BeS-dev-kit is a cli tool for generating metadata and assessment report for BeSLighthouse.
- Python 3.10
- pip
- Github personal access token
$ python3 -m pip install besecure-developer-toolkit
If you are running the command for the first time, you will be prompted to provide the complete path to your besecure-osspoi-datastore and besecure-assessment-datastore and your personal access token
Command helps to generate metadata such as OSSP-master file data and version details file.
$ bes-dev-kit generate-metadata
For more options use --help at end.
Note: For the first time use this command will ask for three extra inputs - ASSETS_DIR: path of besecure-osspoi-datastore in local system, ASSESSMENT_DIR: path of besecure-assessment-datastore, GITHUB_AUTH_TOKEN
$ bes-dev-kit generate-report - generate all reports (scorecard, sciticality_score, codeql, sbom)
$ bes-dev-kit generate-report < report name > ... < report name > - generate specific report
<report name> - scorecard, codeql, criticality_score
For more options use --help at end.
Note: If an older version of criticality_score is already installed in the system (< v2.0.0), Please uninstall it using pip uninstall criticality-score.
Command helps to download risk-summary of Be-Secure listed open source projects in PDF format.
$ bes-dev-kit risk-summary
For more options use --help at end.
$ bes-dev-kit validate-version-file
Command helps to check version details file naming convention.
For more details use --help at end.
Command helps to check report files naming convention / if report file available.
$ bes-dev-kit validate-report-file <report name> ... <report name>
Note: Provide listed parameters only. scorecard, codeql, criticality_score, sonarqube, sbom, fossology
Use bellow command to check all reports at a time.
$ bes-dev-kit validate-report-file
For more details use --help at end.
