Github Repository Security Alerts

Prints a list of summarised Dependabot security alerts that are open, grouped by repository name.

Accepts a map of project-name => list-of-maintainers as a JSON file to further group by maintainer. See maintainers-txt

Dependencies

Go 1.20+
A Github token with the repo scope or security_events scope.
- See: https://docs.github.com/en/rest/dependabot/alerts#list-dependabot-alerts-for-an-organization

Installation

git clone https://github.com/elifesciences/github-repo-security-alerts
cd github-repo-security-alerts
go build .

Usage

GITHUB_TOKEN=your-github-token ./github-repo-security-alerts

or

GITHUB_TOKEN=your-github-token ./github-repo-security-alerts project-maintainers.json

with project-maintainers.json looking like:

{
  "project-foo": [
    "jane"
  ],
  "project-baz": [
    "jack",
    "john"
  ],
}

Example

{
  "project-foo": [
    {
      "AgeDays": 6,
      "Summary": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header",
      "URL": "https://github.com/elifesciences/project-foo/security/dependabot/28",
      "CVE_ID": "CVE-2023-30861",
      "GHSA_ID": "GHSA-m2qf-hxjv-5gpq"
    },
  ],
  "project-bar": [
    {
      "AgeDays": 19,
      "Summary": "Improper header name validation in guzzlehttp/psr7",
      "URL": "https://github.com/elifesciences/project-bar/security/dependabot/4",
      "CVE_ID": "CVE-2023-29197",
      "GHSA_ID": "GHSA-wxmh-65f7-jcvw"
    }
  ],
  "project-baz": [
    {
      "AgeDays": 37,
      "Summary": "Potential XSS vulnerability in jQuery",
      "URL": "https://github.com/elifesciences/project-baz/security/dependabot/1",
      "CVE_ID": "CVE-2020-11022",
      "GHSA_ID": "GHSA-gxr4-xjj5-5px2"
    }
  ]
}

and with a project-maintainers.json file:

{
  "jack": {
    "project-baz": [
      {
        "AgeDays": 59,
        "Summary": "Potential XSS vulnerability in jQuery",
        "URL": "https://github.com/elifesciences/project-baz/security/dependabot/1",
        "CVE_ID": "CVE-2020-11022",
        "GHSA_ID": "GHSA-gxr4-xjj5-5px2"
      }
    ]
  },
  "john": {
    "project-baz": [
      {
        "AgeDays": 59,
        "Summary": "Potential XSS vulnerability in jQuery",
        "URL": "https://github.com/elifesciences/project-baz/security/dependabot/1",
        "CVE_ID": "CVE-2020-11022",
        "GHSA_ID": "GHSA-gxr4-xjj5-5px2"
      }
    ]
  },
  "jane": {
    "project-foo": [
      {
        "AgeDays": 18,
        "Summary": "Apache Airflow vulnerable to Privilege Context Switching Error",
        "URL": "https://github.com/elifesciences/project-foo/security/dependabot/13",
        "CVE_ID": "CVE-2023-25754",
        "GHSA_ID": "GHSA-jchm-fm4q-c2fp"
      },
      {
        "AgeDays": 21,
        "Summary": "Apache Airflow vulnerable to stored Cross-site Scripting",
        "URL": "https://github.com/elifesciences/project-foo/security/dependabot/12",
        "CVE_ID": "CVE-2023-29247",
        "GHSA_ID": "GHSA-vcf6-3wv2-5vcr"
      }
    ]
}

Licence

Distributed under the GNU Affero General Public Licence, version 3.

Name		Name	Last commit message	Last commit date
Latest commit History 28 Commits
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
LICENCE.txt		LICENCE.txt
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go
maintainers.txt		maintainers.txt
manage.sh		manage.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Github Repository Security Alerts

Dependencies

Installation

Usage

Example

Licence

About

Releases 8

Packages

Languages

License

elifesciences/github-repo-security-alerts

Folders and files

Latest commit

History

Repository files navigation

Github Repository Security Alerts

Dependencies

Installation

Usage

Example

Licence

About

Resources

License

Stars

Watchers

Forks

Releases 8

Packages 0

Languages

Packages