Manifest Evaluation and Quality tooling
In policy we trust!
|
Note
|
Mequal is in very early stage. Over the next weeks this repository will be populated with documentation and examples. |
Mequal’s project goal is to improve quality and security of software.
It is done by evaluating policies against manifests (BOMs). The outcome of the evaluation can be used to make decisions whether the software quality is good or not.
Policies can be freely defined. But we will help with guidelines. Our aim is to standardize and categorize policies. Mequal will come with a curated list of policies to get you started as well!
Curious?
Documentation is available here.
This repository also contains an initial set of starter policies written for Mequal and includes the Containerfiles to build images to evalation these policies either in CLI or as a server. Both methods currently rely on OpenPolicyAgent (OPA) in the background for evaluation.
For more information on Mequal please visit the documentation page.
Disclaimer: These policies are currently random and only for example purposes
Doing a quick demo on an SBOM is very easy, just by using the command below:
cat sbom.json | podman run -i --rm quay.io/pct-security/mequal-cli:testWe can also build the image locally from the root directory using the command below:
podman build --build-arg MANIFEST_REVISION=$(git rev-parse --short HEAD) -t mequal -f ./container_files/Containerfile .and then run:
cat sbom.json | podman run --rm -i mequalWe can just as easily run and evaluate these policies on an OPA server using the command below:
podman build -t mequal -f ./container_files/Containerfile .We can then run the server on localhost:8181 with the command below:
podman run -p 8181:8181 mequal /bin/bash ./server-run.shAfter this, we can interact with OPA REST API to do the policy evaluations.
For cleaner evaluation output, it’s recommended to query the main.rego files for each respective policy group, with the query below:
pretty=data.mequal.main
Here is a REST query example to do so:
curl -X POST http://localhost:8181/v1/query -d '{ "query": "pretty=data.mequal.main" }' | jq|
Tip
|
For more detailed information on how to get started, please visit the Mequal Getting Started page. |