dbotquery 0.9 → 1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 54f665596ce0a1ef9bc40d3fad0c0e208b8fcbe9b27225851584dbb5087a359c
4
- data.tar.gz: 0da1bd780a74e60361ea1b7f703e9b6f15f57d31e5e6e69a4e1130a1d2a5be02
3
+ metadata.gz: 25ebc924a49d65ea76209ac3566a9b7fb43ca639f48cdbd6adfe0d501aaf4eb7
4
+ data.tar.gz: 291f70d4147726f2a8986ca269ac75c1394ed5efa887fedc1582944dd6ef81a7
5
5
  SHA512:
6
- metadata.gz: 474a2bf379ae1f15e293558e756efce924a1a8b5dec015e86774fe1bc64ba6d90c8a2e84b4ad7b7a9b616257ebf0f7bd1a0f5fcf31adf37ba5f0e3e42879f307
7
- data.tar.gz: 8c3e80eee61bc7437fdc5cd7b95c9ae67719b67d4381b7f08e44cca8e905df4fd0164ffd9ee0a212d58735e3228314142112999e76d01250616c018e0becb1c9
6
+ metadata.gz: c91abe252617ab8a6826ac99739f4c10a2ec682bece5638f21e8bd3b2d139ca937278bbbf9c994be4a49e90750a88535bf3d772cded17d3411281de57c94d380
7
+ data.tar.gz: f823fd53e4782df096e81b02cbe1c23a16e7496b07355e4694a54569d09ef338551c3e589d789ded1ebb2463ea4155e6a6c4572c5f1338e82a0e85bb610138e2
data/.idea/dbotquery.iml CHANGED
@@ -58,6 +58,7 @@
58
58
  <orderEntry type="library" scope="PROVIDED" name="csv (v3.3.5, rbenv: 4.0.5) [gem]" level="application" />
59
59
  <orderEntry type="library" scope="PROVIDED" name="diff-lcs (v1.6.2, rbenv: 4.0.5) [gem]" level="application" />
60
60
  <orderEntry type="library" scope="PROVIDED" name="docile (v1.4.1, rbenv: 4.0.5) [gem]" level="application" />
61
+ <orderEntry type="library" scope="TEST" name="dotenv (v3.2.0, rbenv: 4.0.5) [gem]" level="application" />
61
62
  <orderEntry type="library" scope="PROVIDED" name="drb (v2.2.3, rbenv: 4.0.5) [gem]" level="application" />
62
63
  <orderEntry type="library" scope="PROVIDED" name="dry-configurable (v1.4.0, rbenv: 4.0.5) [gem]" level="application" />
63
64
  <orderEntry type="library" scope="PROVIDED" name="dry-core (v1.2.0, rbenv: 4.0.5) [gem]" level="application" />
@@ -66,6 +67,8 @@
66
67
  <orderEntry type="library" scope="PROVIDED" name="dry-logic (v1.6.0, rbenv: 4.0.5) [gem]" level="application" />
67
68
  <orderEntry type="library" scope="PROVIDED" name="dry-schema (v1.16.0, rbenv: 4.0.5) [gem]" level="application" />
68
69
  <orderEntry type="library" scope="PROVIDED" name="dry-types (v1.9.1, rbenv: 4.0.5) [gem]" level="application" />
70
+ <orderEntry type="library" scope="PROVIDED" name="faraday (v2.14.3, rbenv: 4.0.5) [gem]" level="application" />
71
+ <orderEntry type="library" scope="PROVIDED" name="faraday-net_http (v3.4.4, rbenv: 4.0.5) [gem]" level="application" />
69
72
  <orderEntry type="library" scope="PROVIDED" name="ffi (v1.17.4, rbenv: 4.0.5) [gem]" level="application" />
70
73
  <orderEntry type="library" scope="PROVIDED" name="fileutils (v1.8.0, rbenv: 4.0.5) [gem]" level="application" />
71
74
  <orderEntry type="library" scope="PROVIDED" name="gemika (v2.0.0, rbenv: 4.0.5) [gem]" level="application" />
@@ -79,6 +82,8 @@
79
82
  <orderEntry type="library" scope="PROVIDED" name="logger (v1.7.0, rbenv: 4.0.5) [gem]" level="application" />
80
83
  <orderEntry type="library" scope="PROVIDED" name="method_source (v1.1.0, rbenv: 4.0.5) [gem]" level="application" />
81
84
  <orderEntry type="library" scope="PROVIDED" name="minitest (v6.0.6, rbenv: 4.0.5) [gem]" level="application" />
85
+ <orderEntry type="library" scope="PROVIDED" name="net-http (v0.9.1, rbenv: 4.0.5) [gem]" level="application" />
86
+ <orderEntry type="library" scope="PROVIDED" name="octokit (v10.0.0, rbenv: 4.0.5) [gem]" level="application" />
82
87
  <orderEntry type="library" scope="PROVIDED" name="parallel (v2.1.0, rbenv: 4.0.5) [gem]" level="application" />
83
88
  <orderEntry type="library" scope="PROVIDED" name="parser (v3.3.11.1, rbenv: 4.0.5) [gem]" level="application" />
84
89
  <orderEntry type="library" scope="PROVIDED" name="prism (v1.9.0, rbenv: 4.0.5) [gem]" level="application" />
@@ -107,6 +112,7 @@
107
112
  <orderEntry type="library" scope="PROVIDED" name="rubocop-rspec (v3.10.2, rbenv: 4.0.5) [gem]" level="application" />
108
113
  <orderEntry type="library" scope="PROVIDED" name="rubocop-yard (v1.3.0, rbenv: 4.0.5) [gem]" level="application" />
109
114
  <orderEntry type="library" scope="PROVIDED" name="ruby-progressbar (v1.13.0, rbenv: 4.0.5) [gem]" level="application" />
115
+ <orderEntry type="library" scope="PROVIDED" name="sawyer (v0.9.3, rbenv: 4.0.5) [gem]" level="application" />
