Add redhat_security policy collection#1766
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (66)
✅ Files skipped from review due to trivial changes (60)
🚧 Files skipped from review as they are similar to previous changes (5)
📝 WalkthroughWalkthroughThis PR adds ChangesRed Hat security collection rollout
Estimated code review effort: 3 (Moderate) | ~20 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Warning Tools execution failed with the following error: Failed to run tools: 13 INTERNAL: Received RST_STREAM with code 2 (Internal server error) Comment |
|
🤖 Finished Review · ✅ Success · Started 1:02 PM UTC · Completed 1:08 PM UTC |
ReviewFindingsLow
Previous runLooks good to me Previous run (2)Looks good to me |
|
🤖 Review · |
|
🤖 Finished Review · ✅ Success · Started 1:23 PM UTC · Completed 1:28 PM UTC |
Create a new redhat_security collection containing all rego rules mapped to a Red Hat ProdSec requirement. The mapping source is the conforma-prodsec-mapping.json file from EC-1967. 124 release rules across 33 files get redhat_security added to their collections annotation. Two additional dependency rules (cve_results_found and pipeline_has_tasks) are included to satisfy the conventions-check requirement that dependencies share the same collections. This is additive. It does not modify or replace the existing redhat collection. Ref: https://redhat.atlassian.net/browse/EC-1967 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
🤖 Finished Review · ✅ Success · Started 1:39 PM UTC · Completed 1:53 PM UTC |
Add a
redhat_securitycollection containing the 124 release rules that map toa ProdSec requirement. The mapping comes from the conforma-prodsec internal docs.
The existing
redhatcollection is unchanged. This is purely additive.policy/release/collection/redhat_security/redhat_securityin theircollections:annotationcollections:field now have onemaven_repos_test.regoassertions to match20 non-release rules (pipeline, task, build_task, stepaction) and 2 builtin rules
are in the mapping but not tagged, since collections only apply to release rules.
Ref: EC-1967
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com