https://github.com/chainguard-dev/secureframe-policy-minder

Send Slack reminders to personnel in response to Secureframe requirements
https://github.com/chainguard-dev/secureframe-policy-minder

Last synced: 5 months ago
JSON representation

Send Slack reminders to personnel in response to Secureframe requirements

• Host: GitHub
• URL: https://github.com/chainguard-dev/secureframe-policy-minder
• Owner: chainguard-dev
• License: apache-2.0
• Created: 2023-07-27T21:53:46.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-10-07T17:00:00.000Z (8 months ago)
• Last Synced: 2024-11-13T22:36:18.443Z (7 months ago)
• Language: Go
• Size: 85 KB
• Stars: 0
• Watchers: 3
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# secureframe-policy-minder

![secureframe-policy-minder](images/logo.jpg?raw=true "secureframe-policy-minder logo")

Send Slack reminders to Personnel to remind them to:

* Accept Policies

* Upload proof of Security Training

This tool is designed to be used as a scheduled task, such as GitHub Actions.

## Requirements

* A Slack Bot token

* A Secureframe [API key](https://developer.secureframe.com/#section/Authentication)

## Installation

```shell

go install github.com/chainguard-dev/secureframe-policy-minder@latest

```

## Slack App

Create a Slack app "From Scratch" at https://api.slack.com/apps

- Scopes required: `chat:write`

Save the token starting with `xoxb-`, as you will need it to send messages.

## Usage

You can run this app via the command-line or as a scheduled Github Action (see [examples](examples))

```

usage:

  -access-key string

      secureframe access key

  -company string

      company name used for notifications

  -dry-run

    	dry-run mode

  -employee-types string

    	types of employees to contact (default "employee,contractor")

  -help-channel string

    	Slack channel for help (default "#security-and-compliance")

  -robot-name string

    	name of the robot (default "ComplyBot3000")

  -secret-key string

      secureframe secret key

  -secureframe-token string

    	Secureframe bearer token

  -security-training-url string

    	URL to security training (default "https://securityawareness.usalearning.gov/cybersecurity/index.htm")

  -test-message-target string

    	override destination and send a single test message to this person

```

For initial testing, I recommend the `--dry-run` and `--test-message-target` flags.