Skip to content

GurdipSCode/devops-mondoo-policies-domain

BranchesTags

Repository files navigation

🛡️ devops-configs-policies-domain

Mondoo security policies and Buildkite scan config for Domain / External Surface.

📂 Contents

File Owner Purpose
⚙️ .buildkite/scan-config.yaml Platform Scan targets, soft-coded defaults, Buildkite queue
🔍 policies/domain-instance.mql.yaml Platform MQL security checks run by cnspec
🐇 .coderabbit.yaml Platform Automated PR review rules
🔀 .mergify.yml Platform PR auto-merge, labelling, review routing
🪝 lefthook.yml Platform Git hooks: YAML lint, MQL lint, secrets, conventional commits
📜 cliff.toml Platform Changelog generation (git-cliff)
🔐 .gitguardian.yaml Platform Secret scanning (ggshield)
📄 CHANGELOG.md Auto-generated Release history

🔄 How it works

mondoo-runner (Buildkite pipeline) | |-- 1. Reads scan-config.yaml -> discovers targets & settings |-- 2. Loads MQL checks from policies/ |-- 3. Fetches thresholds from devops-mondoo-policies-config-thresholds-domain |-- 4. Merges base + env override via yq |-- 5. Executes: cnspec scan host --policy-bundle ... --props merged.yaml

🚀 Quick start

`�ash

Clone & install hooks

git clone git@github.com:GurdipSCode/devops-configs-policies-domain.git cd devops-configs-policies-domain lefthook install

Validate locally

cnspec bundle lint policies/domain-instance.mql.yaml yamllint .buildkite/scan-config.yaml

Generate changelog

git cliff -o CHANGELOG.md `

👥 Ownership

Area Team
MQL checks, scan-config, CI Platform team
Threshold values Security team (in devops-mondoo-policies-config-thresholds-domain)
PR review automation Mergify + CodeRabbit
Secret scanning GitGuardian

About

Mondoo security policies and scan config for Domain / External Surface

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors