-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #443 from linear-b/orca-reviewers
Create review orca alerts automation
- Loading branch information
Showing
7 changed files
with
71 additions
and
1 deletion.
There are no files selected for viewing
45 changes: 45 additions & 0 deletions
45
docs/automations/integrations/orca/review-orca-alerts/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
--- | ||
title: Automation - Review Orca Security Alerts | ||
description: Automatically require review from your SecOps team for Orca Security violations in pull requests. | ||
--- | ||
# Require Security Review for Orca Alerts | ||
<!-- --8<-- [start:example]--> | ||
Automatically require review from your SecOps team for Orca Security violations in pull requests. | ||
|
||
<div class="automationImage" markdown="1"> | ||
![Review Orca Security Alerts](/automations/integrations/orca/review-orca-alerts/review-orca-alerts-1-light.png#only-light) | ||
![Review Orca Security Alerts](/automations/integrations/orca/review-orca-alerts/review-orca-alerts-2-light.png#only-light) | ||
![Review Orca Security Alerts](/automations/integrations/orca/review-orca-alerts/review-orca-alerts-1-dark.png#only-dark) | ||
![Review Orca Security Alerts](/automations/integrations/orca/review-orca-alerts/review-orca-alerts-2-dark.png#only-dark) | ||
|
||
</div> | ||
<div class="automationDescription" markdown="1"> | ||
!!! info "Configuration Description" | ||
Conditions (all must be true): | ||
|
||
* The PR contains a vulnerability, IAC problem, or secret that is flagged as High or Medium. | ||
|
||
Automation Actions: | ||
|
||
* Require review from your organization's security team. | ||
* Post a comment explaining the requirement. | ||
|
||
</div> | ||
<div class="automationExample" markdown="1"> | ||
!!! example "Review Orca Security Alerts" | ||
```yaml+jinja | ||
--8<-- "docs/downloads/automation-library/integrations/orca/review_orca_alerts.cm" | ||
``` | ||
<div class="result" markdown> | ||
<span> | ||
[:octicons-download-24: Download this example as a CM file.](/downloads/automation-library/integrations/orca/review_orca_alerts.cm){ .md-button } | ||
</span> | ||
</div> | ||
</div> | ||
<!-- --8<-- [end:example]--> | ||
|
||
## Additional Resources | ||
|
||
--8<-- "docs/snippets/general.md" | ||
|
||
--8<-- "docs/snippets/automation-footer.md" |
Binary file added
BIN
+189 KB
.../automations/integrations/orca/review-orca-alerts/review-orca-alerts-1-dark.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+188 KB
...automations/integrations/orca/review-orca-alerts/review-orca-alerts-1-light.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+22.1 KB
.../automations/integrations/orca/review-orca-alerts/review-orca-alerts-2-dark.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+22.5 KB
...automations/integrations/orca/review-orca-alerts/review-orca-alerts-2-light.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
23 changes: 23 additions & 0 deletions
23
docs/downloads/automation-library/integrations/orca/review_orca_alerts.cm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# -*- mode: yaml -*- | ||
|
||
manifest: | ||
version: 1.0 | ||
automations: | ||
review_orca_alerts: | ||
if: | ||
- {{ has.vulnerability or has.iac_violation or has.secret }} | ||
run: | ||
- action: require-reviewers@v1 | ||
args: | ||
reviewers: [my-organization/security-team] | ||
- action: add-comment@v1 | ||
args: | ||
comment: | | ||
This PR requires additional review because it fails to meet Orca Security safe code standards. | ||
orca: {{ pr | extractOrcaFindings }} | ||
|
||
has: | ||
vulnerability: {{ orca.vulnerabilities.priority == 'High' or orca.vulnerabilities.priority == 'Medium' }} | ||
iac_violation: {{ orca.infrastructure_as_code.priority == 'High' or orca.infrastructure_as_code.priority == 'Medium' }} | ||
secret: {{ orca.secrets.priority == 'High' or orca.secrets.priority == 'Medium' }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters