/reposaur

The open source compliance tool for development platforms.

Primary LanguageGoMIT LicenseMIT

logo

Reposaur

go-report tests-workflow license discussions slack twitter

Reposaur is the open source compliance tool for development platforms.

Audit, verify and report on your data and configurations easily with pre-defined and/or custom policies.
Supports GitHub. GitLab, BitBucket and Gitea support soon.

⚠️ before 1.0.0 expect some bugs and API changes ⚠️

Getting startedInstallationDocumentationGuidesIntegrations

Getting Started

Have you ever felt like you don't know what's happening in your GitHub/GitLab/BitBucket repositories? Between 100s or 1000s of them it's hard to make sure every single one is compliant to certain security and best practices guidelines.

Reposaur is here to fix that, empowering you to focus on your work instead of hunting for issues and misconfigurations.

Features

  • Custom policies using the Rego policy language (learn more)
  • A simple, composable and easy-to-use CLI (learn more)
  • Extendable using a straightforward SDK (written in Go)
  • Reports follow the standard SARIF format, enabling easy integrations with different systems
  • Policies can be unit tested, guaranteeing they work as expected
  • Integration with the major development platforms (see Integrations)
  • Easily integrate new platforms using the SDK

Guides

Installation

Homebrew Tap

$ brew install reposaur/tap/reposaur

DEB, RPM and APK Packages

Download the .deb, .rpm or .apk packages from the releases page and install them with the appropriate tools.

Go

$ go install github.com/reposaur/reposaur/cmd/rsr@latest

Script

$ curl -o- https://raw.githubusercontent.com/reposaur/reposaur/main/install.sh | bash

Integrations

Platform Status Details
GitHub In progress ProviderGitHub AppGitHub Actions
GitLab Planned N/A
Gitea Planned N/A
BitBucket Not planned N/A

Contributing

We appreciate every contribution, thanks for considering it!

License

This project is released under the MIT License.