forked from github/platform-samples
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
271a72a
commit 165b28e
Showing
4 changed files
with
89 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
/* | ||
* This pulls a list of all detected HIGH and CRITICAL vulnerabilities from | ||
* repositories pushed to in the past 90 days. It also returns who owns it and | ||
* further details on the exact vulnerability. | ||
* | ||
* If you comment line 34, it will both root and fork repositories. As is, | ||
* it will only report root repos. | ||
*/ | ||
SELECT | ||
r.name AS repo_name, | ||
u.login AS repo_owner, | ||
u.type AS owner_type, | ||
pushed_at AS last_update, | ||
platform, | ||
severity, | ||
cve_id, | ||
ghsa_id, | ||
white_source_id, | ||
external_reference | ||
FROM | ||
github_enterprise.repository_vulnerability_alerts z | ||
JOIN github_enterprise.vulnerabilities v ON | ||
z.vulnerability_id = v.id | ||
JOIN github_enterprise.repositories r ON | ||
z.repository_id = r.id | ||
JOIN github_enterprise.users u ON | ||
r.owner_id = u.id | ||
WHERE | ||
(v.severity = "critical" | ||
OR v.severity = "high") | ||
AND DATEDIFF(NOW(), r.pushed_at) < 91 | ||
AND r.parent_id IS NULL | ||
ORDER BY | ||
last_update DESC; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
/* | ||
* This pulls a count of repos affected by each _critical_ vulnerability. | ||
*/ | ||
SELECT | ||
v.id, | ||
v.cve_id, | ||
v.ghsa_id, | ||
v.white_source_id, | ||
v.published_at as published, | ||
v.external_reference, | ||
v.platform as ecosystem, | ||
COUNT(z.vulnerability_id) as repo_count | ||
FROM | ||
github_enterprise.repository_vulnerability_alerts z | ||
JOIN github_enterprise.vulnerabilities v ON | ||
z.vulnerability_id = v.id | ||
WHERE | ||
v.severity = 'critical' | ||
GROUP BY | ||
v.id | ||
ORDER BY | ||
COUNT(z.vulnerability_id) DESC; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
/* | ||
* This pulls a list of all detected vulnerabilities, what it is, who owns the | ||
* associated repo, and when the repo was last updated. This can be a very | ||
* large report! | ||
*/ | ||
SELECT | ||
r.name as repo_name, | ||
u.login as repo_owner, | ||
u.type as owner_type, | ||
pushed_at as last_update, | ||
platform, | ||
severity, | ||
cve_id, | ||
ghsa_id, | ||
white_source_id, | ||
external_reference | ||
FROM | ||
github_enterprise.repository_vulnerability_alerts z | ||
JOIN github_enterprise.vulnerabilities v ON | ||
z.vulnerability_id = v.id | ||
JOIN github_enterprise.repositories r ON | ||
z.repository_id = r.id | ||
JOIN github_enterprise.users u ON | ||
r.owner_id = u.id | ||
ORDER BY | ||
last_update DESC; |