Skip to content
Github vulnerability notifier for Slack
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
notifier
vellere
.gitignore
LICENSE
Procfile
README.md
manage.py
notes.txt
requirements.in
requirements.txt
vellere.py

README.md

Vellere

Vellere approximately (in my rather bad Latin), means "they demolish". Specifically, it tells you about a particular category of demolition: Github vulnerability notifications. They are already visible via the Github Web UI, but only to admins, and only to those who both digging through the notifications. Vellere provides a slightly more usable interface, as well as the option for notifying users in Slack, thus encouraging people to maybe actually fix things....

Online version is at https://vellere.tevp.net/

Local install

  1. Install Python
  2. Create a Github OAuth app and export the client id/secret as environment variables called GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET
  3. Create a Slack App and export the client id/secret as environment variables called SLACK_CLIENT_ID and SLACK_CLIENT_SECRET
  4. pip install -r requirements.txt
  5. Optional: Setup a database (e.g. Postgres) and export the URL to the database as DATABASE_URL using the dj-database-url URL schema. If you don't do this, we'll use sqlite by default, which works fine for local dev.
  6. python manage.py migrate
  7. python manage.py runserver

Wharf install

  1. Create a new app called Vellere.
  2. Set GITHUB_URL to https://github.com/palfrey/vellere.git
  3. Create a Postgres database
  4. Set the Slack/Github environment variables as per local install
  5. Deploy the app
  6. Configure a usable hostname and enable Let's Encrypt (as OAuth gets unhappy without HTTPS)
You can’t perform that action at this time.