Skip to content

Latest commit

 

History

History
23 lines (15 loc) · 2.24 KB

README.md

File metadata and controls

23 lines (15 loc) · 2.24 KB

GHAS Utils

Utils

Here's a table with all the demo/utilities and what they do:

NOTE: There are not meant to be production grade scripts. They are meant to be education and to help you understand some areas where you would want to use the GitHub API.

Demo name Demo description
ghas-org-scan This is a sort of compliance report that builds a table of settings and security alert volumes for all repositories in an organization. This is a great way to quickly spot out-of-compliance repositories where GitHub reporting may fall short.
ghas-settings This is a simple demo to show you want GHAS settings you can read and write for an organization. GitHub does support https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository now, but this is good if you want to keep things programatically synchronized or have tons or orgs.
pull_all_org_security_alerts This pulls all the dependabot, secret, and code scanning alerts into 3 CSV files for an organization.
pull_all_repo_security_alerts This just pulls security alerts and advisories for a repo. There's some extra documentation in there about the alert schemas and how to think about your security alert observability program.
sbom-visualizer This is just a quick hack to see how to parse the SBOM export from GitHub. It's nothing special here.
secret-alert-pull Pulls all secrets for an org.
update-security-alerts This demo show how to update security alerts. This can be useful when needing to bulk modify hundreds or thousands of security alerts.

GitHub Personal Access Token

All these example require the use of a personal access token. See Setting a Personal Access Token for your Organization.