dependagrab 0.1.5 → 0.1.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGE_LOG.md +4 -0
  3. data/Dockerfile +1 -1
  4. data/Gemfile.lock +1 -1
  5. data/README.md +38 -7
  6. data/Rakefile +11 -0
  7. data/bin/dependagrab +8 -1
  8. data/lib/dependagrab/cli.rb +11 -2
  9. data/lib/dependagrab/file_writer.rb +1 -1
  10. data/lib/dependagrab/version.rb +1 -1
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cd35ef0ade298a293c34027c89bfdb351610bf2ccbaf2101492153b9e605b20a
4
- data.tar.gz: 5645015e5ba4cb5ec457001cc9125e10f50c5fe9458b53b79b117b23f3549065
3
+ metadata.gz: 7e32432885a4421f53fc65a7ffca2b8fef05e8738088b437eb8e9aa9a98d8f0b
4
+ data.tar.gz: 8cbbc87b9c80d5a81a6f3fe36a9758e57d43e60ac2fb1aecc291ac11b712962a
5
5
  SHA512:
6
- metadata.gz: d73f942dd1c05ef4b923e874917d5d3d7752e2a7e85755f431161d41d02a5d9e82d98dd60af6ad92cada4203dfd7433b474af5c7244ce0e386b899156c3a249b
7
- data.tar.gz: a4a915c49803c23ab5a782d905833243f720070fc440a4e285f43386da9560a6db9358c112396e3c8e0895b782f18eaece6e3c68472ad81107677c2677489cae
6
+ metadata.gz: b41b50249738a6d4df018e21f4f64c69eb7e1f052be98d5cad399202e66e97a4734db2d3da359f43fe60b058b817b3cbb9c3483efad37ef70d6fc09c697d5b77
7
+ data.tar.gz: 0ba5284cde0e3291400001ae6137a50529da56ea758b8d309cfc48f6a7b4f6cad713b8f36234113209da5533b9e765e077811bceb83f2b877ba39970cbb9acfc
data/CHANGE_LOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ # V0.1.6
2
+ Handle interrupt and exceptions output nicer
3
+ Change source name in json output to dependabot
4
+
1
5
  # V0.1.5
2
6
  Fix when there is no CWE present
3
7
 
data/Dockerfile CHANGED
@@ -1,6 +1,6 @@
1
1
  FROM ruby:3.0.3-slim-bullseye
2
2
 
3
- COPY pkg/*.gem .
3
+ COPY pkg/*.gem ./
4
4
 
5
5
  RUN gem install *.gem
6
6
 
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- dependagrab (0.1.5)
4
+ dependagrab (0.1.6)
5
5
  graphql-client (= 0.17.0)
6
6
 
7
7
  GEM
data/README.md CHANGED
@@ -1,26 +1,57 @@
1
1
  # Dependagrab
2
+ Utility for extracting dependency warnings from GitHub
3
+
4
+ [![Gem Version](https://badge.fury.io/rb/dependagrab.svg)](https://badge.fury.io/rb/dependagrab)
2
5
 
3
- Tool for extracting GitHub dependency warnings and converting it into a ThreadFix compatible file
4
6
 
5
7
  ## Installation
6
8
 
7
- Install it with:
9
+ *with ruby*
10
+ ```bash
11
+ $ gem install dependagrab
12
+ #=> Fetching dependagrab-0.1.6.gem
13
+ #=> Successfully installed dependagrab-0.1.6
14
+ #=> 1 gem installed
15
+ ```
8
16
 
9
- $ gem install dependagrab
17
+ *with docker*
18
+ ```bash
19
+ $ docker pull ddazza/dependagrab:latest
20
+ ```
21
+
22
+ ### Configure
23
+ [Setup a GitHub access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
24
+ ```bash
25
+ export GITHUB_API_TOKEN=<token>
26
+ ```
10
27
 
11
28
  ## Usage
12
29
 
13
- `$ dependagrab --help`
30
+ *with ruby*
31
+ ```bash
32
+ # Usage: dependagrab <REPO> [Options]
33
+ # e.g. dependagrab DDAZZA/foo
14
34
 
15
- `$ export GITHUB_API_TOKEN=<TOKEN>`
16
- `$ dependagrab DDAZZA/dependagrab`
35
+ # or to write to a file
36
+ dependagrab DDAZZA/foo --output ./foo.json
37
+ #=> 3 dependency warnings written to './foo.json'
38
+
39
+ ```
40
+
41
+ *with docker*
42
+ ```bash
43
+ docker run --rm --env GITHUB_API_TOKEN --volume `pwd`:/output \
44
+ ddazza/dependagrab:latest DDAZZA/foo --output /output/foo.json
45
+ #=> 3 dependency warnings written to '/output/foo.json'
46
+ ```
17
47
 
