etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
            properties:
              exportTo:
                description: A list of namespaces to which this destination rule is
                  exported.
                items:
                  type: string
                type: array
              host:

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '45 9 * * 0'
  push:
    branches: [ "master" ]

              etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
            properties:
              exportTo:
                description: A list of namespaces to which this destination rule is
                  exported.
                items:
                  type: string
                type: array
              host:

  - type: textarea
    id: what-did-you-do
    attributes:
      label: "What did you do?"
      description: "If possible, provide a recipe for reproducing the error. Starting with a Private/Incognito tab/window may help rule out problematic browser extensions."
    validations:
      required: true
  - type: textarea
    id: actual-behavior
    attributes:
      label: "What did you see happen?"
    validations:
      required: true

type: array type: object type: array tls: description: An ordered list of route rule for non-terminated TLS & HTTPS traffic. items: properties: match: description: Match conditions to be satisfied for the rule to be activated. items: properties: destinationSubnets: description: IPv4 or IPv6 ip addresses of destination with optional subnet. items: type: string type: array gateways: description: Names of gateways where the rule should be applied. items: type: string type: array port: description: Specifies...

    {{ if .Values.global.logAsJson -}}
    - "--log_as_json"
    {{ end -}}
    {{ if or .Values.pilot.cni.enabled .Values.istio_cni.enabled -}}
    - "--run-validation"
    - "--skip-rule-apply"
    {{ end -}}
    {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
  {{- if .ProxyConfig.ProxyMetadata }}
    env:
    {{- range $key, $value := .ProxyConfig.ProxyMetadata }}

    {{ if .Values.global.logAsJson -}}
    - "--log_as_json"
    {{ end -}}
    {{ if or .Values.pilot.cni.enabled .Values.istio_cni.enabled -}}
    - "--run-validation"
    - "--skip-rule-apply"
    {{ end -}}
    {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}}
  {{- if .ProxyConfig.ProxyMetadata }}
    env:
    {{- range $key, $value := .ProxyConfig.ProxyMetadata }}

              "typed_config": {
               "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
               "rules": {
                "policies": {
                 "ns[default]-policy[httpbin]-rule[0]": {
                  "permissions": [
                   {
                    "and_rules": {
                     "rules": [
                      {
                       "or_rules": {

'''
 Repository rule to set some environment variables.
 Can be set via build parameter "--repo_env=<VARIABLE_NAME>=<value>"
 e.g "--repo_env=REQUIREMENTS_FILE_NAME=requirements.in"

 List of variables:
 REQUIREMENTS_FILE_NAME
'''

def _updater_config_repository_impl(repository_ctx):
    repository_ctx.file("BUILD", "")
    requirements_file_name = repository_ctx.os.environ.get("REQUIREMENTS_FILE_NAME", "requirements.in")
    repository_ctx.file(

# limitations under the License.
# ============================================================================

name: Scorecards supply-chain security
on:
  # Only the default branch is supported.
  branch_protection_rule:
  schedule:
    - cron: '44 15 * * 5'
  push:
    branches: [ master ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  analysis: