Feature: make auditors being able to use configurable values #155
Description
It would be a nice feature, if auditors could make use of some configurable values, depending on the auditor of course.
So, e.g. the version auditor could make use of a configurable fixed version or a version range, maybe in semantic versioning notation (or another version range notation), instead of always checking against the latest release. Sometimes companies have a reason not to update immediately to the latest version (although it is recommended, I know, and I always tell this to my customers, but... you know!)
Another use case could be the access_token lifetime auditor (#21) - as much as I vote for having short lived token lifetimes, there might(!) be reasons to have a higher expiration time. If one could configure this through the config.yml file, would be nice.
Depending on the auditor, the config option might vary, but in general it could look like this:
- auditor: AccessTokenLifespanTooLong
allowed: []
config:
maxLifespanInSeconds: 300
severity: Critical
- auditor: KeycloakVersionShouldBeUpToDate
allowed: []
config:
version: ^26.3.0
severity: Medium