-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsocket.yml
More file actions
47 lines (41 loc) · 1.08 KB
/
socket.yml
File metadata and controls
47 lines (41 loc) · 1.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Socket.dev Configuration
# https://docs.socket.dev/docs/socket-yml
#
# Recommended settings for protection against Shai-Hulud 2.0 and similar attacks
# For full config template, see: configs/socket.yml
version: 2
# Paths to ignore in project reports
projectIgnorePaths:
- "node_modules"
- ".git"
- "dist"
- "build"
# Only trigger PR alerts when these files change
triggerPaths:
- "package.json"
- "package-lock.json"
- "pnpm-lock.yaml"
- "bun.lockb"
- "yarn.lock"
# Issue rules - customize alert behavior
issueRules:
# Block critical attack vectors
installScripts: true # Shai-Hulud primary vector
shellAccess: true
networkAccess: true
envVars: true
filesystemAccess: true
malware: true
criticalCVE: true
# Warn on suspicious behavior
obfuscatedCode: true # Shai-Hulud uses heavy obfuscation
newAuthor: true
highCVE: true
# GitHub App settings
githubApp:
enabled: true
pullRequestAlertsEnabled: true
projectReportsEnabled: true
dependencyOverviewEnabled: true
# Ignore bot users
ignoreUsers: ["dependabot[bot]", "renovate[bot]"]