feat: add additional project policies (#207)

Author: UlisesGascon

src/database/migrations/1739183546535_alter_projects.js

@@ -18,6 +18,13 @@ exports.up = async (knex) => {
     table.boolean('has_npmOrgMFA_policy').nullable()
     table.boolean('has_npmPublicationMFA_policy').nullable()
     table.boolean('has_upgradePathDocs_policy').nullable()
+    table.boolean('has_patchNonCriticalVulns90Days_policy').nullable()
+    table.boolean('has_patchCriticalVulns30Days_policy').nullable()
+    table.boolean('has_twoOrMoreOwnersForAccess_policy').nullable()
+    table.boolean('has_injectedSecretsAtRuntime_policy').nullable()
+    table.boolean('has_preventScriptInjection_policy').nullable()
+    table.boolean('has_resolveLinterWarnings_policy').nullable()
+    table.boolean('has_annualDependencyRefresh_policy').nullable()
   })
 }
 
@@ -41,5 +48,12 @@ exports.down = async (knex) => {
     table.dropColumn('has_npmOrgMFA_policy')
     table.dropColumn('has_npmPublicationMFA_policy')
     table.dropColumn('has_upgradePathDocs_policy')
+    table.dropColumn('has_patchNonCriticalVulns90Days_policy')
+    table.dropColumn('has_patchCriticalVulns30Days_policy')
+    table.dropColumn('has_twoOrMoreOwnersForAccess_policy')
+    table.dropColumn('has_injectedSecretsAtRuntime_policy')
+    table.dropColumn('has_preventScriptInjection_policy')
+    table.dropColumn('has_resolveLinterWarnings_policy')
+    table.dropColumn('has_annualDependencyRefresh_policy')
   })
 }

src/database/migrations/1739185914475_alter_compliance_checks.js

@@ -53,6 +53,27 @@ const checks = [
   }, {
     code_name: 'upgradePathDocs',
     implementation_details_reference: 'https://github.com/OpenPathfinder/visionBoard/issues/106'
+  }, {
+    code_name: 'patchNonCriticalVulns90Days',
+    implementation_details_reference: 'https://github.com/OpenPathfinder/visionBoard/issues/81'
+  }, {
+    code_name: 'patchCriticalVulns30Days',
+    implementation_details_reference: 'https://github.com/OpenPathfinder/visionBoard/issues/80'
+  }, {
+    code_name: 'twoOrMoreOwnersForAccess',
+    implementation_details_reference: 'https://github.com/OpenPathfinder/visionBoard/issues/79'
+  }, {
+    code_name: 'injectedSecretsAtRuntime',
+    implementation_details_reference: 'https://github.com/OpenPathfinder/visionBoard/issues/68'
+  }, {
+    code_name: 'preventScriptInjection',
+    implementation_details_reference: 'https://github.com/OpenPathfinder/visionBoard/issues/104'
+  }, {
+    code_name: 'resolveLinterWarnings',
+    implementation_details_reference: 'https://github.com/OpenPathfinder/visionBoard/issues/84'
+  }, {
+    code_name: 'annualDependencyRefresh',
+    implementation_details_reference: 'https://github.com/OpenPathfinder/visionBoard/issues/112'
   }
 ]
 

src/database/schema/schema.sql

@@ -731,7 +731,14 @@ CREATE TABLE public.projects (
     "has_ciAndCdPipelineAsCode_policy" boolean,
     "has_npmOrgMFA_policy" boolean,
     "has_npmPublicationMFA_policy" boolean,
-    "has_upgradePathDocs_policy" boolean
+    "has_upgradePathDocs_policy" boolean,
+    "has_patchNonCriticalVulns90Days_policy" boolean,
+    "has_patchCriticalVulns30Days_policy" boolean,
+    "has_twoOrMoreOwnersForAccess_policy" boolean,
+    "has_injectedSecretsAtRuntime_policy" boolean,
+    "has_preventScriptInjection_policy" boolean,
+    "has_resolveLinterWarnings_policy" boolean,
+    "has_annualDependencyRefresh_policy" boolean
 );
 
 

src/importers/index.js

@@ -4,7 +4,7 @@ const { initializeStore } = require('../store')
 const { simplifyObject } = require('@ulisesgascon/simplify-object')
 const fs = require('fs')
 
-const projectPolicies = ['defineFunctionalRoles', 'orgToolingMFA', 'softwareArchitectureDocs', 'MFAImpersonationDefense', 'includeCVEInReleaseNotes', 'assignCVEForKnownVulns', 'incidentResponsePlan', 'regressionTestsForVulns', 'vulnResponse14Days', 'useCVDToolForVulns', 'securityMdMeetsOpenJSCVD', 'consistentBuildProcessDocs', 'machineReadableDependencies', 'identifyModifiedDependencies', 'ciAndCdPipelineAsCode', 'npmOrgMFA', 'npmPublicationMFA', 'upgradePathDocs']
+const projectPolicies = ['defineFunctionalRoles', 'orgToolingMFA', 'softwareArchitectureDocs', 'MFAImpersonationDefense', 'includeCVEInReleaseNotes', 'assignCVEForKnownVulns', 'incidentResponsePlan', 'regressionTestsForVulns', 'vulnResponse14Days', 'useCVDToolForVulns', 'securityMdMeetsOpenJSCVD', 'consistentBuildProcessDocs', 'machineReadableDependencies', 'identifyModifiedDependencies', 'ciAndCdPipelineAsCode', 'npmOrgMFA', 'npmPublicationMFA', 'upgradePathDocs', 'upgradePathDocs', 'patchNonCriticalVulns90Days', 'patchCriticalVulns30Days', 'twoOrMoreOwnersForAccess', 'injectedSecretsAtRuntime', 'preventScriptInjection', 'resolveLinterWarnings', 'annualDependencyRefresh']
 
 const bulkImport = async (knex, filePath) => {
   logger.info('Bulk importing data...')

src/schemas/bulkImport.json

@@ -29,7 +29,14 @@
           "ciAndCdPipelineAsCode",
           "npmOrgMFA",
           "npmPublicationMFA",
-          "upgradePathDocs"
+          "upgradePathDocs",
+          "patchNonCriticalVulns90Days",
+          "patchCriticalVulns30Days",
+          "twoOrMoreOwnersForAccess",
+          "injectedSecretsAtRuntime",
+          "preventScriptInjection",
+          "resolveLinterWarnings",
+          "annualDependencyRefresh"
         ],
         "examples": ["softwareDesignTraining"]
       },