Home

Awesome

License: Apache 2.0

Minder Rules and Profiles

A repository containing Minder rules and profiles describing security policies and various tool integrations.

What are rule types, profiles, and data sources?

Minder is a tool that allows you to define security policies and integrate with various tools to enforce those policies. Its engine is designed to be extensible through rule types, profiles and data sources, allowing you to integrate your own logic and processes.

A profile defines your security policies that you want to apply to your software supply chain. Profiles contain rules (or rule types) that query data in a provider, and specifies whether Minder will issue alerts or perform automatic remediations when an entity is not in compliance with the policy.

Profiles in Minder allow you to group and manage rules for various entity types, such as repositories, pull requests, artifacts, etc., across your registered GitHub repositories.

Data sources are designed to enrich the information available about an entity, allowing us to make more informed policy evaluations. Unlike providers, which create entities, a data source offers additional information about an existing entity or one of its specific attributes. The entity itself, however, always originates from a provider.

How to get started with writing rules and profiles?

To get started with writing rules and profiles, you can check the following resources:

Apart from that, you can also check the reference rules and profiles in this repository to get an idea of how to write, structure, and organize them.

How to contribute?

We welcome contributions! If you came across a rule type, profile, or data source that you think would be useful to others, please consider contributing it back to the community.

If you have questions or need help getting started, feel free to reach out on the #minder channel on OpenSSF Slack or open an issue.

You can check our CONTRIBUTING.md guidelines for more information on how to contribute to this repository.

License

This repository is licensed under the Apache 2.0 License.