Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Having a level of privacy on a per rule basis #176

Open
agoncal opened this issue Apr 3, 2024 · 3 comments
Open

[RFE] Having a level of privacy on a per rule basis #176

agoncal opened this issue Apr 3, 2024 · 3 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. needs-priority Indicates an issue or PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@agoncal
Copy link

agoncal commented Apr 3, 2024

Today we can disable code snippets in the reports. That's very useful for privacy reason. But this is done on a per-assessment basis: either you show the code snippets in the report or not. But sometimes you want to show the code snippets in the report, except for specific rules (e.g. a rule that looks for hard-coded passwords and displays the password in the code snippet).

It would be good if there was a privacy level on a per-rule basis. We could have several levels, going from public to private, something like:

  • Public: By default the code snippet of this rule is displayed
  • Confidential: Code snipped could be restricted to a select group of individuals who have a need to know
  • Private: The highest level of privacy, the code snipped is not to be shown
  • ....

And when you run an analysis, you could specify the minimum level of privacy.

This mechanism is inspired from the Logging level of logging frameworks
@pranavgaikwad pranavgaikwad added the kind/feature Categorizes issue or PR as related to a new feature. label Apr 8, 2024
@rromannissen rromannissen transferred this issue from konveyor/rulesets May 9, 2024
@konveyor-ci-bot
Copy link

This issue is currently awaiting triage.
If contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members.

@konveyor-ci-bot konveyor-ci-bot bot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates an issue or PR lacks a `priority/foo` label and requires one. labels May 9, 2024
@rromannissen rromannissen changed the title [Feature] Having a level of privacy on a per rule basis [RFE] Having a level of privacy on a per rule basis May 9, 2024
@shawn-hurley
Copy link
Contributor

Hello!

Thanks for the request, I can see how this could be useful for rule authors, I do have a question if you can help me think of other use cases along with the hard coded password type of rule?

@rromannissen
Copy link
Contributor

@shawn-hurley I can imagine organizations wanting to build custom rules to update their custom security libraries/frameworks, and not wanting snippets of that code living outside of their secured repositories. @agoncal any other use cases?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. needs-priority Indicates an issue or PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
Planning
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
4 participants
@agoncal @shawn-hurley @pranavgaikwad @rromannissen