
-      console.log('SASTNumberOfSeverityCritical: ' + sastNumberOfSeverity4);
+      console.log('Low: ' + sastNumberOfSeverity1);
+      console.log('Medium: ' + sastNumberOfSeverity2);
+      console.log('High: ' + sastNumberOfSeverity3);
+      console.log('Critical: ' + sastNumberOfSeverity4);
 
       core.exportVariable('SASTnumberOfSeverity1', sastNumberOfSeverity1);
       core.exportVariable('SASTnumberOfSeverity2', sastNumberOfSeverity2);
       core.exportVariable('SASTnumberOfSeverity3', sastNumberOfSeverity3);
       core.exportVariable('SASTnumberOfSeverity4', sastNumberOfSeverity4);
     } catch (error) {
-      core.warning('Could not set CodeQL severities');
+      core.warning('Failed to get CodeQL severities');
+      core.warning('Error status:', error.status);
+      core.warning(error.message);
       core.exportVariable('SASTnumberOfSeverity1', 0);
       core.exportVariable('SASTnumberOfSeverity2', 0);
       core.exportVariable('SASTnumberOfSeverity3', 0);

diff --git a/src/sasttools/SastService.ts b/src/sasttools/SastService.ts
@@ -3,12 +3,12 @@ import { CodeQLService } from './CodeQLService';
 
 export class SastService {
   public static async getStateOfSastTool(sastTool: { nameOfTool: string }): Promise<void> {
-    console.log('\n Running SAST control');
+    console.log('--- SAST control ---');
     let sast: string = sastTool.nameOfTool;
     if (process.env.sastTool) {
       sast = process.env.sastTool;
     }
-    console.log(`SAST Tool: ${sast}`);
+    console.log(`Tool:`, `${sast}`);
     core.exportVariable('sastTool', sast);
 
     if (!sast || sast === '' || sast === 'name-of-tool') {
@@ -17,7 +17,8 @@ export class SastService {
     }
 
     if (sast.toLowerCase() === 'codeql') {
-      CodeQLService.setCodeQLFindings();
+      await CodeQLService.setCodeQLFindings();
     }
+    console.log('\n');
   }
 }
diff --git a/src/scatools/DependabotService.ts b/src/scatools/DependabotService.ts
@@ -51,17 +51,19 @@ export class DependabotService {
         }
       }
 
-      console.log('SCAnumberOfSeverityLow: ' + scaNumberOfSeverity1);
-      console.log('SCAnumberOfSeverityMedium: ' + scaNumberOfSeverity2);
-      console.log('SCAnumberOfSeverityHigh: ' + scaNumberOfSeverity3);
-      console.log('SCAnumberOfSeverityCritical: ' + scaNumberOfSeverity4);
+      console.log('Low: ' + scaNumberOfSeverity1);
+      console.log('Medium: ' + scaNumberOfSeverity2);
+      console.log('High: ' + scaNumberOfSeverity3);
+      console.log('Critical: ' + scaNumberOfSeverity4);
 
       core.exportVariable('SCAnumberOfSeverity1', scaNumberOfSeverity1);
       core.exportVariable('SCAnumberOfSeverity2', scaNumberOfSeverity2);
       core.exportVariable('SCAnumberOfSeverity3', scaNumberOfSeverity3);
       core.exportVariable('SCAnumberOfSeverity4', scaNumberOfSeverity4);
     } catch (error) {
-      core.warning('Could not set Dependabot severities');
+      core.warning('Failed to get Dependabot severities');
+      core.warning('Error status:', error.status);
+      core.warning(error.message);
       core.exportVariable('SCAnumberOfSeverity1', 0);
       core.exportVariable('SCAnumberOfSeverity2', 0);
       core.exportVariable('SCAnumberOfSeverity3', 0);

diff --git a/src/scatools/ScaService.ts b/src/scatools/ScaService.ts
@@ -3,12 +3,12 @@ import { DependabotService } from './DependabotService';
 
 export class ScaService {
   public static async getStateOfScaTool(scaTool: { nameOfTool: string }): Promise<void> {
-    console.log('\n Running SCA control');
+    console.log('--- SCA control ---');
     let sca: string = scaTool.nameOfTool;
     if (process.env.scaTool) {
       sca = process.env.scaTool;
     }
-    console.log(`SCA Tool: ${sca}`);
+    console.log(`Tool:`, `${sca}`);
     core.exportVariable('scaTool', sca);
 
