WayOfWorking::Audit::Github

A Way of Working plugin that provides a registry and auditing tool for GitHub repositories. Rules can check for both missing/incorrect files and mis-configuration of the repository itself. Many existing plugins have defined their own rules to check that they have been adopted properly.

Work is ongoing on a plugin for CIS GitHub Benchmark compliance testing.

Install the gem and add to the application's Gemfile by executing:

bundle add way_of_working-audit-github

If bundler is not being used to manage dependencies, install the gem by executing:

gem install way_of_working-audit-github

Define the following environment variables:

• GITHUB_ORGANISATION: the name of your organisation being scanned (as used in the GitHub URL)
• GITHUB_TOKEN: a PAT token with sufficient permission to access repositories and their configuration.

Then to run the GitHub audit for your project, use:

way_of_working exec audit_github

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.

Bug reports and pull requests are welcome on GitHub at https://github.com/HealthDataInsight/way_of_working-audit-github. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

The gem is available as open source under the terms of the MIT License.

Everyone interacting in the way_of_working-audit-github project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.