add: minder-rules-links-baseline-1

baseline 1; first batch Signed-off-by: Teodor Yanev <[email protected]>
ossf · Jan 20, 2025 · 304aa46 · 304aa46
1 parent 0f4cb6f
commit 304aa46
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 0 deletions.
diff --git a/baseline/OSPS-AC.yaml b/baseline/OSPS-AC.yaml
@@ -95,6 +95,9 @@ criteria:
       CSF: PR.AA-02
       OCRE: 486-813, 124-564, 152-725
     security_insights_value: # TODO
+    minder_rules:
+      - name: osps-ac-03
+        url: https://github.com/mindersec/minder-rules-and-profiles/blob/main/security-baseline/rule-types/github/osps-ac-03.yaml
 
   - id: OSPS-AC-04
     maturity_level: 1
@@ -117,6 +120,9 @@ criteria:
       CSF: PR.AA-02
       OCRE: 486-813, 124-564,123-124, 152-725
     security_insights_value: # TODO
+    minder_rules:
+      - name: osps-ac-04
+        url: https://github.com/mindersec/minder-rules-and-profiles/blob/main/security-baseline/rule-types/github/osps-ac-04.yaml
 
   - id: OSPS-AC-05
     maturity_level: 2

diff --git a/baseline/OSPS-LE.yaml b/baseline/OSPS-LE.yaml
@@ -68,6 +68,9 @@ criteria:
       SSDF: PO3.2
       CSF: GV.OC-03
     security_insights_value: # TODO
+    minder_rules:
+      - name: osps-le-02
+        url: https://github.com/mindersec/minder-rules-and-profiles/blob/main/security-baseline/rule-types/github/osps-le-02.yaml
 
   - id: OSPS-LE-03
     maturity_level: 1
@@ -93,6 +96,9 @@ criteria:
       CRA: 1.2b
       SSDF: PO3.2
     security_insights_value: # TODO
+    minder_rules:
+      - name: osps-le-03
+        url: https://github.com/mindersec/minder-rules-and-profiles/blob/main/security-baseline/rule-types/github/osps-le-03.yaml
 
   - id: OSPS-LE-04
     maturity_level: 1

diff --git a/baseline/OSPS-QA.yaml b/baseline/OSPS-QA.yaml
@@ -33,6 +33,9 @@ criteria:
       SSDF: PS1, PS2, PS3, PW1.2
       OCRE: 486-813, 124-564
     security_insights_value: # TODO
+    minder_rules:
+      - name: osps-qa-01
+        url: https://github.com/mindersec/minder-rules-and-profiles/blob/main/security-baseline/rule-types/github/osps-qa-01.yaml
 
   - id: OSPS-QA-02
     maturity_level: 1

diff --git a/cmd/baseline.go b/cmd/baseline.go
@@ -22,6 +22,28 @@ type Criterion struct {
 	Details               string            `yaml:"details"`
 	ControlMappings       map[string]string `yaml:"control_mappings"`
 	SecurityInsightsValue string            `yaml:"security_insights_value"`
+	// MinderRules is a collection of references to Minder rules
+	// implementing the criterion.
+	MinderRules []MinderRule `yaml:"minder_rules"`
+}
+
+// MinderRules represents links to Minder rule type definitions along
+// with a configuration snippet.
+type MinderRule struct {
+	// Name is the name of the rule type or any other string to be
+	// shown as the link's anchor text.
+	Name string `yaml:"name"`
+	// URL is the destination of the link. It should preferably
+	// point to a rule type definition, but can also point to
+	// documentation.
+	URL string `yaml:"url"`
+	// Config is an example configuration snippet for the given
+	// rule. Rule configuration might span from simple strings to
+	// structured payloads, and depends on the rule type
+	// definition.
+	//
+	// This is currently rendered as YAML in the final template.
+	Config string `yaml:"config,omitempty"`
 }
 
 // Struct for holding the entire YAML structure

diff --git a/cmd/template.md b/cmd/template.md
@@ -77,6 +77,22 @@ For more information on the project and to make contributions, visit the [GitHub
 **Security Insights Value:** {{ .SecurityInsightsValue }}
 {{- end }}
 
+**Minder Rule(s):**
+{{ if .MinderRules }}
+{{- range .MinderRules }}
+- [{{ .Name }}]({{ .URL }})
+{{- if .Config }}
+
+```yaml
+{{ .Config }}
+```
+
+{{- end }}
+{{- end }}
+{{- else }}
+_No minder rule identified._
+{{- end }}
+
 ---
 
 {{- end }}