Skip to content

compliance-framework/plugin-github-settings

BranchesTags

Repository files navigation

Compliance Framework Plugin For Github

This is the individual plugin for polling github settings for organizations and repositories to test for configuration flags that are going to fail compliance checks.

For the moment, it is solely limited to authenticated Github organizations with a Github PAT, but in the future it should query security plans & repositories for specific settings

Prerequisites

  • GoReleaser https://goreleaser.com/install/
  • Github Fine Grain Personal Access Token with the following scopes:
    • read:org for the organization to be queried. Note - you might need to be an administrator of the GH Org to work correctly
    • read:members to be able to read teams

Building

Once you are ready to serve the plugin, you need to build the binaries which can be used by the agent.

goreleaser release --snapshot --clean

Usage

You can use this plugin by passing it to the compliance agent

agent --plugin=[PATH_TO_YOUR_BINARY]

Plugin Configuration

The plugin configuration must be created and managed by the agent, but expects the following configuration keys to be set, otherwise it will fail.

Plugins read their configuration from environment variables, when the path matches the yaml structure.

In the example above, setting an empty token, and an environment variable CCF_PLUGINS_GITHUB_CONFIG_TOKEN will use the environment variable.

export CCF_PLUGINS_GITHUB_CONFIG_TOKEN="github_pat_1234..."
---
plugins:
  github:
    config:
      token: "" # Will be read from the CCF_PLUGINS_GITHUB_CONFIG_TOKEN environment variable
      organization: test-org # The name of the organization

Releasing

This plugin is released using goreleaser to build binaries, and Docker to build OCI artifacts (WIP), which will ensure a binary is built for most OS and Architecture combinations.

You can find the binaries on each release of this plugin in the GitHub releases page.

You can find the OCI implementations in the GitHub Packages page.

[Not Yet Implemented] To run this plugin with the Compliance Agent, you can specify the release. The agent will take care of pulling the correct binary.

concom agent --plugin=https://github.com/compliance-framework/plugin-template/releases/tag/0.0.1

About

Checks compliance of Github settings of organisations & repositories

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 2

v0.2.0 Latest
Jul 9, 2025
+ 1 release

Packages

 
 
 

Contributors 4

  •  
  •  
  •  
  •  

Languages