dbotquery 0.9 → 1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.idea/dbotquery.iml +6 -0
- data/CONTRIBUTING.md +95 -0
- data/README.md +176 -13
- data/lib/d_bot_query/models/alert.rb +2 -0
- data/lib/d_bot_query/models/alert_collection.rb +2 -0
- data/lib/d_bot_query/models/base.rb +1 -1
- data/lib/d_bot_query/models/cvss_severity.rb +12 -0
- data/lib/d_bot_query/models/cwe.rb +3 -0
- data/lib/d_bot_query/models/dependency.rb +1 -0
- data/lib/d_bot_query/models/security_advisory.rb +3 -0
- data/lib/d_bot_query/octokit.rb +16 -0
- data/lib/d_bot_query/version.rb +1 -1
- data/lib/dbotquery.rb +3 -0
- metadata +18 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 25ebc924a49d65ea76209ac3566a9b7fb43ca639f48cdbd6adfe0d501aaf4eb7
|
|
4
|
+
data.tar.gz: 291f70d4147726f2a8986ca269ac75c1394ed5efa887fedc1582944dd6ef81a7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c91abe252617ab8a6826ac99739f4c10a2ec682bece5638f21e8bd3b2d139ca937278bbbf9c994be4a49e90750a88535bf3d772cded17d3411281de57c94d380
|
|
7
|
+
data.tar.gz: f823fd53e4782df096e81b02cbe1c23a16e7496b07355e4694a54569d09ef338551c3e589d789ded1ebb2463ea4155e6a6c4572c5f1338e82a0e85bb610138e2
|
data/.idea/dbotquery.iml
CHANGED
|
@@ -58,6 +58,7 @@
|
|
|
58
58
|
<orderEntry type="library" scope="PROVIDED" name="csv (v3.3.5, rbenv: 4.0.5) [gem]" level="application" />
|
|
59
59
|
<orderEntry type="library" scope="PROVIDED" name="diff-lcs (v1.6.2, rbenv: 4.0.5) [gem]" level="application" />
|
|
60
60
|
<orderEntry type="library" scope="PROVIDED" name="docile (v1.4.1, rbenv: 4.0.5) [gem]" level="application" />
|
|
61
|
+
<orderEntry type="library" scope="TEST" name="dotenv (v3.2.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
61
62
|
<orderEntry type="library" scope="PROVIDED" name="drb (v2.2.3, rbenv: 4.0.5) [gem]" level="application" />
|
|
62
63
|
<orderEntry type="library" scope="PROVIDED" name="dry-configurable (v1.4.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
63
64
|
<orderEntry type="library" scope="PROVIDED" name="dry-core (v1.2.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
@@ -66,6 +67,8 @@
|
|
|
66
67
|
<orderEntry type="library" scope="PROVIDED" name="dry-logic (v1.6.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
67
68
|
<orderEntry type="library" scope="PROVIDED" name="dry-schema (v1.16.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
68
69
|
<orderEntry type="library" scope="PROVIDED" name="dry-types (v1.9.1, rbenv: 4.0.5) [gem]" level="application" />
|
|
70
|
+
<orderEntry type="library" scope="PROVIDED" name="faraday (v2.14.3, rbenv: 4.0.5) [gem]" level="application" />
|
|
71
|
+
<orderEntry type="library" scope="PROVIDED" name="faraday-net_http (v3.4.4, rbenv: 4.0.5) [gem]" level="application" />
|
|
69
72
|
<orderEntry type="library" scope="PROVIDED" name="ffi (v1.17.4, rbenv: 4.0.5) [gem]" level="application" />
|
|
70
73
|
<orderEntry type="library" scope="PROVIDED" name="fileutils (v1.8.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
71
74
|
<orderEntry type="library" scope="PROVIDED" name="gemika (v2.0.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
@@ -79,6 +82,8 @@
|
|
|
79
82
|
<orderEntry type="library" scope="PROVIDED" name="logger (v1.7.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
80
83
|
<orderEntry type="library" scope="PROVIDED" name="method_source (v1.1.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
81
84
|
<orderEntry type="library" scope="PROVIDED" name="minitest (v6.0.6, rbenv: 4.0.5) [gem]" level="application" />
|
|
85
|
+
