Ingest GitHub data #228
Comments
tayasteere
added
enhancement
WIP
|
It seems like this could enable more than just understanding user access to code. For example, suppose GitHub detects a vulnerable dependency in a manifest file for some app. GitHub can tell you when that vulnerability has been patched in your source control, but won't tell you whether that fix has been deployed everywhere. Maybe that's scope creep for this issue? Anyway, I've always thought it'd be cool to connect vulnerable dependency data with a tool that understands where that code is deployed. |
* Added parsing for extension permissions to crxcavator ingest * Updated documentation for crxcavator ingest * removed debugging statement * Updated docs to address comments Fixed missing fields * Fixed cypher error * Changed index and import to reference ChromeExtensionPermissions id * Remove potentially bad import data * removed unnecessary json.dumps call * Added back dumps to get information on unknown field for logging, not ingesting though * Added tagging for all logging calls * clarified code comment * lint fix * crxcavator crash fix before merge from master * Initial github commit * Initial github commit * Moved Github setup to config object Added documentation for configuration of Github ingest to README.md * address comment on using templating * Changed repo owner relationship to entity-owner->repo Added default for unconfigured Github handling
|
@nealharris This is exactly the way that we use this data internally :). In the past we wrote these functions without thinking about OSS but now we're writing as much as we can in open-source-land first. Definitely welcome help here too if there's a particular app you have in mind! |
achantavy
removed
WIP
Title: Ingest GitHub repo data
Description:
Ingest GitHub repo info to enable exploration of user access to code. This is currently a Lyft internal module.
The text was updated successfully, but these errors were encountered: