Skip to content

Commit

Permalink
feat(rules): additional code execution commands for untrusted checkou…
Browse files Browse the repository at this point in the history 
…t exec (#248)

Signed-off-by: Bryce Thuilot <[email protected]>
  • Loading branch information
@bthuilot
bthuilot authored Jan 9, 2025
1 parent 97c15bf commit 7fe4f3b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions opa/rego/rules/untrusted_checkout_exec.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ build_commands[cmd] = {
"ant": {"^ant "},
"mkdocs": {"mkdocs build"},
"vale": {"vale "},
"pip": {"pip install", "pipenv install", "pipenv run "},
"cargo": {"cargo build", "cargo run"},
}[cmd]

results contains poutine.finding(rule, pkg_purl, {
Expand Down

0 comments on commit 7fe4f3b

Please sign in to comment.