added banner

.github/CODEOWNERS

@@ -1 +1 @@
-* @theztefan @dcodx
+* @theztefan @david3107

.github/CONTRIBUTING.md

@@ -36,6 +36,6 @@ For any issues or suggestions for improvement, please create an issue on the pro
 
 ## 🤝 Code of Conduct 
 
-This project adheres to a [Code of Conduct](.github/CODE_OF_CONDUCT.md). Participation in the GitArmor project means you agree to respect the code of conduct and treat all members of the community with kindness and respect. 💖
+This project adheres to a [Code of Conduct](CODE_OF_CONDUCT.md). Participation in the GitArmor project means you agree to respect the code of conduct and treat all members of the community with kindness and respect. 💖
 
 Thank you for your contribution and involvement in making this project better! 🙏

README.md

@@ -1,6 +1,8 @@
 # GitArmor
 
-<img src="./imgs/gitarmor-text-blue.png" alt="gitarmor logo"/>
+<div style="background-color: white; padding: 10px;">
+    <img src="./imgs/gitarmor-text-blue.png" alt="gitarmor logo"/>
+</div>
 
 GitArmor is a handy tool that makes it easy to assess the secure setup of your developer platform. 
 

dist/evaluators/repository/WebHooksChecks.js

@@ -12,7 +12,6 @@ class WebHooksChecks {
     // check whether the repository has self hosted runners enabled
     async checkWebHooks() {
         const webhooks = await (0, WebHooks_1.getWebHooks)(this.repository.owner, this.repository.name);
-        console.log(webhooks);
         // for each webhook in webhooks extract the domain and check if it is in the allowed list in the policy, if not return false
         const allowedDomains = this.policy.webhooks.allowed_domains;
         const notAllowedDomains = [];

dist/index.js

@@ -48856,7 +48856,6 @@ class WebHooksChecks {
     // check whether the repository has self hosted runners enabled
     async checkWebHooks() {
         const webhooks = await (0, WebHooks_1.getWebHooks)(this.repository.owner, this.repository.name);
-        console.log(webhooks);
         // for each webhook in webhooks extract the domain and check if it is in the allowed list in the policy, if not return false
         const allowedDomains = this.policy.webhooks.allowed_domains;
         const notAllowedDomains = [];
@@ -49506,6 +49505,12 @@ const Report_1 = __nccwpck_require__(9382);
 const policies_1 = __nccwpck_require__(7700);
 const core = __importStar(__nccwpck_require__(2186));
 const run = async () => {
+    Logger_1.logger.info(`
+
+             GitArmor                                                                                       
+     by dcodx.com - version 1.0
+
+    `);
     try {
         const startTime = process.hrtime();
         const inputs = (0, Input_1.parseInputs)();
@@ -49514,7 +49519,6 @@ const run = async () => {
         let report = new Report_1.Report();
         report.addInput(inputs);
         report.addPolicy(policies);
-        const policyEvaluator = null;
         // depending on which input.level is provided, run the appropriate checks
         if (inputs.level === "organization") {
             Logger_1.logger.info("Running org level checks");

dist/main.js

@@ -32,6 +32,12 @@ const Report_1 = require("./reporting/Report");
 const policies_1 = require("./utils/policies");
 const core = __importStar(require("@actions/core"));
 const run = async () => {
+    Logger_1.logger.info(`
+
+             GitArmor                                                                                       
+     by dcodx.com - version 1.0
+
+    `);
     try {
         const startTime = process.hrtime();
         const inputs = (0, Input_1.parseInputs)();
@@ -40,7 +46,6 @@ const run = async () => {
         let report = new Report_1.Report();
         report.addInput(inputs);
         report.addPolicy(policies);
-        const policyEvaluator = null;
         // depending on which input.level is provided, run the appropriate checks
         if (inputs.level === "organization") {
             Logger_1.logger.info("Running org level checks");

policies/organization.threats.md

@@ -9,3 +9,4 @@ In this section we define the threats that could affect the organization securit
 An unauthorized actor could gain access to the organization repositories and exfiltrate sensitive data or inject malicious code.
 
 
+

src/evaluators/OrgPolicyEvaluator.ts

@@ -4,7 +4,6 @@ import { OrgGHASChecks } from "./organization/OrgGHASChecks";
 import { OrgAuthenticationChecks } from "./organization/OrgAuthenticationChecks";
 import { OrgCustomRolesChecks } from "./organization/OrgCustomRolesChecks";
 import { getOrganization } from "../github/Organization";
-import { FilesExistChecks } from "./multipurpose/FilesExistChecks";
 import { PrivilegesChecks } from "./organization/PrivilegesChecks";
 
 export class OrgPolicyEvaluator {

src/evaluators/organization/OrgCustomRolesChecks.ts

@@ -1,6 +1,5 @@
 import { Organization, CheckResult } from "../../types/common/main";
 import { getCustomRolesForOrg } from "../../github/Organization";
-import { logger } from "../../utils/Logger";
 
