diff --git a/cis_gitlab_benchmark_v1_0_1_implmentation.md b/cis_gitlab_benchmark_v1_0_1_implentation.md similarity index 96% rename from cis_gitlab_benchmark_v1_0_1_implmentation.md rename to cis_gitlab_benchmark_v1_0_1_implentation.md index 0348135..5637aef 100644 --- a/cis_gitlab_benchmark_v1_0_1_implmentation.md +++ b/cis_gitlab_benchmark_v1_0_1_implentation.md @@ -5,8 +5,8 @@ ### 1.1.1 Ensure any changes to code are tracked in a version control platform (Manual) -Use GitLab Runner and metrics to monitor deployed application for not commited code. -Tools like [hofund](https://github.com/logchange/hofund) or expose metrics (f.e for prometheus) with git information about +Use GitLab Runner and metrics to monitor deployed application for not committed code. +Tools like [hofund](https://github.com/logchange/hofund) or expose metrics (f.e. for prometheus) with git information about dirtiness of repository. Example: @@ -26,7 +26,7 @@ See also [merge request commit templates](https://docs.gitlab.com/ee/user/projec interesting feature to implement this control and create company-wide standard for commit messages. Next element, that implements this control is [commit message template for push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#validate-commit-messages) which -requires from commit author to meet rules (f.e commit message must contain expression like `issue#1234`) +requires from commit author to meet rules (f.e. commit message must contain expression like `issue#1234`) Using tools like [logchange](https://github.com/logchange/logchange?tab=readme-ov-file#yaml-format) to create standard for creating `CHANGELOG.md` encourage developers to link associated tasks with given change. GitLab also @@ -56,7 +56,7 @@ src/controls/code_changes/approval_dismissed.py ### 1.1.5 Ensure there are restrictions on who can dismiss code change reviews (Manual) I don't understand this rule or what should be checked to perform audit. Is it enough that -main branch is protected, noone can push to it and Developers and Maintainers can merge? +main branch is protected, no one can push to it and Developers and Maintainers can merge? ### 1.1.6 Ensure code owners are set for extra sensitive code or configuration (Manual) @@ -194,7 +194,7 @@ src/controls/code_changes/force_push_denied.py Implemented at: ``` -src/controls/code_changes/branch_deleteion_denied.py +src/controls/code_changes/branch_deletion_denied.py ``` [see](src/controls/code_changes/branch_deletion_denied.py) diff --git a/src/controls/code_changes/approval_required.py b/src/controls/code_changes/approval_required.py index 19d5a7c..c409b1d 100644 --- a/src/controls/code_changes/approval_required.py +++ b/src/controls/code_changes/approval_required.py @@ -24,7 +24,7 @@ def validate_specific(self, gl_group_project, gl_project) -> ControlResult | Non protected_branches_result[protected_branch.name] = {'passed': False, 'more_info': ""} # now, we check if there is a rule with value set to at least 2, but it can be 2 rules with different approval users - # that requires for one approve, what also gives 2 + # that requires for one approve, which also gives 2 for rule in approval_rules: for protected_branch_by_rule in rule.protected_branches: if protected_branch_by_rule.get('name') in protected_branches_result.keys(): diff --git a/src/controls/code_changes/codeowners_file_exists.py b/src/controls/code_changes/codeowners_file_exists.py index 5335419..c3dd8de 100644 --- a/src/controls/code_changes/codeowners_file_exists.py +++ b/src/controls/code_changes/codeowners_file_exists.py @@ -16,4 +16,4 @@ def validate_specific(self, gl_group_project, gl_project) -> ControlResult: if file_exists(gl_project, 'CODEOWNERS'): return ControlResult(self.get_name(), True, "") else: - return ControlResult(self.get_name(), False, "CODEOWNERS file does not exists") + return ControlResult(self.get_name(), False, "CODEOWNERS file does not exist") diff --git a/src/controls/repository_management/security_file_available.py b/src/controls/repository_management/security_file_available.py index cfa4b52..d60b157 100644 --- a/src/controls/repository_management/security_file_available.py +++ b/src/controls/repository_management/security_file_available.py @@ -16,4 +16,4 @@ def validate_specific(self, gl_group_project, gl_project) -> ControlResult: if file_exists(gl_project, 'SECURITY.md'): return ControlResult(self.get_name(), True, "") else: - return ControlResult(self.get_name(), False, "SECURITY.md file does not exists") + return ControlResult(self.get_name(), False, "SECURITY.md file does not exist") diff --git a/src/export/xlsx_exporter.py b/src/export/xlsx_exporter.py index 18d1fa0..6c219d5 100644 --- a/src/export/xlsx_exporter.py +++ b/src/export/xlsx_exporter.py @@ -14,7 +14,7 @@ def _add_info_header(ws): info_text = ( "This file was generated using: https://github.com/logchange/cis-gitlab-benchmark\n" "Check out CIS GitLab Benchmark implementation advices\n" - "here: https://github.com/logchange/cis-gitlab-benchmark/blob/main/cis_gitlab_benchmark_v1_0_1_implmentation.md\n" + "here: https://github.com/logchange/cis-gitlab-benchmark/blob/main/cis_gitlab_benchmark_v1_0_1_implentation.md\n" "Visit https://github.com/logchange/cis-gitlab-benchmark and leave a star 🌟\n" "This file is the result of CIS-Controls assessment\n" "CIS GitLab Benchmark v1.0.1 - 04-19-2024"