<orderEntry type="library" scope="PROVIDED" name="net-http (v0.9.1, rbenv: 4.0.5) [gem]" level="application" />
|
|
86
|
+
<orderEntry type="library" scope="PROVIDED" name="octokit (v10.0.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
82
87
|
<orderEntry type="library" scope="PROVIDED" name="parallel (v2.1.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
83
88
|
<orderEntry type="library" scope="PROVIDED" name="parser (v3.3.11.1, rbenv: 4.0.5) [gem]" level="application" />
|
|
84
89
|
<orderEntry type="library" scope="PROVIDED" name="prism (v1.9.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
@@ -107,6 +112,7 @@
|
|
|
107
112
|
<orderEntry type="library" scope="PROVIDED" name="rubocop-rspec (v3.10.2, rbenv: 4.0.5) [gem]" level="application" />
|
|
108
113
|
<orderEntry type="library" scope="PROVIDED" name="rubocop-yard (v1.3.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
109
114
|
<orderEntry type="library" scope="PROVIDED" name="ruby-progressbar (v1.13.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
115
|
+
<orderEntry type="library" scope="PROVIDED" name="sawyer (v0.9.3, rbenv: 4.0.5) [gem]" level="application" />
|
|
110
116
|
<orderEntry type="library" scope="PROVIDED" name="securerandom (v0.4.1, rbenv: 4.0.5) [gem]" level="application" />
|
|
111
117
|
<orderEntry type="library" scope="TEST" name="simplecov (v0.22.0, rbenv: 4.0.5) [gem]" level="application" />
|
|
112
118
|
<orderEntry type="library" scope="PROVIDED" name="simplecov-html (v0.13.2, rbenv: 4.0.5) [gem]" level="application" />
|
data/CONTRIBUTING.md
ADDED
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
# Contributing to DBotQuery
|
|
2
|
+
|
|
3
|
+
Thanks for your interest in improving DBotQuery! Bug reports, feature requests,
|
|
4
|
+
and pull requests are all welcome.
|
|
5
|
+
|
|
6
|
+
By participating in this project you agree to abide by our
|
|
7
|
+
[Code of Conduct](CODE_OF_CONDUCT.md).
|
|
8
|
+
|
|
9
|
+
## Getting started
|
|
10
|
+
|
|
11
|
+
1. Fork the repository and clone your fork.
|
|
12
|
+
2. Install dependencies:
|
|
13
|
+
```bash
|
|
14
|
+
bin/setup
|
|
15
|
+
```
|
|
16
|
+
3. Make sure the test suite passes before you change anything:
|
|
17
|
+
```bash
|
|
18
|
+
bundle exec rake spec
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
Requires Ruby `>= 3.3` and Bundler.
|
|
22
|
+
|
|
23
|
+
## Reporting bugs and requesting features
|
|
24
|
+
|
|
25
|
+
Open an issue at <https://github.com/rickmark/dbotquery/issues>. For bug reports,
|
|
26
|
+
please include:
|
|
27
|
+
|
|
28
|
+
- What you expected to happen and what actually happened.
|
|
29
|
+
- The exact command you ran (with any relevant flags).
|
|
30
|
+
- A minimal, **sanitized** snippet of the Dependabot export that reproduces the
|
|
31
|
+
problem. Never paste real tokens, secrets, or private vulnerability data into
|
|
32
|
+
an issue.
|
|
33
|
+
- Your Ruby version (`ruby -v`) and OS.
|
|
34
|
+
|
|
35
|
+
## Development workflow
|
|
36
|
+
|
|
37
|
+
1. Create a topic branch off `main`:
|
|
38
|
+
```bash
|
|
39
|
+
git checkout -b my-feature
|
|
40
|
+
```
|
|
41
|
+
2. Make your change, adding or updating tests and documentation as needed.
|
|
42
|
+
3. Run the full check suite locally (see below).
|
|
43
|
+
4. Commit with a clear message, push to your fork, and open a pull request
|
|
44
|
+
against `main`.
|
|
45
|
+
|
|
46
|
+
Keep pull requests focused — one logical change per PR makes review easier.
|
|
47
|
+
|
|
48
|
+
## Quality checks
|
|
49
|
+
|
|
50
|
+
All of the following should pass before you open a pull request. CI runs them
|
|
51
|
+
too.
