You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-10
Original file line number
Diff line number
Diff line change
@@ -3,17 +3,15 @@ A tool to pull all the `known_package` standard violations for a catalog and the
3
3
4
4
### What is this repository for and when do I need to use this? ###
5
5
6
-
You don't need to unless it solves a workflow challenge involving the `known_packages` standard. This scrpt is intended to be used as an example of how a frequently requested product feature can be handled using the API. The `known_packages` standard will trigger for all internal packages that a company uses, essentially any package that is unknown to the upstream repositories. This can create a lot of noise for companies that use a lot of internal packages and the request to be able to package name match via regex has been a common request for a few years. This script automates matching packages that have triggered the known_package standard in a catalog, creates an override for the packages that match and then writes the misses to a .csv report for further investigation. If you're unfamiliar with Regex, try asking Jeeves.
6
+
You don't need to unless it solves a workflow challenge involving the `known_packages` standard. The `known_packages` standard will trigger for all internal packages that a company uses, essentially any package that is unknown to the upstream repositories. This can create a lot of noise for companies that use a lot of internal packages. This script automates matching packages that have triggered the known_package standard in a catalog, creates an override for the packages that match and then writes the misses to a .csv report for further investigation.
7
7
8
8
**Note:** Creating overrides in an automated fasion should be done with care. Start with patterns that you're confident with, review the packages that are misses and also audit the override export report to ensure that a packages override isn't being created for a truly unknown package.
9
9
10
-
**Note:** This iteration of regerride creates a package override without specifying specific releases and results in a wildcard being set for the release. This approach has drawnbacks from a security perspective. I'm evaluating adding a package lookup to pull the version information and making the overrides more granular.
10
+
**Note:** This iteration of regerride creates a package override without specifying specific releases and results in a wildcard being set for the release. This approach has drawnbacks from a security perspective.
11
11
12
12
### How do I get set up? ###
13
13
14
-
* Ensure you have python 3.9 or higher installed
15
-
* I recommend testing using a python virtual environment
16
-
14
+
* Ensure you have python 3.9 or higher installed.
17
15
18
16
### Configure Environment Variables and add patterns to package_patterns.txt ###
19
17
@@ -25,8 +23,3 @@ There are five variables that need to be set in order for the script to execute
25
23
* OVERRIDE_STATUS - an override can have a status of `approved` or `denied`
26
24
27
25
The regex patterns are added to a control file calls `package_patterns.txt`. Add one or more package name patterns for the script to look for matches.
0 commit comments