Benchmark: 3.1 Third-Party Packages

Overview

This section consists of security recommendations for the use and management of third-party dependencies and packages. As a consumer of various third-party packages, you need to ensure certain conditions exist to trust them and use them safely. Using third-party packages affects not only the software, but also its customers, so it is important to carefully examine each one of these packages.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-github-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select 3.1 Third-Party Packages.

Run this benchmark in your terminal:

powerpipe benchmark run github_compliance.benchmark.cis_supply_chain_v100_3_1

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run github_compliance.benchmark.cis_supply_chain_v100_3_1 --share

Controls

3.1.7 Ensure dependencies are pinned to a specific, verified version

Benchmark: 3.1 Third-Party Packages

Overview

Usage

Controls

Tags