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
bundle exec rake spec # RSpec test suite
|
|
55
|
+
bundle exec rubocop # style / lint
|
|
56
|
+
bundle exec steep check # RBS / Steep type checking
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
Guidelines:
|
|
60
|
+
|
|
61
|
+
- **Tests.** New behavior needs test coverage; bug fixes should include a test
|
|
62
|
+
that fails before the fix and passes after. Fixtures live under `spec/fixtures`.
|
|
63
|
+
- **Types.** This project uses inline RBS (`# rbs_inline: enabled`) with signatures
|
|
64
|
+
in `sig/`. When you change a public method, update the corresponding `.rbs`
|
|
65
|
+
signature so `steep check` stays green.
|
|
66
|
+
- **Style.** Follow the existing code style; RuboCop is the source of truth. Match
|
|
67
|
+
the surrounding code's naming, structure, and comment density.
|
|
68
|
+
- **Documentation.** Update `README.md` and command doc comments when you add or
|
|
69
|
+
change a command or option.
|
|
70
|
+
|
|
71
|
+
## Architecture at a glance
|
|
72
|
+
|
|
73
|
+
- `lib/d_bot_query/cli.rb` — Thor-based command-line interface (argument parsing).
|
|
74
|
+
- `lib/d_bot_query/commands/` — one class per subcommand. Each command is thin and
|
|
75
|
+
delegates to the models, which keeps the CLI and the logic independently
|
|
76
|
+
testable.
|
|
77
|
+
- `lib/d_bot_query/models/` — data models wrapping the Dependabot export
|
|
78
|
+
(alerts, advisories, packages, repositories, CVSS/CWE, etc.).
|
|
79
|
+
- `lib/d_bot_query/octokit.rb` — optional Octokit extensions for fetching alerts
|
|
80
|
+
live from the GitHub API.
|
|
81
|
+
|
|
82
|
+
When adding a new report, add a command class under `commands/`, wire it into
|
|
83
|
+
`cli.rb`, and put the actual computation on the appropriate model so it can be
|
|
84
|
+
unit-tested without the CLI.
|
|
85
|
+
|
|
86
|
+
## Security
|
|
87
|
+
|
|
88
|
+
Do not commit secrets. `GITHUB_TOKEN` and any `.env` file are git-ignored — keep
|
|
89
|
+
it that way. If you discover a security issue, please avoid filing a public issue
|
|
90
|
+
with sensitive details; contact the maintainer directly instead.
|
|
91
|
+
|
|
92
|
+
## License
|
|
93
|
+
|
|
94
|
+
By contributing, you agree that your contributions will be licensed under the
|
|
95
|
+
[MIT License](LICENSE.txt) that covers the project.
|
data/README.md
CHANGED
|
@@ -1,34 +1,197 @@
|
|
|
1
1
|
# DBotQuery
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Command-line reports for [GitHub Dependabot](https://docs.github.com/en/code-security/dependabot) exports.
|
|
4
|
+
|
|
5
|
+
DBotQuery reads a JSON export of Dependabot alerts and produces machine-readable
|
|
6
|
+
(JSON) reports — vulnerability summaries, SLA compliance statistics, and package
|
|
7
|
+
usage searches. It is designed so that people who don't have direct access to
|
|
8
|
+
GitHub (or who want the data in another system) can still see and process an
|
|
9
|
+
organization's vulnerability posture.
|
|
10
|
+
|
|
11
|
+
The tool does not need to talk to GitHub to produce reports: it takes an exported
|
|
12
|
+
Dependabot JSON file as input, along with some options, and writes a JSON document
|
|
13
|
+
to standard output. (Optional live fetching via the GitHub API is also supported —
|
|
14
|
+
see [Fetching data from GitHub](#fetching-data-from-github).)
|
|
15
|
+
|
|
16
|
+
## Requirements
|
|
17
|
+
|
|
18
|
+
- Ruby `>= 3.3`
|
|
19
|
+
- [Bundler](https://bundler.io/)
|
|
4
20
|
|
|
5
21
|
## Installation
|
|
6
22
|
|
|
7
|
-
|
|
23
|
+
Clone the repository and install dependencies:
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
git clone https://github.com/rickmark/dbotquery.git
|
|
27
|
+
cd dbotquery
|
|
28
|
+
bin/setup
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
To install the executable onto your machine as a gem:
|
|
8
32
|
|
|
9
33
|
```bash
|
|
10
|
-
bundle install
|
|
11
|
-
rake install
|
|
34
|
+
bundle exec rake install
|
|
12
35
|
```
|
|
13
36
|
|
|
37
|
+
You can then run `dbotquery` directly. Otherwise, prefix commands with
|
|
38
|
+
`bundle exec` as shown below.
|
|
39
|
+
|
|
14
40
|
## Usage
|
|
15
41
|
|
|
16
|
-
`
|
|
42
|
+
Every command takes a Dependabot JSON export via `-f`/`--file` and prints a JSON
|
|
43
|
+
report to standard output.
