Skip to content

[Issue]: Move DependencyViolation and ComplianceReport classes to dedicated module #324

New issue
New issue
Closed
#378
Closed
[Issue]: Move DependencyViolation and ComplianceReport classes to dedicated module#324
#378
Labels
good first issueGood for newcomersneeds-triageRequires triage and prioritization
@WilliamBerryiii

Description

@WilliamBerryiii
WilliamBerryiii
opened on Jan 27, 2026

Issue Description

Test-DependencyPinning.ps1 defines DependencyViolation and ComplianceReport classes inline within the script (~80 lines). Moving these to a dedicated module would improve reusability, enable unit testing of the classes, and follow the pattern established by FrontmatterValidation.psm1.

Additional Context

Current classes in Test-DependencyPinning.ps1:

  • DependencyViolation - represents a single pinning violation with file, line, type info
  • ComplianceReport - aggregates violations and generates reports in multiple formats

Recommended approach:

  1. Create scripts/security/Modules/SecurityClasses.psm1 (mirroring the linting/Modules/ pattern)
  2. Move both class definitions to the new module
  3. Update Test-DependencyPinning.ps1 to use using module import

Testing:

  • Create unit tests for class methods (e.g., ComplianceReport.ToSarif(), ToMarkdown())
  • Run npm run lint:pinning to verify no regression
  • Run existing Pester tests

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomersneeds-triageRequires triage and prioritization

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions