Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: change IDs to sequence with maturity levels #109

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

fix: change IDs to sequence with maturity levels #109

wants to merge 2 commits into from
+67 −64

Conversation

eddie-knight
Copy link
Contributor

No description provided.

@eddie-knight
typofix
140f05e 
Signed-off-by: Eddie Knight <[email protected]>
@eddie-knight eddie-knight deleted the fix/id-levels branch December 15, 2024 17:14
@eddie-knight eddie-knight restored the fix/id-levels branch December 15, 2024 17:14
@eddie-knight eddie-knight reopened this Dec 15, 2024
@SecurityCRob
Copy link
Contributor

Please hold on merging this if the proposal is to re-number criteria. I need to adjust the compliance crosswalk to reflect the mappings.

funnelfiasco
funnelfiasco reviewed Dec 17, 2024
View reviewed changes
Copy link
Contributor

@funnelfiasco funnelfiasco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I originally marked this as approved, but now I'm reconsidering. Is there value in making this change, since subsequent modifications/additions/removals will almost certainly make the IDs non-sequential anyway?

@funnelfiasco funnelfiasco self-requested a review December 17, 2024 14:02
SecurityCRob
SecurityCRob reviewed Dec 17, 2024
View reviewed changes
baseline.yaml
@@ -766,6 +740,32 @@ criteria:
scorecard_probe:
- # None, may need to be paired with SI

- id: OSPS-LE-04
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this already is le-01 in the current yaml. le-04 and le-02 are dupes, so le-04 should be removed

SecurityCRob
SecurityCRob reviewed Dec 17, 2024
View reviewed changes
baseline.yaml
@@ -960,6 +927,39 @@ criteria:
security_insights_value: # TODO
scorecard_probe: # sastToolRunsOnAllCommits

- id: OSPS-QA-07
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

qa-07 was introduced earlier, so old qa-05 can not move here. Is theidea simply to move qa-05 from lvl 2 to lvl 3? If so, can we just keep it the same id and adjust the level to 3?

@SecurityCRob
Copy link
Contributor

I originally marked this as approved, but now I'm reconsidering. Is there value in making this change, since subsequent modifications/additions/removals will almost certainly make the IDs non-sequential anyway?

We're going to running into this until we get the criteria locked down, and even after that any future criteria added will probably be "out of level sequence". I would suggest, for now, to NOT renumber/reorder. I have a few additional criteria for the group to consider to add too based on other frameworks/regs which will mess any order we decide today up.

@eddie-knight eddie-knight marked this pull request as draft December 18, 2024 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SecurityCRob SecurityCRob SecurityCRob left review comments

@jmeridth jmeridth jmeridth approved these changes

@puerco puerco Awaiting requested review from puerco

@funnelfiasco funnelfiasco Awaiting requested review from funnelfiasco

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@eddie-knight @SecurityCRob @jmeridth @funnelfiasco