neetob 0.5.69 → 0.5.77

data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/{bot_protection_enabled.rb → automatic_https_rewrites_is_enabled.rb}

@@ -1,35 +1,37 @@
 # frozen_string_literal: true
 
 require_relative "../../github_issue_creation"
+
 module Neetob
   class CLI
     module MonthlyAudit
       module InstancesAndAddons
         module Cloudflare
-          class BotProtectionEnabled < CLI::Base
+          class AutomaticHttpsRewritesIsEnabled < CLI::Base
             def initialize
               super()
             end
 
             def run
-              ui.success "### 3.2.6. Checking whether Bot Protection is enabled"
+              ui.success "### 3.2.7. Checking whether Automatic HTTPS rewrites is enabled"
 
-              domains_data = [["Domain", "Bot protection", "Audit Passed"]]
+              domains_data = [["Domain", "Automatic HTTPS rewrites", "Audit Passed"]]
               ui.info("\n", print_to_audit_log: false)
               Neetob::CLI::Cloudflare::Base::ZONE_IDS.keys.select { |domain|
  domain.to_s.include?(".com") }.map do |domain|
-                bot_fight_mode = Neetob::CLI::Cloudflare::BotFightMode.new(domain).run
-                ui.info("Checking Bot fight mode for #{domain}", print_to_audit_log: false)
-                audit_passed = bot_fight_mode == "on" ? "Yes" : "No"
+                ui.info("Checking automatic HTTPS rewrites value for #{domain}", print_to_audit_log: false)
+                automatic_https_rewrites_value = Neetob::CLI::Cloudflare::AutomaticHttpsRewrites.new(domain).run
+                audit_passed = automatic_https_rewrites_value.to_s == "on" ? "Yes" : "No"
 
                 if audit_passed == "No"
                   repo = domain_to_repo(domain.to_s)
                   issue_url = GithubIssueCreation.new.create_issue(
-                    repo:, title: "Enable bot protection for #{domain}",
-                    description: "Bot Protection is not enabled for #{domain}.")
+                    repo:, title: "Enable automatic HTTPS rewrites for domain",
+                    description: "Automatic HTTPS rewrites is not enabled for #{domain}.")
                   audit_passed += " #{issue_url}"
                 end
-                domains_data << [domain, bot_fight_mode, audit_passed]
+
+                domains_data << [domain, automatic_https_rewrites_value, audit_passed]
               end
               ui.print_table(domains_data)
             end

data/lib/neetob/cli/monthly_audit/instances_and_addons/cloudflare/main.rb

@@ -5,7 +5,7 @@ require_relative "dns_entry_has_proxy_status"
 require_relative "minimum_tls_version_is_one_point_two"
 require_relative "always_use_https_is_enabled"
 require_relative "spf_records_are_valid"
-require_relative "bot_protection_enabled"
+require_relative "automatic_https_rewrites_is_enabled"
 
 module Neetob
   class CLI
@@ -28,7 +28,7 @@ module Neetob
               ui.info "\n"
               SpfRecordsAreValid.new.run
               ui.info "\n"
-              BotProtectionEnabled.new.run
+              AutomaticHttpsRewritesIsEnabled.new.run
             end
           end
         end

data/lib/neetob/cli/monthly_audit/instances_and_addons/cronitor/setup_correctly_for_landing_pages.rb

@@ -10,8 +10,9 @@ module Neetob
           class SetupCorrectlyForLandingPages < CLI::Base
             APPS_TO_IGNORE = [
               "NeetoAuth",
-              "NeetoTower"
-            ]
+              "NeetoTower",
+              "NeetoCode"
+          ].freeze
 
             attr_reader :all_monitors
 

data/lib/neetob/cli/monthly_audit/instances_and_addons/honeybadger/setup_correctly_for_apps.rb

