phylum-dev / documentation Goto Github PK
View Code? Open in Web Editor NEWDocumentation for the Phylum products
Documentation for the Phylum products
We need a standard markdown "learn more" doc for the "Nuget install scripts" rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "nuget_install_scripts.md" to match the existing published link from the rule.
nuget_install_scripts_rule
We need a standard markdown "learn more" doc for the "Ruby install hooks" rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "ruby_install_hooks.md" to match the existing published link from the rule.
Provide simple instructions that a Netskope subscriber can follow to get set up to use Phylum malicious package hash list.
This is part of https://github.com/phylum-dev/roadmap/issues/385
Add a new content overview page for the "Defend Your Workstation" topic/concept. It will be less of a guide and meant more as a landing page to drive folks to the appropriate local protection method. This is meant to answer the question of how Phylum can defend the developer by shifting security even further left.
Provide more detail around the new content:
Add a new content overview page for the "Defend Your Application" topic/concept. It will be less of a guide and meant more as a landing page to drive folks to the appropriate CI/CD integration.
Provide more detail around the new content:
Add a new integration guide for Tines.
Provide more detail around the new content:
Tines Integration
Move pages from the phylum-dev/cli
repo to the phylum-dev/documentation
repo.
phylum-dev/documentation
repophylum-dev/cli
repoAutomate updates for:
pre-commit
hooks, if usedWe need a standard markdown "learn more" doc for the "High entropy blobs" rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "high_entropy_blobs.md" to match the existing published link from the rule.
We need a standard markdown "learn more" doc for the "Deprecated Package" rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "deprecated_package.md".
An integration for Phylum exists in the Sophos Factory; we should write documentation on how to install and use that integration.
As we migrate away from Readme.com, we may need a Phylum API reference on the new Phylum doc site.
Specifically, customers have found the code snippets from Readme.com to be very useful. Here is an example:
There are at least two options that Docusaurus advertises in their Community Features section
Update existing license issue to reflect an issue where using a package in a commercial product is prohibited.
Add new issue when a specific license requires source code distribution.
Policy provided by Phylum, and its application, have changed enough to benefit from a documentation overview. Perhaps it's a good idea to add a page on Phylum-provided policies and how are they being applied out of the box.
screen recording that shows the user hoe to explore phylum regos
video
The EvalCalls rule is getting put back into prod and will need an accompanying docs page.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "eval_calls.md".
Move pages directly hosted on Readme.com to the phylum-dev/documentation
repo.
phylum-dev/documentation
repoWe need a standard markdown "learn more" doc for the newly introduced Malware Bazaar hash check rule.
Add a CODEOWNERS
file to automate the assignment of PR reviewers. Do this after the repo has been configured and a steady state is reached where most of the PRs are documentation updates. The likely entry for the file is @phylum-dev/engineering
, but a larger/different audience is possible.
Enforce this by updating the branch protection rule to "Require review from Code Owners."
Change the custom domain for Docusaurus based Phylum docs from docs-stg.phylum.io
to docs.phylum.io
. Do this after all other work is completed to move from Readme.com to Docusaurus.
CNAME
file in the default branch (or branch hosting the pages)CNAME
record with the DNS providerAdd a new integration guide for the existing Phylum GitHub App.
Provide more detail around the new content:
GitHub App Integration
Add quality assurance checks.
markdownlint
yamllint
actionlint
*.mdx
files with one of the QA tools added here or a new/different oneWe need a standard markdown "learn more" doc for the Cargo build file rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "cargo_build_file.md" to match the existing published link from the rule.
cargo_build_file_rule
After lockfile generation support is added to the phylum-ci
Docker image, the documentation for each of the integrations that makes use of that image needs to be updated.
phylum-ci
image and the -slim
version tags are made clearDocusaurus makes it easy for outside contributors to suggest changes by adding an "Edit this page" link to the footer of each hosted page. That link is simply to the hosted content on GitHub, with a message about forking the repo if the user is not a member of the organization. Therefore, the same CLA that is in place for the other public repos in the phylum-dev
organization should be enabled for this repo. A webhook for the CLA app may be needed...check existing repos for the format.