110
116
  <orderEntry type="library" scope="PROVIDED" name="securerandom (v0.4.1, rbenv: 4.0.5) [gem]" level="application" />
111
117
  <orderEntry type="library" scope="TEST" name="simplecov (v0.22.0, rbenv: 4.0.5) [gem]" level="application" />
112
118
  <orderEntry type="library" scope="PROVIDED" name="simplecov-html (v0.13.2, rbenv: 4.0.5) [gem]" level="application" />
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,95 @@
1
+ # Contributing to DBotQuery
2
+
3
+ Thanks for your interest in improving DBotQuery! Bug reports, feature requests,
4
+ and pull requests are all welcome.
5
+
6
+ By participating in this project you agree to abide by our
7
+ [Code of Conduct](CODE_OF_CONDUCT.md).
8
+
9
+ ## Getting started
10
+
11
+ 1. Fork the repository and clone your fork.
12
+ 2. Install dependencies:
13
+ ```bash
14
+ bin/setup
15
+ ```
16
+ 3. Make sure the test suite passes before you change anything:
17
+ ```bash
18
+ bundle exec rake spec
19
+ ```
20
+
21
+ Requires Ruby `>= 3.3` and Bundler.
22
+
23
+ ## Reporting bugs and requesting features
24
+
25
+ Open an issue at <https://github.com/rickmark/dbotquery/issues>. For bug reports,
26
+ please include:
27
+
28
+ - What you expected to happen and what actually happened.
29
+ - The exact command you ran (with any relevant flags).
30
+ - A minimal, **sanitized** snippet of the Dependabot export that reproduces the
31
+ problem. Never paste real tokens, secrets, or private vulnerability data into
32
+ an issue.
33
+ - Your Ruby version (`ruby -v`) and OS.
34
+
35
+ ## Development workflow
36
+
37
+ 1. Create a topic branch off `main`:
38
+ ```bash
39
+ git checkout -b my-feature
40
+ ```
41
+ 2. Make your change, adding or updating tests and documentation as needed.
42
+ 3. Run the full check suite locally (see below).
43
+ 4. Commit with a clear message, push to your fork, and open a pull request
44
+ against `main`.
45
+
46
+ Keep pull requests focused — one logical change per PR makes review easier.
47
+
48
+ ## Quality checks
49
+
50
+ All of the following should pass before you open a pull request. CI runs them
51
+ too.
52
+
53
+ ```bash
54
+ bundle exec rake spec # RSpec test suite
55
+ bundle exec rubocop # style / lint
56
+ bundle exec steep check # RBS / Steep type checking
57
+ ```
58
+
59
+ Guidelines:
60
+
61
+ - **Tests.** New behavior needs test coverage; bug fixes should include a test
62
+ that fails before the fix and passes after. Fixtures live under `spec/fixtures`.
63
+ - **Types.** This project uses inline RBS (`# rbs_inline: enabled`) with signatures
64
+ in `sig/`. When you change a public method, update the corresponding `.rbs`
65
+ signature so `steep check` stays green.
66
+ - **Style.** Follow the existing code style; RuboCop is the source of truth. Match
67
+ the surrounding code's naming, structure, and comment density.
68
+ - **Documentation.** Update `README.md` and command doc comments when you add or
69
+ change a command or option.
70
+
71
+ ## Architecture at a glance
72
+
73
+ - `lib/d_bot_query/cli.rb` — Thor-based command-line interface (argument parsing).
74
+ - `lib/d_bot_query/commands/` — one class per subcommand. Each command is thin and
75
+ delegates to the models, which keeps the CLI and the logic independently
76
+ testable.
77
+ - `lib/d_bot_query/models/` — data models wrapping the Dependabot export
78
+ (alerts, advisories, packages, repositories, CVSS/CWE, etc.).
79
+ - `lib/d_bot_query/octokit.rb` — optional Octokit extensions for fetching alerts
80
+ live from the GitHub API.
81
+
82
+ When adding a new report, add a command class under `commands/`, wire it into
83
+ `cli.rb`, and put the actual computation on the appropriate model so it can be
84
+ unit-tested without the CLI.
85
+
86
+ ## Security
87
+
88
+ Do not commit secrets. `GITHUB_TOKEN` and any `.env` file are git-ignored — keep
89
+ it that way. If you discover a security issue, please avoid filing a public issue
90
+ with sensitive details; contact the maintainer directly instead.
91
+
92
+ ## License
93
+
94
+ By contributing, you agree that your contributions will be licensed under the
95
+ [MIT License](LICENSE.txt) that covers the project.
data/README.md CHANGED
@@ -1,34 +1,197 @@
1
1
  # DBotQuery
2
2
 
3
- An example of a production ready query tool for GitHub dependabot data.
3
+ Command-line reports for [GitHub Dependabot](https://docs.github.com/en/code-security/dependabot) exports.
4
+
5
+ DBotQuery reads a JSON export of Dependabot alerts and produces machine-readable
6
+ (JSON) reports — vulnerability summaries, SLA compliance statistics, and package
7
+ usage searches. It is designed so that people who don't have direct access to
8
+ GitHub (or who want the data in another system) can still see and process an
9
+ organization's vulnerability posture.
10
+
11
+ The tool does not need to talk to GitHub to produce reports: it takes an exported
12
+ Dependabot JSON file as input, along with some options, and writes a JSON document
13
+ to standard output. (Optional live fetching via the GitHub API is also supported —
14
+ see [Fetching data from GitHub](#fetching-data-from-github).)
15
+
16
+ ## Requirements
17
+
18
+ - Ruby `>= 3.3`
19
+ - [Bundler](https://bundler.io/)
4
20
 
5
21
  ## Installation
6
22
 
7
- Install the gem and add to the application's Gemfile by executing:
23
+ Clone the repository and install dependencies:
24
+
25
+ ```bash
26
+ git clone https://github.com/rickmark/dbotquery.git
27
+ cd dbotquery
28
+ bin/setup
29
+ ```
30
+
31
+ To install the executable onto your machine as a gem:
8
32
 
9
33
  ```bash
10
- bundle install
11
- rake install
34
+ bundle exec rake install
12
35
  ```
13
36
 
37
+ You can then run `dbotquery` directly. Otherwise, prefix commands with
38
+ `bundle exec` as shown below.
39
+
14
40
  ## Usage
15
41
 
16
- `bundle exec dbotquery summary`
42
+ Every command takes a Dependabot JSON export via `-f`/`--file` and prints a JSON
43
+ report to standard output.
44
+
45
+ ```bash
46
+ bundle exec dbotquery <command> -f dependabot.json [options]
47
+ ```
48
+
49
+ Run `bundle exec dbotquery help` to list commands, or
50
+ `bundle exec dbotquery help <command>` for details on a specific one.
51
+
52
+ ### `summary` — count vulnerabilities
53
+
54
+ Counts findings in the export, optionally filtered by state and/or severity.
55
+
56
+ ```bash
57
+ # All findings
58
+ bundle exec dbotquery summary -f dependabot.json
59
+
60
+ # Only dismissed findings
61
+ bundle exec dbotquery summary -f dependabot.json --state dismissed
62
+
63
+ # Only open, critical findings
64
+ bundle exec dbotquery summary -f dependabot.json --state open --severity critical
65
+ ```
66
+
67
+ | Flag | Required | Description | Values |
68
+ | :--- | :--- | :--- | :--- |
69
+ | `-f`, `--file` | yes | Path to the Dependabot JSON export | `dependabot.json` |
70
+ | `--state` | no | Only count findings in this state | `open`, `fixed`, `dismissed` |
71
+ | `--severity` | no | Only count findings of this severity | `critical`, `high`, `medium`, `low` |
72
+
73
+ Output:
74
+
75
+ ```json
76
+ { "count": 42 }
77
+ ```
78
+
79
+ ### `sla_stats` — SLA breaches by severity
80
+
81
+ Counts vulnerabilities that have been open longer than the allowed SLA, broken
82
+ out by severity. The SLA (in days) is:
83
+
84
+ | Severity | Days |
85
+ | :--- | :--- |
86
+ | Low | 60 |
87
+ | Medium | 30 |
88
+ | High | 15 |
89
+ | Critical | 5 |
90
+
91
+ ```bash
92
+ # Using the current time to calculate age
93
+ bundle exec dbotquery sla_stats -f dependabot.json
94
+
95
+ # Using a fixed point in time (ISO 8601)
96
+ bundle exec dbotquery sla_stats -f dependabot.json -t 2023-01-01T00:00:00Z
97
+ ```
98
+
99
+ | Flag | Required | Description | Example |
100
+ | :--- | :--- | :--- | :--- |
101
+ | `-f`, `--file` | yes | Path to the Dependabot JSON export | `dependabot.json` |
102
+ | `-t`, `--time` | no | Point in time used to calculate age (ISO 8601) | `2023-01-01T00:00:00Z` |
103
+
104
+ Output:
105
+
106
+ ```json
107
+ { "low": 1, "medium": 2, "high": 0, "critical": 3, "total": 6 }
108
+ ```
109
+
110
+ ### `repo_sla_stats` — SLA breaches by repository
111
+
112
+ The same report as `sla_stats`, but broken out per repository so teams can see
113
+ the findings specific to their code.
114
+
115
+ ```bash
116
+ bundle exec dbotquery repo_sla_stats -f dependabot.json
117
+ bundle exec dbotquery repo_sla_stats -f dependabot.json -t 2023-01-01T00:00:00Z
118
+ ```
119
+
120
+ Flags are identical to `sla_stats`. Output:
121
+
122
+ ```json
123
+ {
124
+ "org/repo": { "low": 1, "medium": 0, "high": 2, "critical": 1, "total": 4 },
125
+ "org/repo2": { "low": 0, "medium": 1, "high": 0, "critical": 0, "total": 1 }
126
+ }
127
+ ```
128
+
129
+ ### `package_search` — where is a package used?
130
+
131
+ Answers "do we use library X?" by listing every repository where the given
132
+ package appears.
133
+
134
+ ```bash
135
+ bundle exec dbotquery package_search -f dependabot.json --package sinatra
136
+ bundle exec dbotquery package_search -f dependabot.json --package node-forge
137
+ ```
138
+
139
+ | Flag | Required | Description | Example |
140
+ | :--- | :--- | :--- | :--- |
141
+ | `-f`, `--file` | yes | Path to the Dependabot JSON export | `dependabot.json` |
142
+ | `--package` | yes | The package name to search for | `sinatra`, `puma`, `node-forge` |
143
+
144
+ Output:
145
+
146
+ ```json
147
+ ["org/repo", "org/repo2"]
148
+ ```
149
+
150
+ ## Fetching data from GitHub
151
+
152
+ DBotQuery ships with [Octokit](https://github.com/octokit/octokit.rb) extensions
153
+ for pulling Dependabot alerts directly from the GitHub API, which can be used from
154
+ the console or in your own scripts:
155
+
156
+ ```ruby
157
+ client = Octokit::Client.new(access_token: ENV["GITHUB_TOKEN"])
158
+ client.dependabot_org_alerts("my-org")
159
+ client.dependabot_repo_alerts("my-org", "my-repo")
160
+ ```
161
+
162
+ Provide the token via a `GITHUB_TOKEN` environment variable — for local
163
+ development you can place it in a `.env` file, which is **git-ignored** and must
164
+ never be committed. Treat these tokens as secrets and rotate them if exposed.
17
165
 
