Skip to content

compliance-framework/plugin-dependabot-policies

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.github/workflows
.github/workflows
 
 
examples
examples
 
 
policies
policies
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

SSH policies for use in Compliance Framework Local SSH Plugin

Requirements

Install opa for testing & building the bundles.

Testing

opa test policies

Bundling

Policies are built into bundle to make distribution easier.

You can easily build the policies by running

opa build -b policies -o dist/bundle.tar.gz

Running policies locally

opa eval -I -b policies -f pretty data.compliance_framework.local_ssh <<EOF 
{
  "passwordauthentication": [
    "yes"
  ],
  "permitrootlogin": [
    "with-password"
  ],
  "pubkeyauthentication": [
    "no"
  ]
}
EOF

Writing policies.

Policies are written in the Rego language.

package ssh.deny_password_auth

import future.keywords.in

violation[{
    "title": "Host SSH is using password authentication.",
    "description": "Host SSH should not use password, as this is insecure to brute force attacks from external sources.",
    "remarks": "Migrate to using SSH Public Keys, and switch off password authentication."
}] {
	"yes" in input.passwordauthentication
}

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 3

v0.3.0 Latest
Sep 16, 2025
+ 2 releases

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages