turbot/github_compliance
GitHub
Loading controls...

Benchmark: 3.2 Validate Packages

Overview

This section consists of security recommendations for managing package validations and checks. Third-party packages and dependencies might put the organization in danger, not only by being vulnerable to attacks, but also by being improperly used and harming license conditions. To protect the software supply chain from these dangers, it is important to validate packages and understand how and if to use them. This section’s recommendations cover this topic.

Usage

Browse dashboards and select 3.2 Validate Packages:

steampipe dashboard

Or run the benchmarks in your terminal:

steampipe check github_compliance.benchmark.cis_supply_chain_v100_3_2

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share github_compliance.benchmark.cis_supply_chain_v100_3_2

Controls

Tags