@@ -11,36 +11,35 @@ module Neetob
             end
 
             def run
-              ui.success "### 3.4.1. [Manual] Checking whether Honeybadger is correctly set up for apps"
-              ui.info "#### Please manually check and add Yes/No for all the following checks on the Honeybadger dashboard for the apps listed in the table below:"
-              ui.info "- Settings > General > Project Settings > Enable notifications for production is turned on"
-              ui.info "- Settings > Alerts & integrations > This project's integrations > GitHub is integrated to the correct project repo."
-              ui.info "- Settings > Alerts & integrations > This project's integrations > GitHub > Edit > Error Events > Automatically create an issue when an error occurs and Automatically re-open issues are turned on"
-              ui.info "- Settings > Alerts & integrations > This project's integrations > Slack is integrated to the correct project channel in #neeto-health workspace"
-              ui.info "- Please add comments if any for the checks below in the Comments column in the table"
-              ui.info "- Finally, set Audit Passed as Yes only if all the checks are passed for the app, otherwise set it as No, and add a comment in the Comments column"
-
-              apps_data = [
-                [
-                  "App",
-                  "Enable Notifications for production is turned on",
-                  "GitHub is integrated to the correct project repo",
-                  "Automatically create GitHub issue and automatically re-open issue is turned on",
-                  "Slack is integrated to the correct project channel in #neeto-health workspace",
-                  "Comments",
-                  "Audit Passed"
-                ]
-              ]
-              ui.info("\n")
-              (
-                Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy] +
-                Neetob::CLI::Sre::Base::APPS_LIST[:heroku]
-              ).select { |app| app.include?("production") }.each do |app|
-
-                apps_data << [app, nil, nil, nil, nil, nil, nil]
-              end
-              ui.print_table(apps_data)
+              ui.success "### 3.4.1. Checking whether Honeybadger is correctly set up for apps"
+
+              result = run_honeybadger_check
+              formatted_result = extract_json_array_from_output(result)
+
+              create_issue(formatted_result)
+
+              ui.print_table(formatted_result)
             end
+
+            private
+
+              def run_honeybadger_check
+                `yarn audit:honeybadger`
+              end
+
+              def create_issue(formatted_result)
+                formatted_result.drop(1).each do |result|
+                  repo = result[0].gsub("-production", "")
+                  audit_passed = result.last == "Yes"
+                  if !audit_passed
+                    comment = result[5]
+                    issue_url = GithubIssueCreation.new.create_issue(
+                      repo:, title: "Fix Honeybadger settings",
+                      description: comment)
+                    result[-1] += " #{issue_url}" if issue_url
+                  end
+                end
+              end
           end
         end
       end

data/lib/neetob/cli/monthly_audit/instances_and_addons/main.rb

@@ -24,12 +24,12 @@ module Neetob
             ui.success("## 3.2. Checking Cloudflare related configurations")
             ui.info "\n"
             Cloudflare::Main.new.run
+            # ui.info "\n"
+            # ui.success("## 3.3. Checking Cronitor related configurations")
+            # ui.info "\n"
+            # Cronitor::Main.new.run
             ui.info "\n"
-            ui.success("## 3.3. Checking Cronitor related configurations")
-            ui.info "\n"
-            Cronitor::Main.new.run
-            ui.info "\n"
-            ui.success("## 3.4. Checking Honeybadger related configurations")
+            ui.success("## 3.3. Checking Honeybadger related configurations")
             ui.info "\n"
             Honeybadger::Main.new.run
           end

data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/cloudfront_cdn_enabled.rb

@@ -57,23 +57,6 @@ module Neetob
 
                 apps_data << [app, asset_host_value, comments, audit_passed]
               end
-              Neetob::CLI::Sre::Base::APPS_LIST[:heroku].select { |app| app.include?("production") }.each do |app|
-                ui.info("Checking ASSET_HOST value for #{app}", print_to_audit_log: false)
-                config_vars_result = Neetob::CLI::Heroku::ConfigVars::List.new([app]).run[0]
-                asset_host_value = config_vars_result["ASSET_HOST"]
-                if asset_host_value.nil?
-                  audit_passed = "No"
-                  comments = "ASSET_HOST value not found."
-                else
-                  is_direct_cloudfront_asset_host = asset_host_value.include?("cloudfront.net")
-                  is_cdn_subdomain_asset_host = asset_host_value == "cdn.#{app.gsub("-web-production", "").gsub("-", "")}.com"
-                  audit_passed = is_direct_cloudfront_asset_host || is_cdn_subdomain_asset_host ? "Yes" : "No"
-                  if audit_passed == "No"
-                    comments = "ASSET_HOST value is not a Cloudfront CDN URL or a CDN subdomain URL."
-                  end
-                end
-                apps_data << [app, asset_host_value, comments, audit_passed]
-              end
               ui.print_table(apps_data)
             end
           end

data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/essential_environment_variables_set.rb

@@ -40,21 +40,6 @@ module Neetob
                 end
                 apps_data << [app, all_essential_env_variables_set, comments, audit_passed]
               end
-              Neetob::CLI::Sre::Base::APPS_LIST[:heroku].select { |app| app.include?("production") }.each do |app|
-                ui.info("Checking essential env variables for #{app}", print_to_audit_log: false)
-                essential_env_variables_result = Neetob::CLI::Sre::CheckEssentialEnv.new(app).run
-                all_essential_env_variables_set = essential_env_variables_result[:all_keys_present]
-                audit_passed = all_essential_env_variables_set ? "Yes" : "No"
-                repo = app.gsub("-production", "")
-                if audit_passed == "No"
-                  comments = "Missing keys: #{essential_env_variables_result[:missing_keys].join(", ")}"
-                  issue_url = GithubIssueCreation.new.create_issue(
-                    repo:, title: "Add missing essential environment variables",
-                    description: comments)
-                  audit_passed += " #{issue_url}"
-                end
-                apps_data << [app, all_essential_env_variables_set, comments, audit_passed]
-              end
               ui.print_table(apps_data)
             end
           end

data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/main.rb

@@ -3,7 +3,6 @@
 require_relative "ssl_certificates_over_thirty_days_from_expiry"
 require_relative "cloudfront_cdn_enabled"
 require_relative "essential_environment_variables_set"
-require_relative "auto_scaling_enabled"
 require_relative "scheduled_exports_enabled"
 
 module Neetob
@@ -23,8 +22,6 @@ module Neetob
               ui.info "\n"
               EssentialEnvironmentVariablesSet.new.run
               ui.info "\n"
-              AutoScalingEnabled.new.run
-              ui.info "\n"
               ScheduledExportsEnabled.new.run
             end
           end

data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/scheduled_exports_enabled.rb

@@ -12,7 +12,7 @@ module Neetob
             end
 
             def run
-              ui.success "### 3.1.5. Checking whether scheduled exports are enabled"
+              ui.success "### 3.1.4. Checking whether scheduled exports are enabled"
 
               apps_data = [["App", "Scheduled exports config", "Comments", "Audit Passed"]]
               ui.info("\n", print_to_audit_log: false)
@@ -28,9 +28,7 @@ module Neetob
                   audit_passed = "No"
                   comments = "You do not have permission to access the config for this app."
                 else
-                  scheduled_exports_config = scheduled_exports_result
-                    .gsub("\e[32m", "")
-                    .gsub("\e[0m", "")
+                  scheduled_exports_config = scheduled_exports_config = strip_ansi_codes(scheduled_exports_result)
                     .gsub("#{app}'s", "")
                     .strip
                   audit_passed = scheduled_exports_config.include?("turned on") ? "Yes" : "No"

data/lib/neetob/cli/monthly_audit/instances_and_addons/neeto_deploy_or_heroku/ssl_certificates_over_thirty_days_from_expiry.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative "../../github_issue_creation"
+require "httparty"
 
 module Neetob
   class CLI
@@ -26,6 +27,7 @@ module Neetob
             def initialize
               super()
               @resolver = Resolv::DNS.new
+              @all_flagged_certificates = []
             end
 
