Modules§
- actions_
pinned_ dependencies - branch_
history_ integrity - branch_
protection_ admin_ enforcement - branch_
protection_ enforcement - build_
isolation - build_
provenance - change_
request_ size - code_
scanning_ alerts_ resolved - codeowners_
coverage - conventional_
title - default_
branch_ settings_ baseline - dependency_
completeness - dependency_
license_ compliance - dependency_
provenance - dependency_
signature - dependency_
signer_ verified - dependency_
update_ tool - description_
quality - dismiss_
stale_ reviews_ on_ push - environment_
protection_ rules - hosted_
build_ platform - issue_
linkage - merge_
commit_ policy - privileged_
workflow_ detection - provenance_
authenticity - release_
asset_ attestation - release_
traceability - repository_
permissions_ audit - required_
status_ checks - review_
independence - sbom_
attestation - scoped_
change - secret_
scanning - secret_
scanning_ push_ protection - security_
file_ change - security_
policy - security_
test_ in_ ci - source_
authenticity - stale_
review - test_
coverage - two_
party_ review - vulnerability_
scanning - workflow_
permissions_ restricted
Functions§
- all_
controls - Returns all controls (all SLSA + compliance).
- all_
slsa_ controls - Returns all SLSA controls (Source L4 + Build L3 + Dependencies L4).
- compliance_
controls - Returns compliance controls (non-SLSA, SOC2/ASPM mapped).
- control_
description - Returns the SARIF-friendly description for a built-in control ID. Falls back to “Custom control” for unknown IDs.
- posture_
controls - Returns repository-posture controls only (no PR-scoped compliance controls).
- slsa_
controls - Returns all SLSA controls across both tracks up to the given levels.
- slsa_
controls_ for_ level - Returns all SLSA controls required for the given track up to the given level.