Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(report): GitHub security alerts integration #775

Merged
merged 10 commits into from
Feb 20, 2019
Merged

feat(report): GitHub security alerts integration #775

merged 10 commits into from
Feb 20, 2019

Conversation

kotakanbe
Copy link
Member

@kotakanbe kotakanbe commented Feb 4, 2019
edited
Loading

What did you implement:

GitHub tracks reported vulnerabilities in certain dependencies and provides security alerts to affected repositories. GitHub Security Alerts.
It becomes possible to import vulnerabilities detected by GitHub via GitHub 's API.

  [servers.serverA]
    user = "root"
    host = "10.0.0.1"
    port = "22"
    keyPath = "/Users/kanbe/.ssh/id_rsa"
    scanMode = ["fast-root"]

    [servers.serverA.githubs."vulsdoc/vuls"]
    token   = "xxxxYourTokenxxx"

To ignore vulnerabilities dismissed on GitHub, Added -ignore-github-dismissed option to report subcommand.

$ ./vuls report -h                                                                                                 
report:
        report
               ...
                [-ignore-github-dismissed]
               ...

  -ignore-github-dismissed
        Don't report the dismissed CVEs on GitHub Security Alerts
  ...

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce.

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

@kotakanbe kotakanbe changed the title [WIP]feat(report): integrate to GitHub security alerts [WIP]feat(report): integrate GitHub security alerts Feb 4, 2019
@kotakanbe kotakanbe changed the title [WIP]feat(report): integrate GitHub security alerts [WIP]feat(report): GitHub security alerts integration Feb 4, 2019
kotakanbe
kotakanbe commented Feb 4, 2019
View reviewed changes
config/config.go Outdated Show resolved Hide resolved
config/config.go Show resolved Hide resolved
config/tomlloader.go Outdated Show resolved Hide resolved
github/github.go Outdated Show resolved Hide resolved
kotakanbe
kotakanbe commented Feb 5, 2019
View reviewed changes
github/github.go Outdated Show resolved Hide resolved
knqyf263
knqyf263 reviewed Feb 8, 2019
View reviewed changes
github/github.go Outdated Show resolved Hide resolved
report/report.go Show resolved Hide resolved
@kotakanbe kotakanbe changed the title [WIP]feat(report): GitHub security alerts integration feat(report): GitHub security alerts integration Feb 20, 2019
@kotakanbe kotakanbe merged commit 56d7d43 into master Feb 20, 2019
@kotakanbe kotakanbe deleted the github-security-alert branch June 13, 2019 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 left review comments

@sadayuki-matsuno sadayuki-matsuno Awaiting requested review from sadayuki-matsuno

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kotakanbe @knqyf263