             def run
@@ -38,61 +40,80 @@ module Neetob
                 audit_passed = nil
                 comments = nil
                 certificates_expiring_in_less_than_30_days = "No"
+
                 if certificates_status.is_a?(Hash) && certificates_status["error"] == "Forbidden"
                   audit_passed = "No"
                   comments = "You do not have permission to access the certificates for this app."
                 else
-                  certificates_to_be_flagged = certificates_status.select { |certificate|
+                  current_app_flagged_certificates = certificates_status.select { |certificate|
                     certificate["expires_before_30_days"] &&
-                    (certificate["domains"] || []).map {
-                      |domain| domain["hostname"]
-                    }.any? { |domain| should_flag_domain?(domain) }
+                      (certificate["domains"] || []).map { |domain| domain["hostname"] }
+                        .any? { |domain| should_flag_domain?(domain) }
                   }
-                  audit_passed = certificates_to_be_flagged.empty? ? "Yes" : "No"
+                  audit_passed = current_app_flagged_certificates.empty? ? "Yes" : "No"
                   certificates_expiring_in_less_than_30_days = "Yes" if audit_passed == "No"
+
                   if audit_passed == "No"
-                    certificates_failing_audit = certificates_to_be_flagged.map { |certificate|
+                    @all_flagged_certificates.concat(current_app_flagged_certificates)
+                    current_app_failing_certificates = current_app_flagged_certificates.map { |certificate|
                       "#{certificate["name"]}(#{certificate["domains"].map { |domain| domain["hostname"] }.join(", ")})"
                     }
-                    comments = "Certificates #{certificates_failing_audit.join(", ")} are expiring in less than 30 days."
-                    repo = app.gsub("-production", "")
-                    issue_url = GithubIssueCreation.new.create_issue(
-                      repo:, title: "SSL certificates over 30 days from expiry",
-                      description: comments)
-                    audit_passed += " #{issue_url}"
+                    comments = "Certificates #{current_app_failing_certificates.join(", ")} are expiring in less than 30 days."
                   end
                 end
+
                 apps_data << [app, certificates_expiring_in_less_than_30_days, comments, audit_passed]
               end
-              Neetob::CLI::Sre::Base::APPS_LIST[:heroku].select { |app| app.include?("production") }.each do |app|
-                ui.info("Checking Certificates status for #{app}", print_to_audit_log: false)
-                certificates_status = Neetob::CLI::Heroku::Certs.new(app).run
-                certificates_expiring_in_less_than_30_days = certificates_status.select { |certificate| DateTime.parse(certificate[:expires]) <= 32.days.from_now }
-                comments = nil
-                audit_passed = "No"
-                certificates_expiring_in_less_than_30_days_present = "No"
-                if certificates_expiring_in_less_than_30_days.empty?
-                  audit_passed = "Yes"
-                else
-                  comments = "Certificates #{certificates_expiring_in_less_than_30_days.map { |certificate| certificate[:name] }.join(", ")} are expiring in less than 30 days."
-                  repo = app.gsub("-production", "")
-                  issue_url = GithubIssueCreation.new.create_issue(
-                    repo:, title: "Renew SSL certificates expiring in less than 30 days",
-                    description: comments)
-                  audit_passed += " #{issue_url}"
-                  certificates_expiring_in_less_than_30_days_present = "Yes"
+
+              if @all_flagged_certificates.any?
+                # categorize the certificates into bigbinary domains and custom domains
+                custom_domains = fetch_custom_domains.map { |domain| domain["hostname"] }
+                bigbinary_domains = Neetob::CLI::Cloudflare::Base::ZONE_IDS.keys.select { |domain| domain.to_s.include?(".com") }
+
+                flagged_by_category = {
+                  bigbinary: select_flagged_by_domains(bigbinary_domains),
+                  custom: select_flagged_by_domains(custom_domains)
+                }
+
+                issue_urls = []
+
+                unless flagged_by_category[:bigbinary].empty?
+                  repo = "neeto-deploy-web"
+                  comments = "Bigbinary domains SSL #{failing_comments(flagged_by_category[:bigbinary])}"
+                  issue_urls << GithubIssueCreation.new.create_issue(
+                    repo:,
+                    title: "SSL certificates over 30 days from expiry",
+                    description: comments
+                  )
                 end
-                apps_data << [app, certificates_expiring_in_less_than_30_days_present, comments, audit_passed]
+
+                unless flagged_by_category[:custom].empty?
+                  repo = "neeto-custom-domains-nano"
+                  comments = failing_comments(flagged_by_category[:custom])
+                  issue_urls << GithubIssueCreation.new.create_issue(
+                    repo:,
+                    title: "Custom domains SSL certificates over 30 days from expiry",
+                    description: comments
+                  )
+                end
+
+                ui.info("Issue created: #{issue_urls.join('<br>')}") if issue_urls.any?
               end
               ui.print_table(apps_data)
             end
 
