mapbox / deprecated-patrol-rules-github Goto Github PK

• Description - Alerts when a project board created within an organization is set to be "Public".
• Trigger - Webhook
• Parameters
  none
• Outputs
  Webhook URL

While not currently documented, the GET project REST API call returns a boolean private field, indicating if the board is private or not.

/cc: @vsmart

1. Detect and alert on new deploy keys
2. keys that haven't been used in X timeframe

It appears that there is no webhook event for new deployment keys, so that may not be possible to monitor easily if there are a large number of repositories (it would require polling all repositories looking for all keys < some age)

The alert on stale keys would need to poll all repos as well, so perhaps combining them does make sense.

From @alush:
The need for a Github API access token and the minimum scopes it requires to run patrol-rules-github should be verified and documented.

From @alulsh:

Github-bot should have a rule that audits the creation of public Gists by team members and screens for potentially sensitive information. For example, AWS secret keys, secret access tokens, financial or sales information.

This rule would run as often as possible - either every 5 minutes (Lambda scheduling limitation) or ideally would use push notifications (webhook + SNS set up?).

Sensitive information and terms would be stored in a dictionary. If a public Gist contains a dictionary it would fire off an alert to Pager Duty. Everything else would be captured in a daily email of new public Gists that day as another control since the dictionary will not catch all examples of sensitive information, especially initially.

for instance, if a repository has a travis SNS integration still enabled and a CircleCI webhook, but has no .travis.yml or a recent build, this could alert or create an issue to remove the stale configuration.

Alert on any new webhook integrations on a repository. This rule should accept an exclusionary regex to prevent well known webhooks from triggering it. It looks like this is available as an org webhook:

https://developer.github.com/v3/activity/events/types/#installationevent

Github package was renamed from github to @octokit/rest

• How to upgrade