|
|
44
|
+
|
|
45
|
+
```bash
|
|
46
|
+
bundle exec dbotquery <command> -f dependabot.json [options]
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
Run `bundle exec dbotquery help` to list commands, or
|
|
50
|
+
`bundle exec dbotquery help <command>` for details on a specific one.
|
|
51
|
+
|
|
52
|
+
### `summary` — count vulnerabilities
|
|
53
|
+
|
|
54
|
+
Counts findings in the export, optionally filtered by state and/or severity.
|
|
55
|
+
|
|
56
|
+
```bash
|
|
57
|
+
# All findings
|
|
58
|
+
bundle exec dbotquery summary -f dependabot.json
|
|
59
|
+
|
|
60
|
+
# Only dismissed findings
|
|
61
|
+
bundle exec dbotquery summary -f dependabot.json --state dismissed
|
|
62
|
+
|
|
63
|
+
# Only open, critical findings
|
|
64
|
+
bundle exec dbotquery summary -f dependabot.json --state open --severity critical
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
| Flag | Required | Description | Values |
|
|
68
|
+
| :--- | :--- | :--- | :--- |
|
|
69
|
+
| `-f`, `--file` | yes | Path to the Dependabot JSON export | `dependabot.json` |
|
|
70
|
+
| `--state` | no | Only count findings in this state | `open`, `fixed`, `dismissed` |
|
|
71
|
+
| `--severity` | no | Only count findings of this severity | `critical`, `high`, `medium`, `low` |
|
|
72
|
+
|
|
73
|
+
Output:
|
|
74
|
+
|
|
75
|
+
```json
|
|
76
|
+
{ "count": 42 }
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
### `sla_stats` — SLA breaches by severity
|
|
80
|
+
|
|
81
|
+
Counts vulnerabilities that have been open longer than the allowed SLA, broken
|
|
82
|
+
out by severity. The SLA (in days) is:
|
|
83
|
+
|
|
84
|
+
| Severity | Days |
|
|
85
|
+
| :--- | :--- |
|
|
86
|
+
| Low | 60 |
|
|
87
|
+
| Medium | 30 |
|
|
88
|
+
| High | 15 |
|
|
89
|
+
| Critical | 5 |
|
|
90
|
+
|
|
91
|
+
```bash
|
|
92
|
+
# Using the current time to calculate age
|
|
93
|
+
bundle exec dbotquery sla_stats -f dependabot.json
|
|
94
|
+
|
|
95
|
+
# Using a fixed point in time (ISO 8601)
|
|
96
|
+
bundle exec dbotquery sla_stats -f dependabot.json -t 2023-01-01T00:00:00Z
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
| Flag | Required | Description | Example |
|
|
100
|
+
| :--- | :--- | :--- | :--- |
|
|
101
|
+
| `-f`, `--file` | yes | Path to the Dependabot JSON export | `dependabot.json` |
|
|
102
|
+
| `-t`, `--time` | no | Point in time used to calculate age (ISO 8601) | `2023-01-01T00:00:00Z` |
|
|
103
|
+
|
|
104
|
+
Output:
|
|
105
|
+
|
|
106
|
+
```json
|
|
107
|
+
{ "low": 1, "medium": 2, "high": 0, "critical": 3, "total": 6 }
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
### `repo_sla_stats` — SLA breaches by repository
|
|
111
|
+
|
|
112
|
+
The same report as `sla_stats`, but broken out per repository so teams can see
|
|
113
|
+
the findings specific to their code.
|
|
114
|
+
|
|
115
|
+
```bash
|
|
116
|
+
bundle exec dbotquery repo_sla_stats -f dependabot.json
|
|
117
|
+
bundle exec dbotquery repo_sla_stats -f dependabot.json -t 2023-01-01T00:00:00Z
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
Flags are identical to `sla_stats`. Output:
|
|
121
|
+
|
|
122
|
+
```json
|
|
123
|
+
{
|
|
124
|
+
"org/repo": { "low": 1, "medium": 0, "high": 2, "critical": 1, "total": 4 },
|
|
125
|
+
"org/repo2": { "low": 0, "medium": 1, "high": 0, "critical": 0, "total": 1 }
|
|
126
|
+
}
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
### `package_search` — where is a package used?
|
|
130
|
+
|
|
131
|
+
Answers "do we use library X?" by listing every repository where the given
|
|
132
|
+
package appears.
