Skip to content

updated the readme to include the security metrics integration part #1784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ezzeddinemtar wants to merge 1 commit into
base: main
Choose a base branch
from
Open

updated the readme to include the security metrics integration part #1784

ezzeddinemtar wants to merge 1 commit into from

Conversation

@ezzeddinemtar
Copy link
Collaborator

@ezzeddinemtar ezzeddinemtar commented Aug 26, 2025

related to issue : #1763

@github-actions github-actions bot added the api label Aug 26, 2025
@codecov
Copy link

codecov bot commented Aug 26, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.49%. Comparing base (4846461) to head (877fa3d).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1784   +/-   ##
=======================================
  Coverage   78.49%   78.49%           
=======================================
  Files         147      147           
  Lines       12255    12255           
=======================================
  Hits         9619     9619           
  Misses       2260     2260           
  Partials      376      376
Flag Coverage Δ
unittests 78.49% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

immqu
immqu reviewed Aug 26, 2025
View reviewed changes
README.md
go build -o ./engine cmd/engine/engine.go
```

## Security metrics integration
Copy link
Contributor

@immqu immqu Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section contains valuable info! Still, I think it is too detailed for the general Readme; let's move this part to the policies folder and instead just add a short paragraph about the metrics repo here.

anatheka
anatheka reviewed Sep 15, 2025
View reviewed changes
README.md
> Note: We are currently preparing a `v2` release of Clouditor, which will be somewhat incompatible with regards to storage to `v1`. The APIs will remain largely the same, but will be improved and cleaned. We will regularly release pre-release `v2` versions, but do not have a concrete time-frame for a stable `v2` yet.
>
> If you are looking for a stable version, please use the [v1.10.1](https://github.com/clouditor/clouditor/releases/tag/v10.10.1) release.
> If you are looking for a stable version, please use the [v1.10.1](https://github.com/clouditor/clouditor/releases/tag/v1.10.1) release.
Copy link
Member

@anatheka anatheka Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The last stable version is v1.10.1, the release version, see in the Clouditor repo:
image

README.md
- granular report of detected non-compliant configurations
- quick and adaptive integration with existing service through automated service discovery
- descriptive development of custom rules using [Cloud Compliance Language (CCL)](clouditor-engine-azure/src/main/resources/rules/azure/compute/vm-data-encryption.md) to support individual evaluation scenarios
- curated security metrics integrated from the external Security Metrics repository
Copy link
Member

@anatheka anatheka Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a link to the security metrics repo

README.md
## Quick start with UI

In order to just build and run the Clouditor, without generating the protobuf file, one can use the `run-engine-with-ui.sh` script. This still requires Go and Node.js to be installed. For example, to run the engine in-memory with the Azure provider the following command can be used:
To quickly build and run Clouditor without generating protobuf files, you can use the `run-engine-with-ui.sh` script. This still requires Go and Node.js to be installed. For example, to run the engine in memory with the Azure provider, use:
Copy link
Member

@anatheka anatheka Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here, 'in-memory' must be used.

README.md
git add policies/security-metrics && git commit -m "chore: bump security-metrics"
```

Notes:
Copy link
Member

@anatheka anatheka Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the first bullet point is important, the other two we do not need here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anatheka anatheka anatheka left review comments

@immqu immqu immqu left review comments

@oxisto oxisto Awaiting requested review from oxisto oxisto is a code owner

@lebogg lebogg Awaiting requested review from lebogg lebogg is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

api

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ezzeddinemtar @anatheka @immqu @ezzeddine-ui