Create a custom 404 page following the directions here and re-using existing Phylum 404 page content where possible (from the UI/app).
We need a standard markdown "learn more" doc for the "NPM Security Holding" rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "npm_security_holding.md" to match the existing published link from the rule.
Since this is a public repository, the settings should be locked down. Review the current settings and modify them as appropriate to match the current phylum-dev
public repo standards.
Document the new Audit mode
button for GitHub App Installations
See phylum-dev/roadmap#407
After https://github.com/phylum-dev/rules/issues/425 is completed, change https://github.com/phylum-dev/documentation/blob/main/docs/analytics/trivial_package.md to describe the clarified name and intent of the rule.
Provide any additional details or context here.
The project/group policy management UI pages have undergone changes that are not yet reflected in the documentation, so https://docs.phylum.io/knowledge_base/policy_apply page needs an update
We need a standard markdown "learn more" doc for the "Depends on malware" rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "depends_on_malware.md" to match the existing published link from the rule.
The single package endpoint has 3 news top level keys in the json response. They are name
, version
, and ecosystem
to help keep track of what response belong to which packages.
We need a standard markdown "learn more" doc for the npm URL dependency rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "npm_url_dependency.md" to match the (soon to be) existing published link from the rule.
We need a standard markdown "learn more" doc for the base-64 decoding rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "base64_decoding.md".
Move pages from the phylum-dev/phylum-ci
repo to the phylum-dev/documentation
repo.
phylum-dev/documentation
repophylum-dev/phylum-ci
repoThe current documentation, hosted on https://docs.phylum.io, consists of content from multiple sources:
phylum-dev
repositories
phylum-dev/documentation
repo
phylum-dev/cli
repo
phylum-dev/phylum-ci
repo
phylum-dev
repositories
This works because each repo has workflow(s) that push docs to the central Readme.com server using the rdme
CLI. That is possible because the pages are centrally hosted (e.g., in a document storage schema) and asynchronous updates are allowed.
The new documentation will be hosted on GitHub Pages using Docusaurus, which is a static site generator. That means all the content needed to generate the site/docs is required to be in place at the time of generation. This poses a challenge given the current distributed nature of the individual documentation pages. There are several options for proceeding:
phylum-dev/documentation
repoConsolidate all docs from each source repo into a single place, the phylum-dev/documentation
repo.
Pros:
Cons:
There is one plugin available to allow for downloading content from remote sources.
Pros:
Cons:
Each repo hosting docs outside of phylum-dev/documentation
could be added to phylum-dev/documentation
as a git submodule.
Pros
Cons
Create a triggerable workflow in the phylum-dev/documentation
repo that checks out each of the remote repos hosting docs to copy their files over prior to generating the site.
Pros:
Cons:
Create one for the documentation
repo and one for each of the dynamically generated pages. At this point, that might just be cli
.
Pros:
Cons:
Move the content that doesn't need to live in remote repos into the documentation
repo. Create separate statically hosted sites for the remaining repo(s). Create "stub" pages in the main documentation
repo to point to the full content.
Maybe there is another option to consider that is not enumerated here.
Maybe using a monorepo would help.
Maybe using a Static Site Generator (SSG) is not the way to go.
Move pages from private phylum-dev
repo(s) to the phylum-dev/documentation
repo.
phylum-dev/documentation
repophylum-dev
repo(s)An integration for Phylum exists in the Dazz application; we should write documentation on how to install and use that integration.
Not a high-pri, but would be nice if at least the dark color palette of the documentation matched the Phylum app UI.
Make use of the GitHub App or action to automate analysis of the docusaurus lockfile updates.
We need a standard markdown "learn more" doc for the Python build hook rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "python_build_hook.md" to match the existing published link from the rule.
We need a standard markdown "learn more" doc for the compiled Python files rule.
It should follow the same format and style as the rest of the analytics docs. The doc should be called "compiled_python_files.md" to match the existing published link from the rule.
Since this is a public repository, it should adhere to as many of the community standards as possible:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.