     if (!sca || sca === '' || sca === 'name-of-tool') {
@@ -17,7 +17,8 @@ export class ScaService {
     }
 
     if (sca.toLowerCase() === 'dependabot') {
-      DependabotService.setDependabotFindings();
+      await DependabotService.setDependabotFindings();
     }
+    console.log('\n');
   }
 }
diff --git a/src/secretscanning/SecretScanningService.ts b/src/secretscanning/SecretScanningService.ts
@@ -0,0 +1,46 @@
+import * as core from '@actions/core';
+import * as github from '@actions/github';
+import { Octokit } from '@octokit/rest';
+import { GetResponseDataTypeFromEndpointMethod, OctokitResponse } from '@octokit/types';
+
+export class SecretScanningService {
+  public static async getStateOfExposedSecrets(): Promise<void> {
+    try {
+      console.log('--- Exposed secrets control ---');
+      const { owner, repo }: { owner: string; repo: string } = github.context.repo;
+      const token: string = core.getInput('PAT-token');
+
+      const octokit: Octokit = new Octokit({
+        auth: token,
+      });
+
+      type SecretAlertsForRepoResponseDataType = GetResponseDataTypeFromEndpointMethod<
+        typeof octokit.secretScanning.listAlertsForRepo
+      >;
+
+      // https://www.npmjs.com/package/octokit#pagination
+      const iterator: AsyncIterableIterator<OctokitResponse<SecretAlertsForRepoResponseDataType>> =
+        octokit.paginate.iterator(octokit.secretScanning.listAlertsForRepo, {
+          owner: owner,
+          repo: repo,
+          per_page: 100,
+          state: 'open',
+        });
+
+      let numberOfExposedSecrets: number = 0;
+
+      for await (const { data: alerts } of iterator) {
+        numberOfExposedSecrets += alerts.length;
+      }
+
+      console.log('Exposed secrets:', numberOfExposedSecrets);
+      core.exportVariable('numberOfExposedSecrets', numberOfExposedSecrets);
+    } catch (error) {
+      core.warning('Failed to get number of exposed secrets');
+      core.warning('Error status:', error.status);
+      core.warning(error.message);
+      core.exportVariable('numberOfExposedSecrets', 0);
+    }
+    console.log('\n');
+  }
+}
diff --git a/src/threatmodeling/ThreatModelingService.ts b/src/threatmodeling/ThreatModelingService.ts
@@ -1,14 +1,18 @@
 import * as core from '@actions/core';
 export class ThreatModelingService {
   public static async getStateOfThreatModeling(threatModeling: { date: string; boardsTag?: string }): Promise<void> {
+    console.log('--- Threat Modeling control ---');
     if (process.env.threatModelingDate) {
+      console.log('Threat Modeling date was found');
       core.exportVariable('threatModelingDate', process.env.threatModelingDate);
     } else {
       if (!threatModeling.date || threatModeling.date === 'date-of-threat-modeling') {
         core.warning('Threat Modeling Date is not set!');
         return;
       }
+      console.log('Threat Modeling date was found');
       core.exportVariable('threatModelingDate', threatModeling.date);
     }
+    console.log('\n');
   }
 }
diff --git a/tests/branchprotection.test.ts b/tests/branchprotection.test.ts
@@ -42,7 +42,7 @@ describe('BranchProtectionService', () => {
     expect(warningStub.called).to.be.false;
     expect(exportVariableStub.calledWith('numberOfReviewers', 1)).to.be.true;
   });
-  it('should call warning when admins can byypass branch protection rules', async () => {
+  it('should call warning when admins can bypass branch protection rules', async () => {
     getOctokitStub.returns({
       rest: {
         repos: {
@@ -73,7 +73,7 @@ describe('BranchProtectionService', () => {
     });
 
     await BranchProtectionService.getStateOfBranchProtection();
-    expect(warningStub.called).to.be.false;
+    expect(warningStub.called).to.be.true;
     expect(exportVariableStub.calledWith('numberOfReviewers', 0)).to.be.true;
   });
 });