ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,921 Commits 329 Branches 2 Tags
Commit Graph

5 Commits

Author SHA1 Message Date
github-actions[bot]
9619fe4284
Create rule S6378: Add language AzureResourceManager (JSON) (#2237) 
[Specification
ticket](https://sonarsource.atlassian.net/browse/APPSEC-777)
[Implementation
ticket](https://sonarsource.atlassian.net/browse/SONARIAC-889)
[RSPEC
Preview](https://sonarsource.github.io/rspec/#/rspec/S6378/azureresourcemanager)

Bicep PR for S6378: #2255 

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: egon-okerman-sonarsource <egon-okerman-sonarsource@users.noreply.github.com>
Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
 2023-06-29 15:58:37 +02:00
Fred Tingaud
16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
 2023-05-25 14:18:12 +02:00
Pierre-Loup
9b3d87a04b
Modify rule S6378: Update issue message (#876) 2022-03-14 15:29:40 +00:00
Loris S
488801b155
Modify rule S6387: improved message 
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2022-01-11 07:47:33 +00:00
github-actions[bot]
ed8762d5ac
Create rule S6378[terraform] : Disabling Managed Identities for Azure resources is security-sensitive (#569) 
* clean-up old metadata file

* Create rule S6378

* Add first draft

* added link to managed service resources list

* fix vague title

* add metadata tagging

* add metadata - sec standards

* add owasp ref

* add concise var names

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* add concise var names and reduces identity.type

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6378/description.adoc

* add other distinct code sample

* add down to earth recos

Clear-text credentials || third party systems

* add description - clearer on M-Identities stakes

* changed remediation cost to 1h

* add cleared reco - use system-assigned

* fix layout pb

* fix metadata 'hour' mistake: 'hour'->'h'

* reformulate ask-yourself

* fixed potential confusion

* applied review suggestions

* add highlight

* Update rules/S6378/metadata.json

* Update rules/S6378/message.adoc

Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>

* Update rules/S6378/metadata.json

* Update rules/S6378/ask-yourself.adoc

Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
 2021-12-14 09:37:33 +00:00