@kartverket/backstage-plugin-risk-scorecard
Advanced tools
This is a plugin for Backstage that helps you and your team when working continuously with risk analysis (:) The plugin is dependent on a backend service in order to decrypt and communicate with GitHub, and some configuration is necessary for them to comm
This is a plugin for Backstage that helps you and your team when working continuously with risk analysis (:) The plugin is dependent on a backend service in order to decrypt and communicate with GitHub, and some configuration is necessary for them to communicate.
Add the following configuration to the proxy-block in your app-config. Modify the target to the root url of your running backend service.
proxy:
endpoints:
'/risc-proxy':
target: http://localhost:8080
allowedHeaders:
['Authorization', 'GCP-Access-Token', 'GitHub-Access-Token']
The backend uses Backstage-issued tokens to validate the user, and GCP access tokens to federate access to the GCP KMS. Write and read access to repositories is managed by the users GitHub access token. The plugin uses the apiRefs for both of these providers, and entity providers and authentication have to be implemented for both:
Happy RiSc-ing 🌹
FAQs
This is a plugin for Backstage that helps you and your team when working continuously with risk analysis (:) The plugin is dependent on a backend service in order to decrypt and communicate with GitHub, and some configuration is necessary for them to comm
The npm package @kartverket/backstage-plugin-risk-scorecard receives a total of 117 weekly downloads. As such, @kartverket/backstage-plugin-risk-scorecard popularity was classified as not popular.
We found that @kartverket/backstage-plugin-risk-scorecard demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.
Security News
Ransomware negotiators share how modern cybercriminals operate like corporations, using specialized teams, negotiation tactics, and reputation management.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.