feat(security): SecurityModule

Signed-off-by: Lexus Drumgold <[email protected]>
flex-development · Nov 21, 2023 · 22ab46c · 22ab46c
1 parent 26a99e5
commit 22ab46c
Show file tree

Hide file tree

Showing 12 changed files with 662 additions and 326 deletions.
diff --git a/.github/infrastructure.yml b/.github/infrastructure.yml
@@ -197,7 +197,6 @@ repository:
   allow_squash_merge: true
   allow_update_branch: true
   archived: false
-  automated_security_fixes: true
   default_branch: main
   delete_branch_on_merge: true
   description: Repository infrastructure as code for GitHub Actions
@@ -207,11 +206,6 @@ repository:
   homepage: https://github.com/flex-development/repostructure-action
   is_template: false
   private: false
-  security_and_analysis:
-    secret_scanning:
-      status: enabled
-    secret_scanning_push_protection:
-      status: disabled
   squash_merge_commit_message: BLANK
   squash_merge_commit_title: PR_TITLE
   topics:
@@ -224,5 +218,11 @@ repository:
     - repository-settings
     - typescript
   visibility: public
-  vulnerability_alerts: true
   web_commit_signoff_required: true
+security:
+  advanced_security: null
+  automated_security_fixes: true
+  secret_scanning: true
+  secret_scanning_push_protection: true
+  vulnerability_alerts: true
+  vulnerability_reporting: true
diff --git a/.schema.json b/.schema.json
@@ -227,6 +227,38 @@
       "required": [],
       "type": "object"
     },
+    "Security": {
+      "additionalProperties": false,
+      "description": "repository security options",
+      "properties": {
+        "advanced_security": {
+          "description": "enable or disable github advanced security",
+          "type": ["boolean", "null"]
+        },
+        "automated_security_fixes": {
+          "description": "enable or disable automated security fixes",
+          "type": ["boolean", "null"]
+        },
+        "secret_scanning": {
+          "description": "enable or disable secret scanning",
+          "type": ["boolean", "null"]
+        },
+        "secret_scanning_push_protection": {
+          "description": "enable or disable secret scanning push protection",
+          "type": ["boolean", "null"]
+        },
+        "vulnerability_alerts": {
+          "description": "enable or disable vulnerability alerts",
+          "type": ["boolean", "null"]
+        },
+        "vulnerability_reporting": {
+          "description": "enable or disable private vulnerability reporting",
+          "type": ["boolean", "null"]
+        }
+      },
+      "required": [],
+      "type": "object"
+    },
     "StatusCheck": {
       "additionalProperties": false,
       "description": "required status check",
@@ -288,6 +320,11 @@
       "description": "repository labels",
       "items": { "$ref": "#/$defs/Label" },
       "type": "array"
+    },
+    "security": {
+      "$ref": "#/$defs/Security",
+      "default": {},
+      "description": "repository security options"
     }
   },
   "required": [],