18
166
  ## Development
19
167
 
20
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
168
+ After checking out the repo, run `bin/setup` to install dependencies. Then:
21
169
 
22
- To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
170
+ ```bash
171
+ bundle exec rake spec # run the test suite
172
+ bin/console # interactive prompt for experimentation
173
+ ```
23
174
 
24
- ## Contributing
175
+ The project also uses:
25
176
 
26
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/dbotquery. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/dbotquery/blob/main/CODE_OF_CONDUCT.md).
177
+ - [RuboCop](https://rubocop.org/) for linting (`bundle exec rubocop`)
178
+ - [Steep](https://github.com/soutaro/steep) / [RBS](https://github.com/ruby/rbs)
179
+ for type checking (`bundle exec steep check`)
180
+ - [YARD](https://yardoc.org/) for documentation (`bundle exec rake yard`)
27
181
 
28
- ## License
182
+ To release a new version, update the version number in
183
+ `lib/d_bot_query/version.rb`, then run `bundle exec rake release`, which creates a
184
+ git tag, pushes commits and the tag, and pushes the `.gem` file to
185
+ [rubygems.org](https://rubygems.org).
186
+
187
+ ## Contributing
29
188
 
30
- The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
189
+ Bug reports and pull requests are welcome on GitHub at
190
+ <https://github.com/rickmark/dbotquery>. Please read
191
+ [CONTRIBUTING.md](CONTRIBUTING.md) before opening a pull request. This project is
192
+ intended to be a safe, welcoming space for collaboration, and contributors are
193
+ expected to adhere to the [code of conduct](CODE_OF_CONDUCT.md).
31
194
 
32
- ## Code of Conduct
195
+ ## License
33
196
 
34
- Everyone interacting in the Dbotquery project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/dbotquery/blob/main/CODE_OF_CONDUCT.md).
197
+ Available as open source under the terms of the [MIT License](LICENSE.txt).
@@ -24,6 +24,8 @@ module DBotQuery
24
24
  attribute :dismissed_by, :string
25
25
  attribute :dismissed_comment, :string
26
26
  attribute :dismissed_reason, :string
27
+ attribute :dismissal_request
28
+ attribute :assignees, :array, of: String
27
29
 
28
30
  def days_open(as_of)
29
31
  as_of = as_of&.to_date || Time.now.to_date
@@ -14,6 +14,8 @@ module DBotQuery
14
14
  def initialize(alerts)
15
15
  @alerts = alerts.map do |alert|
16
16
  case alert
17
+ when Sawyer::Resource
18
+ Alert.new(alert.to_h)
17
19
  when Hash
18
20
  Alert.new(alert)
19
21
  when Alert
@@ -59,7 +59,7 @@ module DBotQuery
59
59
 