             private
 
+              def fetch_custom_domains
+                headers = { "Authorization" => "Bearer #{ENV["NEETO_TOWER_AUTH_TOKEN"]}" }
+                response = HTTParty.get("https://ops.neetotower.com/api/v1/public/custom_domains", headers:)
+                response.parsed_response["domains"] || []
+              end
+
               def should_flag_domain?(hostname)
                 valid_dns_configuration?(hostname) &&
-                !points_to_heroku?(hostname) &&
-                !DOMAINS_AUTO_RENEWED.include?(hostname)
+                  !points_to_heroku?(hostname) &&
+                  !DOMAINS_AUTO_RENEWED.include?(hostname)
               end
 
               def points_to_heroku?(hostname)
@@ -101,7 +122,7 @@ module Neetob
                   cname_records.any? { |record| record.name.to_s.include?(HEROKU_DNS_TARGET) }
                 end
               rescue Resolv::ResolvError, Timeout::Error => e
-                ui.error("Heroku DNS resolution failed for #{hostname}: #{e.message}")
+                ui.error("Heroku DNS resolution failed for #{hostname}: #{e.message}", print_to_audit_log: false)
                 false
               end
 
@@ -121,13 +142,25 @@ module Neetob
                   false
                 end
               rescue Resolv::ResolvError, Timeout::Error => e
-                ui.error("Neetodeploy DNS resolution failed for #{hostname}: #{e.message}")
+                ui.error("Neetodeploy DNS resolution failed for #{hostname}: #{e.message}", print_to_audit_log: false)
                 false
               end
 
               def root_level_domain?(hostname)
                 hostname.split(".").length == 2
               end
+
+              def select_flagged_by_domains(domains)
+                @all_flagged_certificates.select do |cert|
+                  cert["domains"].any? { |d| domains.include?(d["hostname"]) }
+                end
+              end
+
+              def failing_comments(certificates)
+                "Certificates #{certificates.map { |certificate|
+                  "#{certificate["name"]}(#{certificate["domains"].map { |domain| domain["hostname"] }.join(", ")})"
+                }.join(", ")} are expiring in less than 30 days."
+              end
           end
         end
       end

data/lib/neetob/cli/monthly_audit/misc/main.rb

@@ -15,7 +15,7 @@ module Neetob
           def run
             ui.success("# 4. Running miscellaneous checks")
             ui.info "\n"
-            ui.success("## 4.1. [Manual] Checking whether we are using Sparkpost sub-account for all the apps")
+            ui.success("## 4.1. Checking whether we are using Sparkpost sub-account for all the apps")
             SparkpostSubAccountUsedForAllApps.new.run
             ui.info "\n"
             ui.success("## 4.2. Checking whether redirections are set correctly")

data/lib/neetob/cli/monthly_audit/misc/sparkpost_sub_account_used_for_all_apps.rb

