microsandbox

name: General Purpose OSS Best Practices description: | This filter suite contains rules for implementing minimum security guardrails against risky OSS components. tags: - general - microsandbox filters: - name: critical-or-high-vulns check_type: CheckTypeVulnerability summary: Critical or high risk vulnerabilities were found value: | vulns.critical.exists(p, true) || vulns.high.exists(p, true) - name: unmaintained-packages check_type: CheckTypeSecurityScorecard summary: Unmaintained packages were found value: | scorecard.scores["Maintained"] == 0 - name: low-popularity check_type: CheckTypePopularity summary: Component popularity is low by Github stars count value: | projects.exists(p, (p.type == "GITHUB") && (p.stars < 10)) - name: osv-malware check_type: CheckTypeMalware summary: Malicious (malware) component detected value: | vulns.all.exists(v, v.id.startsWith("MAL-"))