forked from GeekMasher/advanced-security-compliance
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtime-to-remediate.yml
47 lines (39 loc) · 1.46 KB
/
time-to-remediate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
general:
# All other blocks will be inheriting the remediate section if they don't have
# their own defined.
remediate:
# Only `errors` and above have got 7 days to remediate according to the
# policy
errors: 7
# Same here for anything regarding warnings but for 30 days
warnings: 30
# Any / All issues that haven't been defined by other catagories will have
# the following remediation policy applied.
all: 90
codescanning:
# If `level` is also set with `remediate` turned on then both the level check
# and time to remediate time frame checks are done.
# In this example, if `level: error` is set and a warning is reported and
# violated the time to remediate check (has exceeded the time to fix the
# issue) then it will NOT be reported.
level: error
# the `codescanning` block will inherit the `general` block
dependabot:
# This block will not inherit the `general` remediate block
remediate:
# The team have 7 days before this starts crashing workflows / builds
high: 7
licensing:
# Licensing does not have `remediate` block as there are no dates associated
# with the discovery of a dependency with licensing issues. This may change
# in the future but currently isn't available.
warnings:
ids:
- Other
- NA
secretscanning:
level: all
remediate:
# All secrets by default are set to 'critical' severity so only `critical`
# or `all` will work
critical: 7