No Open Security Advisories

The following rule type is available to ensure that a repository has no open security advisories based on a given severity threshold.

The threshold will cause the rule to fail if there are any open advisories at or above the threshold. It is set to high by default, but can be overridden by setting the severity parameter.

`stacklok/no_open_security_advisories` - Verifies that a repository has no open security advisories based on a given severity threshold.

Ensuring that a repository has no open security advisories helps maintain a secure codebase.

The rule will fail if:

The repository has unacknowledged open security advisories in a "Triage" state.
Security advisories are not enabled for the repository.

Note: Advisories in a "Triage" state are considered if the repository has enabled the 'Private vulnerability reporting' option.

Security advisories that are draft, closed or published are considered to be acknowledged.

For more information, see the GitHub documentation.

Entity

repository

Type

stacklok/no_open_security_advisories

Rule parameters

None

Rule definition options

The stacklok/no_open_security_advisories rule supports the following options:

severity (string) - The severity threshold. Can be set to unknown, low, medium, high or critical. Defaults to high

stacklok/no_open_security_advisories - Verifies that a repository has no open security advisories based on a given severity threshold.​

Entity​

Type​

Rule parameters​

Rule definition options​

`stacklok/no_open_security_advisories` - Verifies that a repository has no open security advisories based on a given severity threshold.

Entity

Type

Rule parameters

Rule definition options