 export class OrgCustomRolesChecks {
   private policy: any;

src/evaluators/organization/OrgGHASChecks.ts

@@ -1,6 +1,5 @@
 import { Organization, CheckResult } from "../../types/common/main";
 import { getSecurityTeamsForOrg } from "../../github/Organization";
-import { logger } from "../../utils/Logger";
 
 export class OrgGHASChecks {
   private policy: any;

src/evaluators/repository/ActionsChecks.ts

@@ -2,8 +2,6 @@ import { CheckResult, Repository } from "../../types/common/main";
 import {
   getRepoActionsPermissions,
   getRepoSelectedActions,
-  getRepoWorkflows,
-  getRepoWorkflowActions,
 } from "../../github/Actions";
 import { logger } from "../../utils/Logger";
 

src/evaluators/repository/WebHooksChecks.ts

@@ -1,6 +1,5 @@
 import { CheckResult, Repository } from "../../types/common/main";
 import { getWebHooks, getWebHookConfig } from "../../github/WebHooks";
-import { logger } from "../../utils/Logger";
 
 export class WebHooksChecks {
   private policy: any;
@@ -18,7 +17,6 @@ export class WebHooksChecks {
       this.repository.name,
     );
 
-    console.log(webhooks);
     // for each webhook in webhooks extract the domain and check if it is in the allowed list in the policy, if not return false
 
     const allowedDomains = this.policy.webhooks.allowed_domains;

src/github/Actions.ts

@@ -1,7 +1,6 @@
 import { Endpoints } from "@octokit/types";
 import { GitArmorKit } from "./GitArmorKit";
 import { logger } from "../utils/Logger";
-import { getRepoFile } from "./Utils";
 
 //Get GitHub Actions permissions for a repository
 export const getRepoActionsPermissions = async (

src/github/Issues.ts

@@ -1,4 +1,3 @@
-import { Issue } from "../types/common/main";
 import { GitArmorKit } from "./GitArmorKit";
 
 // export class to Issues class

src/github/Repositories.ts

@@ -28,15 +28,14 @@ export const getRepository = async (
   repo: string,
 ): Promise<Endpoints["GET /repos/{owner}/{repo}"]["response"]["data"]> => {
   const octokit = new GitArmorKit();
-  
+
   const response: Endpoints["GET /repos/{owner}/{repo}"]["response"] =
     await octokit.rest.repos.get({
       owner: owner,
       repo: repo,
     });
-
-  return response.data;
 
+  return response.data;
 };
 
 export const getRepoPullRequests = async (

src/github/Utils.ts

@@ -1,6 +1,5 @@
 import { Endpoints } from "@octokit/types";
 import { GitArmorKit } from "./GitArmorKit";
-import { logger } from "../utils/Logger";
 
 //Given a certain path in a repository, get the contents of the file
 export const getRepoFile = async (

src/main.ts

@@ -7,9 +7,15 @@ import { Report } from "./reporting/Report";
 import { RepoPolicy, OrgPolicy, Repository } from "./types/common/main";
 import { loadPolicy } from "./utils/policies";
 import * as core from "@actions/core";
-import { summary } from "@actions/core/lib/summary";
 
 const run = async (): Promise<void> => {
+  logger.info(`
+
+             GitArmor                                                                                       
+     by dcodx.com - version 1.0
+
+    `);
+
   try {
     const startTime = process.hrtime();
     const inputs = parseInputs();
@@ -19,7 +25,6 @@ const run = async (): Promise<void> => {
     let report = new Report();
     report.addInput(inputs);
     report.addPolicy(policies);
-    const policyEvaluator = null;
     // depending on which input.level is provided, run the appropriate checks
     if (inputs.level === "organization") {
       logger.info("Running org level checks");
@@ -64,7 +69,7 @@ const run = async (): Promise<void> => {
         repository,
         policies.repo as RepoPolicy,
       );
-      
+
       await policyEvaluator.evaluatePolicy();
       policyEvaluator.printCheckResults();
       report.addOneRepoEvaluator(policyEvaluator);

src/reporting/Report.ts

@@ -1,9 +1,8 @@
-import { CheckResult, Policy, Inputs } from "../types/common/main";
+import { Policy, Inputs } from "../types/common/main";
 import { OrgPolicyEvaluator } from "../evaluators/OrgPolicyEvaluator";
 import { RepoPolicyEvaluator } from "../evaluators/RepoPolicyEvaluator";
 import { logger } from "./../utils/Logger";
 import fs from "fs";
-import { json } from "stream/consumers";
 
 export class Report {
   private orgEvaluators: Map<OrgPolicyEvaluator, RepoPolicyEvaluator[]>;