18
48
  ## Development
19
49
 
20
50
  ```
21
51
  $ git clone https://github.com/DDAZZA/dependagrab.git
22
52
  $ bundle install
23
- $ ruby -Ilib ./bin/dependagrab --help
53
+ $ bundle exec rake install
54
+ $ dependagrab --help
24
55
  ```
25
56
 
26
57
  To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
data/Rakefile CHANGED
@@ -4,3 +4,14 @@ require "rspec/core/rake_task"
4
4
  RSpec::Core::RakeTask.new(:spec)
5
5
 
6
6
  task :default => :spec
7
+
8
+ desc 'build docker image'
9
+ task :build_docker do
10
+ require './lib/dependagrab.rb'
11
+ system("docker build --tag ddazza/dependagrab:#{Dependagrab::VERSION} .")
12
+ system("docker tag ddazza/dependagrab:latest ddazza/dependagrab:#{Dependagrab::VERSION}")
13
+
14
+ puts
15
+ puts "$ docker push ddazza/dependagrab:#{Dependagrab::VERSION}"
16
+ puts "$ docker push ddazza/dependagrab:latest"
17
+ end
data/bin/dependagrab CHANGED
@@ -1,4 +1,11 @@
1
1
  #!/usr/bin/env ruby
2
2
  require "dependagrab/cli"
3
3
 
4
- Dependagrab::CLI.start
4
+ begin
5
+ Dependagrab::CLI.start
6
+ rescue SignalException => e
7
+ # exit
8
+ rescue Exception => e
9
+ STDERR.puts "Error: Something went wrong (set DEBUG=true for detailed backtrace)"
10
+ STDERR.puts e.backtrace if ENV['DEBUG']
11
+ end
data/lib/dependagrab/cli.rb CHANGED
@@ -26,7 +26,10 @@ module Dependagrab
26
26
  end
27
27
  end
28
28
  rescue GetoptLong::Error => e
29
+ STDERR.puts "Error: #{e.message} (set DEBUG=true for detailed backtrace)"
30
+ puts
29
31
  print_help
32
+ STDERR.puts e.backtrace if ENV['DEBUG']
30
33
  exit 1
31
34
  end
32
35
 
@@ -42,7 +45,13 @@ module Dependagrab
42
45
  exit 1
43
46
  end
44
47
 
45
- run(options)
48
+ begin
49
+ run(options)
50
+ rescue => e
51
+ STDERR.puts "Error: #{e.message} (set DEBUG=true for detailed backtrace)"
52
+ STDERR.puts e.backtrace if ENV['DEBUG']
53
+ exit 1
54
+ end
46
55
  end
47
56
 
48
57
  private
@@ -56,7 +65,7 @@ module Dependagrab
56
65
  puts "#{result[:alerts].count} dependency warnings written to '#{options.fetch(:output)}'"
57
66
  rescue => e
58
67
  STDERR.puts "Failed to write file '#{options.fetch(:output)}'"
59
- STDERR.puts "#{e.message} (set DEBUG=true for detailed backtrace)"
68
+ STDERR.puts "Error: #{e.message} (set DEBUG=true for detailed backtrace)"
60
69
  STDERR.puts e.backtrace if ENV['DEBUG']
61
70
  exit 1
62
71
  end
data/lib/dependagrab/file_writer.rb CHANGED
@@ -35,7 +35,7 @@ module Dependagrab
35
35
  id: SecureRandom.uuid,
36
36
  created: Time.now.strftime('%Y-%m-%dT%H:%M:%SZ'),
37
37
  exported: Time.now.strftime('%Y-%m-%dT%H:%M:%SZ'),
38
- source: "AppSec Team",
38
+ source: "dependagrab",
39
39
  collectionType: "DEPENDENCY",
40
40
  findings: [],
41
41
  }
data/lib/dependagrab/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dependagrab
2
- VERSION = "0.1.5"
2
+ VERSION = "0.1.6"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependagrab
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dave Elliott
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-06 00:00:00.000000000 Z
11
+ date: 2021-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: graphql-client