|
|
133
|
+
|
|
134
|
+
```bash
|
|
135
|
+
bundle exec dbotquery package_search -f dependabot.json --package sinatra
|
|
136
|
+
bundle exec dbotquery package_search -f dependabot.json --package node-forge
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
| Flag | Required | Description | Example |
|
|
140
|
+
| :--- | :--- | :--- | :--- |
|
|
141
|
+
| `-f`, `--file` | yes | Path to the Dependabot JSON export | `dependabot.json` |
|
|
142
|
+
| `--package` | yes | The package name to search for | `sinatra`, `puma`, `node-forge` |
|
|
143
|
+
|
|
144
|
+
Output:
|
|
145
|
+
|
|
146
|
+
```json
|
|
147
|
+
["org/repo", "org/repo2"]
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
## Fetching data from GitHub
|
|
151
|
+
|
|
152
|
+
DBotQuery ships with [Octokit](https://github.com/octokit/octokit.rb) extensions
|
|
153
|
+
for pulling Dependabot alerts directly from the GitHub API, which can be used from
|
|
154
|
+
the console or in your own scripts:
|
|
155
|
+
|
|
156
|
+
```ruby
|
|
157
|
+
client = Octokit::Client.new(access_token: ENV["GITHUB_TOKEN"])
|
|
158
|
+
client.dependabot_org_alerts("my-org")
|
|
159
|
+
client.dependabot_repo_alerts("my-org", "my-repo")
|
|
160
|
+
```
|
|
161
|
+
|
|
162
|
+
Provide the token via a `GITHUB_TOKEN` environment variable — for local
|
|
163
|
+
development you can place it in a `.env` file, which is **git-ignored** and must
|
|
164
|
+
never be committed. Treat these tokens as secrets and rotate them if exposed.
|
|
17
165
|
|
|
18
166
|
## Development
|
|
19
167
|
|
|
20
|
-
After checking out the repo, run `bin/setup` to install dependencies. Then
|
|
168
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then:
|
|
21
169
|
|
|
22
|
-
|
|
170
|
+
```bash
|
|
171
|
+
bundle exec rake spec # run the test suite
|
|
172
|
+
bin/console # interactive prompt for experimentation
|
|
173
|
+
```
|
|
23
174
|
|
|
24
|
-
|
|
175
|
+
The project also uses:
|
|
25
176
|
|
|
26
|
-
|
|
177
|
+
- [RuboCop](https://rubocop.org/) for linting (`bundle exec rubocop`)
|
|
178
|
+
- [Steep](https://github.com/soutaro/steep) / [RBS](https://github.com/ruby/rbs)
|
|
179
|
+
for type checking (`bundle exec steep check`)
|
|
180
|
+
- [YARD](https://yardoc.org/) for documentation (`bundle exec rake yard`)
|
|
27
181
|
|
|
28
|
-
|
|
182
|
+
To release a new version, update the version number in
|
|
183
|
+
`lib/d_bot_query/version.rb`, then run `bundle exec rake release`, which creates a
|
|
184
|
+
git tag, pushes commits and the tag, and pushes the `.gem` file to
|
|
185
|
+
[rubygems.org](https://rubygems.org).
|
|
186
|
+
|
|
187
|
+
## Contributing
|
|
29
188
|
|
|
30
|
-
|
|
189
|
+
Bug reports and pull requests are welcome on GitHub at
|
|
190
|
+
<https://github.com/rickmark/dbotquery>. Please read
|
|
191
|
+
[CONTRIBUTING.md](CONTRIBUTING.md) before opening a pull request. This project is
|
|
192
|
+
intended to be a safe, welcoming space for collaboration, and contributors are
|
|
193
|
+
expected to adhere to the [code of conduct](CODE_OF_CONDUCT.md).
|
|
31
194
|
|
|
32
|
-
##
|
|
195
|
+
## License
|
|
33
196
|
|
|
34
|
-
|
|
197
|
+
Available as open source under the terms of the [MIT License](LICENSE.txt).
|
|
@@ -24,6 +24,8 @@ module DBotQuery
|
|
|
24
24
|
attribute :dismissed_by, :string
|
|
25
25
|
attribute :dismissed_comment, :string
|
|
26
26
|
attribute :dismissed_reason, :string
|
|
27
|
+
attribute :dismissal_request
|
|
28
|
+
attribute :assignees, :array, of: String
|
|
27
29
|
|
|
28
30
|
def days_open(as_of)
|
|
29
31
|
as_of = as_of&.to_date || Time.now.to_date
|
|
@@ -16,7 +16,10 @@ module DBotQuery
|
|
|
16
16
|
attribute :references, :array, of: Reference
|
|
17
17
|
attribute :vulnerabilities, :array, of: SecurityVulnerability
|
|
18
18
|
attribute :cvss, CVSS
|
|
19
|
+
attribute :cvss_severities, :array, of: CVSSSeverity
|
|
19
20
|
attribute :cwes, :array, of: CWE
|
|
21
|
+
attribute :epss
|
|
22
|
+
attribute :classification
|
|
20
23
|
end
|
|
21
24
|
end
|
|
22
25
|
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
require 'octokit'
|
|
2
|
+
|
|
3
|
+
module DBotQuery
|
|
4
|
+
module OctokitExtensions
|
|
5
|
+
def dependabot_org_alerts(org)
|
|
6
|
+
result = get("/orgs/#{org}/dependabot/alerts")
|
|
7
|
+
Models::AlertCollection.new(result)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def dependabot_repo_alerts(owner, repo)
|
|
11
|
+
Models::AlertCollection.new(get("/repos/#{owner}/#{repo}/dependabot/alerts"))
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
Octokit::Client.include DBotQuery::OctokitExtensions
|
data/lib/d_bot_query/version.rb
CHANGED
data/lib/dbotquery.rb
CHANGED
|
@@ -71,8 +71,11 @@ module DBotQuery
|
|
|
71
71
|
autoload :Reference, 'd_bot_query/models/reference'
|
|
72
72
|
autoload :CVSS, 'd_bot_query/models/cvss'
|
|
73
73
|
autoload :CWE, 'd_bot_query/models/cwe'
|
|
74
|
+
autoload :CVSSSeverity, 'd_bot_query/models/cvss_severity'
|
|
74
75
|
end
|
|
75
76
|
|
|
77
|
+
require 'd_bot_query/octokit'
|
|
78
|
+
|
|
76
79
|
def self.schema
|
|
77
80
|
SCHEMA
|
|
78
81
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dbotquery
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0
|
|
4
|
+
version: '1.0'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rick Mark
|
|
@@ -51,6 +51,20 @@ dependencies:
|
|
|
51
51
|
- - "~>"
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
53
|
version: '5.0'
|
|
54
|
+
- !ruby/object:Gem::Dependency
|
|
55
|
+
name: octokit
|
|
56
|
+
requirement: !ruby/object:Gem::Requirement
|
|
57
|
+
requirements:
|
|
58
|
+
- - ">="
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: '0'
|
|
61
|
+
type: :runtime
|
|
62
|
+
prerelease: false
|
|
63
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - ">="
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: '0'
|
|
54
68
|
- !ruby/object:Gem::Dependency
|
|
55
69
|
name: thor
|
|
56
70
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -83,6 +97,7 @@ files:
|
|
|
83
97
|
- ".reek.yml"
|
|
84
98
|
- CHANGELOG.md
|
|
85
99
|
- CODE_OF_CONDUCT.md
|
|
100
|
+
- CONTRIBUTING.md
|
|
86
101
|
- LICENSE.txt
|
|
87
102
|
- NOTES.md
|
|
88
103
|
- README.md
|
|
@@ -99,6 +114,7 @@ files:
|
|
|
99
114
|
- lib/d_bot_query/models/alert_collection.rb
|
|
100
115
|
- lib/d_bot_query/models/base.rb
|
|
101
116
|
- lib/d_bot_query/models/cvss.rb
|
|
117
|
+
- lib/d_bot_query/models/cvss_severity.rb
|
|
102
118
|
- lib/d_bot_query/models/cwe.rb
|
|
103
119
|
- lib/d_bot_query/models/data_file.rb
|
|
104
120
|
- lib/d_bot_query/models/dependency.rb
|
|
@@ -108,6 +124,7 @@ files:
|
|
|
108
124
|
- lib/d_bot_query/models/security_advisory.rb
|
|
109
125
|
- lib/d_bot_query/models/security_vulnerability.rb
|
|
110
126
|
- lib/d_bot_query/models/vulnerability_identifier.rb
|
|
127
|
+
- lib/d_bot_query/octokit.rb
|
|
111
128
|
- lib/d_bot_query/version.rb
|
|
112
129
|
- lib/dbotquery.rb
|
|
113
130
|
- lib/schema.json
|