60
60
  def materialize(item)
61
61
  case item
62
- when Hash
62
+ when Hash, Array
63
63
  target_class.new(item)
64
64
  when target_class
65
65
  item
@@ -0,0 +1,12 @@
1
+ module DBotQuery
2
+ module Models
3
+ class CVSSSeverity < Base
4
+ attribute :type, :symbol
5
+ attribute :cvss, CVSS
6
+
7
+ def initialize(item)
8
+ super({ type: item[0], cvss: item[1] })
9
+ end
10
+ end
11
+ end
12
+ end
@@ -3,6 +3,9 @@
3
3
  module DBotQuery
4
4
  module Models
5
5
  class CWE < Base
6
+ attribute :cwe_id
7
+ alias_attribute :id, :cwe_id
8
+ attribute :name
6
9
  end
7
10
  end
8
11
  end
@@ -7,6 +7,7 @@ module DBotQuery
7
7
  attribute :package, Package
8
8
  attribute :manifest_path
9
9
  attribute :scope
10
+ attribute :relationship
10
11
  end
11
12
  end
12
13
  end
@@ -16,7 +16,10 @@ module DBotQuery
16
16
  attribute :references, :array, of: Reference
17
17
  attribute :vulnerabilities, :array, of: SecurityVulnerability
18
18
  attribute :cvss, CVSS
19
+ attribute :cvss_severities, :array, of: CVSSSeverity
19
20
  attribute :cwes, :array, of: CWE
21
+ attribute :epss
22
+ attribute :classification
20
23
  end
21
24
  end
22
25
  end
@@ -0,0 +1,16 @@
1
+ require 'octokit'
2
+
3
+ module DBotQuery
4
+ module OctokitExtensions
5
+ def dependabot_org_alerts(org)
6
+ result = get("/orgs/#{org}/dependabot/alerts")
7
+ Models::AlertCollection.new(result)
8
+ end
9
+
10
+ def dependabot_repo_alerts(owner, repo)
11
+ Models::AlertCollection.new(get("/repos/#{owner}/#{repo}/dependabot/alerts"))
12
+ end
13
+ end
14
+ end
15
+
16
+ Octokit::Client.include DBotQuery::OctokitExtensions
@@ -2,5 +2,5 @@
2
2
  # rbs_inline: enabled
3
3
 
4
4
  module DBotQuery
5
- VERSION = '0.9'
5
+ VERSION = '1.0'
6
6
  end
data/lib/dbotquery.rb CHANGED
@@ -71,8 +71,11 @@ module DBotQuery
71
71
  autoload :Reference, 'd_bot_query/models/reference'
72
72
  autoload :CVSS, 'd_bot_query/models/cvss'
73
73
  autoload :CWE, 'd_bot_query/models/cwe'
74
+ autoload :CVSSSeverity, 'd_bot_query/models/cvss_severity'
74
75
  end
75
76
 
77
+ require 'd_bot_query/octokit'
78
+
76
79
  def self.schema
77
80
  SCHEMA
78
81
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dbotquery
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.9'
4
+ version: '1.0'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rick Mark
@@ -51,6 +51,20 @@ dependencies:
51
51
  - - "~>"
52
52
  - !ruby/object:Gem::Version
53
53
  version: '5.0'
54
+ - !ruby/object:Gem::Dependency
55
+ name: octokit
56
+ requirement: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: '0'
61
+ type: :runtime
62
+ prerelease: false
63
+ version_requirements: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - ">="
66
+ - !ruby/object:Gem::Version
67
+ version: '0'
54
68
  - !ruby/object:Gem::Dependency
55
69
  name: thor
56
70
  requirement: !ruby/object:Gem::Requirement
@@ -83,6 +97,7 @@ files:
83
97
  - ".reek.yml"
84
98
  - CHANGELOG.md
85
99
  - CODE_OF_CONDUCT.md
100
+ - CONTRIBUTING.md
86
101
  - LICENSE.txt
87
102
  - NOTES.md
88
103
  - README.md
@@ -99,6 +114,7 @@ files:
99
114
  - lib/d_bot_query/models/alert_collection.rb
100
115
  - lib/d_bot_query/models/base.rb
101
116
  - lib/d_bot_query/models/cvss.rb
117
+ - lib/d_bot_query/models/cvss_severity.rb
102
118
  - lib/d_bot_query/models/cwe.rb
103
119
  - lib/d_bot_query/models/data_file.rb
104
120
  - lib/d_bot_query/models/dependency.rb
@@ -108,6 +124,7 @@ files:
108
124
  - lib/d_bot_query/models/security_advisory.rb
109
125
  - lib/d_bot_query/models/security_vulnerability.rb
110
126
  - lib/d_bot_query/models/vulnerability_identifier.rb
127
+ - lib/d_bot_query/octokit.rb
111
128
  - lib/d_bot_query/version.rb
112
129
  - lib/dbotquery.rb
113
130
  - lib/schema.json