From 5bc1b7035e900e436b4ad48c5b326ecb59233c81 Mon Sep 17 00:00:00 2001 From: Alexander Suter Date: Sat, 8 Feb 2025 15:58:36 +0100 Subject: [PATCH] Check if vulnearbility scanned is turned on --- .../io/ivyteam/devops/repo/check/RepoCheck.java | 3 ++- .../VulnerabilityScanningEnabledRepoCheck.java | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 src/main/java/io/ivyteam/devops/repo/check/VulnerabilityScanningEnabledRepoCheck.java diff --git a/src/main/java/io/ivyteam/devops/repo/check/RepoCheck.java b/src/main/java/io/ivyteam/devops/repo/check/RepoCheck.java index 4c38fbb..b33252b 100644 --- a/src/main/java/io/ivyteam/devops/repo/check/RepoCheck.java +++ b/src/main/java/io/ivyteam/devops/repo/check/RepoCheck.java @@ -22,7 +22,8 @@ public static List all(Database db) { new RenovateRepoCheck(files), new FileExistsRepoCheck(files, File.LICENSE), new FileExistsRepoCheck(files, File.CODE_OF_CONDUCT_MD), - new FileExistsRepoCheck(files, File.SECURITY_MD)); + new FileExistsRepoCheck(files, File.SECURITY_MD), + new VulnerabilityScanningEnabledRepoCheck()); } public static List run(Repo repo) { diff --git a/src/main/java/io/ivyteam/devops/repo/check/VulnerabilityScanningEnabledRepoCheck.java b/src/main/java/io/ivyteam/devops/repo/check/VulnerabilityScanningEnabledRepoCheck.java new file mode 100644 index 0000000..6533084 --- /dev/null +++ b/src/main/java/io/ivyteam/devops/repo/check/VulnerabilityScanningEnabledRepoCheck.java @@ -0,0 +1,17 @@ +package io.ivyteam.devops.repo.check; + +import io.ivyteam.devops.repo.Repo; + +class VulnerabilityScanningEnabledRepoCheck implements RepoCheck { + + @Override + public Result check(Repo repo) { + if (repo.archived()) { + return Result.success("Archived repository do not need vulnerarbilty scanned turned on"); + } + if (repo.isVulnAlertOn()) { + return Result.success("Repository has vulnerability scanned turned on"); + } + return Result.success("Repository has vulnerability scanned turned off"); + } +}