Skip to content
/ github-repo-security-alerts Public

Prints a list of summarised Dependabot security alerts that are open, grouped by repository name.

License

AGPL-3.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

elifesciences/github-repo-security-alerts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENCE.txt

LICENCE.txt

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

maintainers.txt

maintainers.txt

 
 

manage.sh

manage.sh

 
 

Repository files navigation

Github Repository Security Alerts

Prints a list of summarised Dependabot security alerts that are open, grouped by repository name.

Accepts a map of project-name => list-of-maintainers as a JSON file to further group by maintainer. See maintainers-txt

Dependencies

Installation

git clone https://github.com/elifesciences/github-repo-security-alerts
cd github-repo-security-alerts
go build .

Usage

GITHUB_TOKEN=your-github-token ./github-repo-security-alerts

or

GITHUB_TOKEN=your-github-token ./github-repo-security-alerts project-maintainers.json

with project-maintainers.json looking like:

{
  "project-foo": [
    "jane"
  ],
  "project-baz": [
    "jack",
    "john"
  ],
}

Example

{
  "project-foo": [
    {
      "AgeDays": 6,
      "Summary": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header",
      "URL": "https://github.com/elifesciences/project-foo/security/dependabot/28",
      "CVE_ID": "CVE-2023-30861",
      "GHSA_ID": "GHSA-m2qf-hxjv-5gpq"
    },
  ],
  "project-bar": [
    {
      "AgeDays": 19,
      "Summary": "Improper header name validation in guzzlehttp/psr7",
      "URL": "https://github.com/elifesciences/project-bar/security/dependabot/4",
      "CVE_ID": "CVE-2023-29197",
      "GHSA_ID": "GHSA-wxmh-65f7-jcvw"
    }
  ],
  "project-baz": [
    {
      "AgeDays": 37,
      "Summary": "Potential XSS vulnerability in jQuery",
      "URL": "https://github.com/elifesciences/project-baz/security/dependabot/1",
      "CVE_ID": "CVE-2020-11022",
      "GHSA_ID": "GHSA-gxr4-xjj5-5px2"
    }
  ]
}

and with a project-maintainers.json file:

{
  "jack": {
    "project-baz": [
      {
        "AgeDays": 59,
        "Summary": "Potential XSS vulnerability in jQuery",
        "URL": "https://github.com/elifesciences/project-baz/security/dependabot/1",
        "CVE_ID": "CVE-2020-11022",
        "GHSA_ID": "GHSA-gxr4-xjj5-5px2"
      }
    ]
  },
  "john": {
    "project-baz": [
      {
        "AgeDays": 59,
        "Summary": "Potential XSS vulnerability in jQuery",
        "URL": "https://github.com/elifesciences/project-baz/security/dependabot/1",
        "CVE_ID": "CVE-2020-11022",
        "GHSA_ID": "GHSA-gxr4-xjj5-5px2"
      }
    ]
  },
  "jane": {
    "project-foo": [
      {
        "AgeDays": 18,
        "Summary": "Apache Airflow vulnerable to Privilege Context Switching Error",
        "URL": "https://github.com/elifesciences/project-foo/security/dependabot/13",
        "CVE_ID": "CVE-2023-25754",
        "GHSA_ID": "GHSA-jchm-fm4q-c2fp"
      },
      {
        "AgeDays": 21,
        "Summary": "Apache Airflow vulnerable to stored Cross-site Scripting",
        "URL": "https://github.com/elifesciences/project-foo/security/dependabot/12",
        "CVE_ID": "CVE-2023-29247",
        "GHSA_ID": "GHSA-vcf6-3wv2-5vcr"
      }
    ]
}

Licence

Copyright © 2024 eLife Sciences

Distributed under the GNU Affero General Public Licence, version 3.

About

Prints a list of summarised Dependabot security alerts that are open, grouped by repository name.

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases 8

1.0.0 Latest
Mar 15, 2024
+ 7 releases

Packages

No packages published

Languages