mapbox / deprecated-patrol-rules-github Goto Github PK
View Code? Open in Web Editor NEWGitHub Patrol rules
License: BSD 2-Clause "Simplified" License
GitHub Patrol rules
License: BSD 2-Clause "Simplified" License
While not currently documented, the GET project REST API call returns a boolean private
field, indicating if the board is private or not.
/cc: @vsmart
It appears that there is no webhook event for new deployment keys, so that may not be possible to monitor easily if there are a large number of repositories (it would require polling all repositories looking for all keys < some age)
The alert on stale keys would need to poll all repos as well, so perhaps combining them does make sense.
From @alush:
The need for a Github API access token and the minimum scopes it requires to run patrol-rules-github should be verified and documented.
From @alulsh:
Github-bot should have a rule that audits the creation of public Gists by team members and screens for potentially sensitive information. For example, AWS secret keys, secret access tokens, financial or sales information.
This rule would run as often as possible - either every 5 minutes (Lambda scheduling limitation) or ideally would use push notifications (webhook + SNS set up?).
Sensitive information and terms would be stored in a dictionary. If a public Gist contains a dictionary it would fire off an alert to Pager Duty. Everything else would be captured in a daily email of new public Gists that day as another control since the dictionary will not catch all examples of sensitive information, especially initially.
for instance, if a repository has a travis SNS integration still enabled and a CircleCI webhook, but has no .travis.yml
or a recent build, this could alert or create an issue to remove the stale configuration.
Alert on any new webhook integrations on a repository. This rule should accept an exclusionary regex to prevent well known webhooks from triggering it. It looks like this is available as an org webhook:
https://developer.github.com/v3/activity/events/types/#installationevent
Github package was renamed from github
to @octokit/rest
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.