From 56b1b2802590df95da5e3b2409301cd65f5755f7 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Sun, 8 Feb 2026 16:19:07 -0500 Subject: [PATCH 1/7] spelling: committed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cis_gitlab_benchmark_v1_0_1_implmentation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cis_gitlab_benchmark_v1_0_1_implmentation.md b/cis_gitlab_benchmark_v1_0_1_implmentation.md index 0348135..636c573 100644 --- a/cis_gitlab_benchmark_v1_0_1_implmentation.md +++ b/cis_gitlab_benchmark_v1_0_1_implmentation.md @@ -5,7 +5,7 @@ ### 1.1.1 Ensure any changes to code are tracked in a version control platform (Manual) -Use GitLab Runner and metrics to monitor deployed application for not commited code. +Use GitLab Runner and metrics to monitor deployed application for not committed code. Tools like [hofund](https://github.com/logchange/hofund) or expose metrics (f.e for prometheus) with git information about dirtiness of repository. From 010ef582a464dfabaee1a85f35b113f5ad51e0c8 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Sun, 8 Feb 2026 16:19:24 -0500 Subject: [PATCH 2/7] spelling: deletion Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cis_gitlab_benchmark_v1_0_1_implmentation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cis_gitlab_benchmark_v1_0_1_implmentation.md b/cis_gitlab_benchmark_v1_0_1_implmentation.md index 636c573..2f023b4 100644 --- a/cis_gitlab_benchmark_v1_0_1_implmentation.md +++ b/cis_gitlab_benchmark_v1_0_1_implmentation.md @@ -194,7 +194,7 @@ src/controls/code_changes/force_push_denied.py Implemented at: ``` -src/controls/code_changes/branch_deleteion_denied.py +src/controls/code_changes/branch_deletion_denied.py ``` [see](src/controls/code_changes/branch_deletion_denied.py) From a5e9e1b98fb7d77234b4670f7377625a4b351c4c Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Sun, 8 Feb 2026 16:17:56 -0500 Subject: [PATCH 3/7] spelling: exist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- src/controls/code_changes/codeowners_file_exists.py | 2 +- src/controls/repository_management/security_file_available.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/controls/code_changes/codeowners_file_exists.py b/src/controls/code_changes/codeowners_file_exists.py index 5335419..c3dd8de 100644 --- a/src/controls/code_changes/codeowners_file_exists.py +++ b/src/controls/code_changes/codeowners_file_exists.py @@ -16,4 +16,4 @@ def validate_specific(self, gl_group_project, gl_project) -> ControlResult: if file_exists(gl_project, 'CODEOWNERS'): return ControlResult(self.get_name(), True, "") else: - return ControlResult(self.get_name(), False, "CODEOWNERS file does not exists") + return ControlResult(self.get_name(), False, "CODEOWNERS file does not exist") diff --git a/src/controls/repository_management/security_file_available.py b/src/controls/repository_management/security_file_available.py index cfa4b52..d60b157 100644 --- a/src/controls/repository_management/security_file_available.py +++ b/src/controls/repository_management/security_file_available.py @@ -16,4 +16,4 @@ def validate_specific(self, gl_group_project, gl_project) -> ControlResult: if file_exists(gl_project, 'SECURITY.md'): return ControlResult(self.get_name(), True, "") else: - return ControlResult(self.get_name(), False, "SECURITY.md file does not exists") + return ControlResult(self.get_name(), False, "SECURITY.md file does not exist") From c23c2de57c04e65e98ad6b3cbf7fbbbc805f7a9a Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Sun, 8 Feb 2026 16:26:23 -0500 Subject: [PATCH 4/7] spelling: f.e. Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cis_gitlab_benchmark_v1_0_1_implmentation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cis_gitlab_benchmark_v1_0_1_implmentation.md b/cis_gitlab_benchmark_v1_0_1_implmentation.md index 2f023b4..ff65e97 100644 --- a/cis_gitlab_benchmark_v1_0_1_implmentation.md +++ b/cis_gitlab_benchmark_v1_0_1_implmentation.md @@ -6,7 +6,7 @@ ### 1.1.1 Ensure any changes to code are tracked in a version control platform (Manual) Use GitLab Runner and metrics to monitor deployed application for not committed code. -Tools like [hofund](https://github.com/logchange/hofund) or expose metrics (f.e for prometheus) with git information about +Tools like [hofund](https://github.com/logchange/hofund) or expose metrics (f.e. for prometheus) with git information about dirtiness of repository. Example: @@ -26,7 +26,7 @@ See also [merge request commit templates](https://docs.gitlab.com/ee/user/projec interesting feature to implement this control and create company-wide standard for commit messages. Next element, that implements this control is [commit message template for push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#validate-commit-messages) which -requires from commit author to meet rules (f.e commit message must contain expression like `issue#1234`) +requires from commit author to meet rules (f.e. commit message must contain expression like `issue#1234`) Using tools like [logchange](https://github.com/logchange/logchange?tab=readme-ov-file#yaml-format) to create standard for creating `CHANGELOG.md` encourage developers to link associated tasks with given change. GitLab also From ac8500f9827e040122153735b3be5712d3dc6090 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Sun, 8 Feb 2026 16:19:57 -0500 Subject: [PATCH 5/7] spelling: implentation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- ...lmentation.md => cis_gitlab_benchmark_v1_0_1_implentation.md | 0 src/export/xlsx_exporter.py | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename cis_gitlab_benchmark_v1_0_1_implmentation.md => cis_gitlab_benchmark_v1_0_1_implentation.md (100%) diff --git a/cis_gitlab_benchmark_v1_0_1_implmentation.md b/cis_gitlab_benchmark_v1_0_1_implentation.md similarity index 100% rename from cis_gitlab_benchmark_v1_0_1_implmentation.md rename to cis_gitlab_benchmark_v1_0_1_implentation.md diff --git a/src/export/xlsx_exporter.py b/src/export/xlsx_exporter.py index 18d1fa0..6c219d5 100644 --- a/src/export/xlsx_exporter.py +++ b/src/export/xlsx_exporter.py @@ -14,7 +14,7 @@ def _add_info_header(ws): info_text = ( "This file was generated using: https://github.com/logchange/cis-gitlab-benchmark\n" "Check out CIS GitLab Benchmark implementation advices\n" - "here: https://github.com/logchange/cis-gitlab-benchmark/blob/main/cis_gitlab_benchmark_v1_0_1_implmentation.md\n" + "here: https://github.com/logchange/cis-gitlab-benchmark/blob/main/cis_gitlab_benchmark_v1_0_1_implentation.md\n" "Visit https://github.com/logchange/cis-gitlab-benchmark and leave a star 🌟\n" "This file is the result of CIS-Controls assessment\n" "CIS GitLab Benchmark v1.0.1 - 04-19-2024" From d5e7e9cd75c4da5123823591e21c940558a5a9ae Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Sun, 8 Feb 2026 16:20:54 -0500 Subject: [PATCH 6/7] spelling: no one Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- cis_gitlab_benchmark_v1_0_1_implentation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cis_gitlab_benchmark_v1_0_1_implentation.md b/cis_gitlab_benchmark_v1_0_1_implentation.md index ff65e97..5637aef 100644 --- a/cis_gitlab_benchmark_v1_0_1_implentation.md +++ b/cis_gitlab_benchmark_v1_0_1_implentation.md @@ -56,7 +56,7 @@ src/controls/code_changes/approval_dismissed.py ### 1.1.5 Ensure there are restrictions on who can dismiss code change reviews (Manual) I don't understand this rule or what should be checked to perform audit. Is it enough that -main branch is protected, noone can push to it and Developers and Maintainers can merge? +main branch is protected, no one can push to it and Developers and Maintainers can merge? ### 1.1.6 Ensure code owners are set for extra sensitive code or configuration (Manual) From 1ee5dd047effcb4c2551ff316369defae913e06f Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Sun, 8 Feb 2026 16:17:44 -0500 Subject: [PATCH 7/7] spelling: which Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- src/controls/code_changes/approval_required.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/controls/code_changes/approval_required.py b/src/controls/code_changes/approval_required.py index 19d5a7c..c409b1d 100644 --- a/src/controls/code_changes/approval_required.py +++ b/src/controls/code_changes/approval_required.py @@ -24,7 +24,7 @@ def validate_specific(self, gl_group_project, gl_project) -> ControlResult | Non protected_branches_result[protected_branch.name] = {'passed': False, 'more_info': ""} # now, we check if there is a rule with value set to at least 2, but it can be 2 rules with different approval users - # that requires for one approve, what also gives 2 + # that requires for one approve, which also gives 2 for rule in approval_rules: for protected_branch_by_rule in rule.protected_branches: if protected_branch_by_rule.get('name') in protected_branches_result.keys():