dependaboat 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependaboat/cli.rb +27 -9
- data/lib/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: da50e06178dc26bfe2e3daf101ec72d5ab0b73d88dbf2849d1a5613364201182
|
|
4
|
+
data.tar.gz: 10f7a9d28275547c050a68bcd921b3a88296892368c33b66679760e563d79e75
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 826279a76087a2615ff3d78708177840ba44473cb55a39e1eb0d55cf673649d556ee114cfe90918b5ca0995abd144a666497b7fde0109536b0dc4ff8e8f1a15c
|
|
7
|
+
data.tar.gz: '0157953412ab5f62a4c0abb125d9faecfb078926ddb991a6b5a97dbd643f77018a9a7e3f025897d42a8f031c9fe176905c38657c2b6491a2a3c7f2d793c4d39e'
|
data/lib/dependaboat/cli.rb
CHANGED
|
@@ -50,17 +50,29 @@ module Dependaboat
|
|
|
50
50
|
|
|
51
51
|
@alerts.each do |alert|
|
|
52
52
|
process_alert(alert)
|
|
53
|
-
sleep
|
|
53
|
+
sleep 2 # Rate limiting
|
|
54
54
|
end
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
def process_alert(alert)
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
58
|
+
retry_count = 0
|
|
59
|
+
begin
|
|
60
|
+
return if issue_exists?(alert)
|
|
61
|
+
alert_details = extract_alert_details(alert)
|
|
62
|
+
create_github_issue(alert, alert_details)
|
|
63
|
+
rescue GHX::RateLimitExceededError => e
|
|
64
|
+
logger.error "Rate limit exceeded!"
|
|
65
|
+
retry_count += 1
|
|
66
|
+
if retry_count < 4
|
|
67
|
+
logger.info "Slowing down and retrying..."
|
|
68
|
+
sleep 15 * retry_count
|
|
69
|
+
retry
|
|
70
|
+
else
|
|
71
|
+
logger.error "3 Retries failed. Moving on."
|
|
72
|
+
end
|
|
73
|
+
rescue => e
|
|
74
|
+
logger.error "Error processing alert ##{alert.number}: #{e.message}"
|
|
75
|
+
end
|
|
64
76
|
end
|
|
65
77
|
|
|
66
78
|
def issue_exists?(alert)
|
|
@@ -76,7 +88,11 @@ module Dependaboat
|
|
|
76
88
|
alert_severity = alert.security_vulnerability.severity.capitalize
|
|
77
89
|
alert_package_name = alert.security_vulnerability.package.name
|
|
78
90
|
alert_package_ecosystem = alert.security_vulnerability.package.ecosystem
|
|
79
|
-
alert_created_at =
|
|
91
|
+
alert_created_at = begin
|
|
92
|
+
alert.created_at.to_date
|
|
93
|
+
rescue
|
|
94
|
+
Date.today
|
|
95
|
+
end
|
|
80
96
|
|
|
81
97
|
remediation_deadline = alert_created_at + config.dig("remediation_sla", alert_severity.downcase)
|
|
82
98
|
|
|
@@ -210,7 +226,9 @@ module Dependaboat
|
|
|
210
226
|
end
|
|
211
227
|
|
|
212
228
|
def process_templateable_string(s, map)
|
|
213
|
-
map.
|
|
229
|
+
map.each_with_object(s.dup) { |(key, value), str|
|
|
230
|
+
str.gsub!("{{#{key}}}", value.to_s)
|
|
231
|
+
}
|
|
214
232
|
end
|
|
215
233
|
|
|
216
234
|
def dry_run?
|
data/lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependaboat
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- CompanyCam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-05-
|
|
11
|
+
date: 2024-05-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ghx
|