Add governance artifact validation suite, schemas, Rego policies and CI#63
653 new issues (0 max.) of at least severity.
Here is an overview of what got changed by this pull request:
Issues
======
- Added 653
Complexity increasing per file
==============================
- docs/schemas/_validation_deps.py 2
- docs/schemas/check_dependencies.py 11
- docs/schemas/check_generated_artifacts.py 10
- docs/schemas/generate_evidence_bundle.py 7
- docs/schemas/governance_artifacts_validation.py 23
- docs/schemas/run_governance_checks.py 21
- docs/schemas/test_check_dependencies.py 9
- docs/schemas/test_check_generated_artifacts.py 3
- docs/schemas/test_generate_evidence_bundle.py 5
- docs/schemas/test_governance_artifacts_validation.py 5
- docs/schemas/test_run_governance_checks.py 8
- docs/schemas/test_validate_artifact_inventory.py 5
- docs/schemas/test_validate_evidence_manifest.py 4
- docs/schemas/test_validate_run_report.py 9
- docs/schemas/test_validation_deps.py 3
- docs/schemas/test_verify_evidence_bundle.py 2
- docs/schemas/validate_artifact_inventory.py 25
- docs/schemas/validate_evidence_manifest.py 12
- docs/schemas/validate_run_report.py 28
- docs/schemas/verify_evidence_bundle.py 10
Clones added
============
- docs/schemas/check_generated_artifacts.py 2
- docs/schemas/generate_evidence_bundle.py 2
- docs/schemas/test_run_governance_checks.py 2
- docs/schemas/test_validate_evidence_manifest.py 6
- docs/schemas/test_validate_run_report.py 38
- docs/schemas/test_verify_evidence_bundle.py 6
- docs/schemas/verify_evidence_bundle.py 2
See the complete overview on Codacy
Annotations
Check warning on line 22 in .github/workflows/governance-artifacts-ci.yml
codacy-production / Codacy Static Code Analysis
.github/workflows/governance-artifacts-ci.yml#L22
Ensure top-level permissions are not set to write-all
Check warning on line 3 in docs/schemas/_validation_deps.py
codacy-production / Codacy Static Code Analysis
docs/schemas/_validation_deps.py#L3
No name 'annotations' in module '__future__'
Check warning on line 11 in docs/schemas/_validation_deps.py
codacy-production / Codacy Static Code Analysis
docs/schemas/_validation_deps.py#L11
Import "jsonschema" could not be resolved from source (reportMissingModuleSource)
Check notice on line 15 in docs/schemas/check_dependencies.py
codacy-production / Codacy Static Code Analysis
docs/schemas/check_dependencies.py#L15
Missing function docstring
Check notice on line 39 in docs/schemas/check_dependencies.py
codacy-production / Codacy Static Code Analysis
docs/schemas/check_dependencies.py#L39
Missing function docstring
Check warning on line 48 in docs/schemas/check_dependencies.py
codacy-production / Codacy Static Code Analysis
docs/schemas/check_dependencies.py#L48
division w/o __future__ statement
Check notice on line 6 in docs/schemas/check_generated_artifacts.py
codacy-production / Codacy Static Code Analysis
docs/schemas/check_generated_artifacts.py#L6
Consider possible security implications associated with the subprocess module.
Check warning on line 6 in docs/schemas/check_generated_artifacts.py
codacy-production / Codacy Static Code Analysis
docs/schemas/check_generated_artifacts.py#L6
Consider possible security implications associated with the subprocess module. (B404)
Check warning on line 20 in docs/schemas/check_generated_artifacts.py
codacy-production / Codacy Static Code Analysis
docs/schemas/check_generated_artifacts.py#L20
Value 'list' is unsubscriptable
Check warning on line 21 in docs/schemas/check_generated_artifacts.py
codacy-production / Codacy Static Code Analysis
docs/schemas/check_generated_artifacts.py#L21
subprocess call - check for execution of untrusted input.
Check warning on line 21 in docs/schemas/check_generated_artifacts.py
codacy-production / Codacy Static Code Analysis
docs/schemas/check_generated_artifacts.py#L21
subprocess call - check for execution of untrusted input. (B603)
Check warning on line 60 in docs/schemas/generate_evidence_bundle.py
codacy-production / Codacy Static Code Analysis
docs/schemas/generate_evidence_bundle.py#L60
division w/o __future__ statement
Check warning on line 3 in docs/schemas/governance_artifacts_validation.py
codacy-production / Codacy Static Code Analysis
docs/schemas/governance_artifacts_validation.py#L3
No name 'annotations' in module '__future__'
Check warning on line 18 in docs/schemas/governance_artifacts_validation.py
codacy-production / Codacy Static Code Analysis
docs/schemas/governance_artifacts_validation.py#L18
division w/o __future__ statement
Check notice on line 44 in docs/schemas/governance_artifacts_validation.py
codacy-production / Codacy Static Code Analysis
docs/schemas/governance_artifacts_validation.py#L44
Missing function docstring
Check notice on line 49 in docs/schemas/governance_artifacts_validation.py
codacy-production / Codacy Static Code Analysis
docs/schemas/governance_artifacts_validation.py#L49
Missing function docstring
Check warning on line 59 in docs/schemas/governance_artifacts_validation.py
codacy-production / Codacy Static Code Analysis
docs/schemas/governance_artifacts_validation.py#L59
"Draft202012Validator" is possibly unbound (reportPossiblyUnboundVariable)
Check notice on line 8 in docs/schemas/run_governance_checks.py
codacy-production / Codacy Static Code Analysis
docs/schemas/run_governance_checks.py#L8
Consider possible security implications associated with the subprocess module.
Check warning on line 8 in docs/schemas/run_governance_checks.py
codacy-production / Codacy Static Code Analysis
docs/schemas/run_governance_checks.py#L8
Consider possible security implications associated with the subprocess module. (B404)
Check warning on line 78 in docs/schemas/run_governance_checks.py
codacy-production / Codacy Static Code Analysis
docs/schemas/run_governance_checks.py#L78
Value 'list' is unsubscriptable
Check warning on line 83 in docs/schemas/run_governance_checks.py
codacy-production / Codacy Static Code Analysis
docs/schemas/run_governance_checks.py#L83
subprocess call with shell=True identified, security issue.
Check warning on line 83 in docs/schemas/run_governance_checks.py
codacy-production / Codacy Static Code Analysis
docs/schemas/run_governance_checks.py#L83
subprocess call with shell=True identified, security issue. (B602)
Check warning on line 99 in docs/schemas/run_governance_checks.py
codacy-production / Codacy Static Code Analysis
docs/schemas/run_governance_checks.py#L99
Operator "+" not supported for types "bytes | Literal['']" and "str"
Operator "+" not supported for types "bytes" and "str" (reportOperatorIssue)
Check warning on line 106 in docs/schemas/run_governance_checks.py
codacy-production / Codacy Static Code Analysis
docs/schemas/run_governance_checks.py#L106
Argument of type "str | bytes" cannot be assigned to parameter "text" of type "str" in function "tail_with_marker"
Type "str | bytes" is not assignable to type "str"
"bytes" is not assignable to "str" (reportArgumentType)
Check notice on line 1 in docs/schemas/test_check_dependencies.py
codacy-production / Codacy Static Code Analysis
docs/schemas/test_check_dependencies.py#L1
Consider possible security implications associated with the subprocess module.