Benchmark: 4.3 Package Registries
Overview
This section consists of security recommendations for management of package registries and artifacts that are stored in them.
Package registries are where the organization artifacts are stored. To keep an artifact safe, you must keep the registry where it is stored safe too. Furthermore, you need to ensure that every artifact that reaches the registry is safe to use and does not put the registry in danger.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-github-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 4.3 Package Registries.
Run this benchmark in your terminal:
powerpipe benchmark run github_compliance.benchmark.cis_supply_chain_v100_4_3
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run github_compliance.benchmark.cis_supply_chain_v100_4_3 --share