@@ -12,25 +12,31 @@ module Neetob
           end
 
           def run
-            repo_data = [["App",
-"SPARKPOST_PASSWORD env variable first 4 characters same as corresponding sub-account in Sparkpost dashboard", "Comments", "Audit Passed"]]
-            ui.info "\n"
-            ui.info "#### Please manually check and add Yes/No for all the following checks:"
-            ui.info "- Get the first 4 characters of the SPARKPOST_PASSWORD environment variable for the app"
-            ui.info "- Go to https://app.sparkpost.com/account/api-keys"
-            ui.info "- Match the first 4 characters against the API keys values"
-            ui.info "- Verify that the API key belongs to the subaccount for same app. Accordingly add Yes/No in the 2nd column"
-            ui.info "- Finally, set Audit Passed as Yes only if the last check passed, otherwise set it as No and add a comment in the Comments column"
-            ui.info "\n"
-            NeetoCompliance::NeetoRepos.products.keys.each do |repo|
-              repo_data << (
-                APPS_TO_IGNORE.include?(repo) ?
-                [repo, "No", "App ignored from this check", "Ignored"] :
-                [repo, nil, nil, nil]
-              )
-            end
-            ui.print_table(repo_data)
+            result = run_sparkpost_check
+            formatted_result = extract_json_array_from_output(result)
+            create_issue(formatted_result)
+            ui.print_table(formatted_result)
           end
+
+          private
+
+            def run_sparkpost_check
+              `yarn audit:sparkpost`
+            end
+
+            def create_issue(formatted_result)
+              formatted_result.drop(1).each do |result|
+                repo = result[0]
+                audit_passed = result.last == "Yes"
+                if !audit_passed
+                  comment = result[2]
+                  issue_url = GithubIssueCreation.new.create_issue(
+                    repo:, title: "Fix Sparkpost sub-account",
+                    description: comment)
+                  result[-1] += " #{issue_url}" if issue_url
+                end
+              end
+            end
         end
       end
     end

data/lib/neetob/cli/monthly_audit/security/code/active_record_doctor.rb

@@ -25,8 +25,8 @@ module Neetob
                   comments = nil
                 else
                   issues_found = "Yes"
-                  comments = "#{active_record_doctor_run_result.lines.first.strip} ..."
-
+                  preview = active_record_doctor_run_result.lines.first(5).map(&:strip).reject(&:empty?).join("<br>")
+                  comments = "#{preview} ... <br> (run `bundle exec rake active_record_doctor` in #{repo} to see all issues)"
                   issue_url = GithubIssueCreation.new.create_issue(
                     repo:, title: "Fix issues reported by active_record_doctor",
                     description: comments)

data/lib/neetob/cli/monthly_audit/security/code/brakeman.rb

@@ -14,23 +14,26 @@ module Neetob
               ui.success("### 1.1.3. Checking whether running `bundle exec brakeman` throws any vulnerabilities")
               repo_data = [["Repository", "Vulnerabilities Found", "Comments", "Audit Passed"]]
               ui.info "\n"
-              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+              products_and_nanos_repos(:backend).each do |repo|
                 ui.info("Checking Brakeman run results for #{repo}", print_to_audit_log: false)
                 brakeman_run_result = Neetob::CLI::Github::Brakeman.new([repo]).run
                 vulnerabilities_found = "No"
                 audit_passed = "No"
                 comments = nil
-                if brakeman_run_result && brakeman_run_result.include?("No warnings found")
+                if brakeman_run_result.nil? || brakeman_run_result.include?("No warnings found")
                   audit_passed = "Yes"
                 else
                   vulnerabilities_found = "Yes"
                   comments = brakeman_run_result.gsub("\n", "<br>")
-
+                  issue_description = comments.split("== Warnings ==").last + " ... <br><br> (run `bundle exec brakeman` in #{repo} to see all issues)"
                   issue_url = GithubIssueCreation.new.create_issue(
                     repo:, title: "Fix vulnerabilities reported by Brakeman",
-                    description: comments)
+                    description: issue_description)
                   audit_passed += " #{issue_url}"
                 end
+                unless comments.nil?
+                  comments = comments.split("<br>").last(7).join("<br>") + " ..."
+                end
                 repo_data << [repo, vulnerabilities_found, comments, audit_passed]
               end
               ui.print_table(repo_data)

data/lib/neetob/cli/monthly_audit/security/code/bundle_audit.rb

@@ -17,18 +17,19 @@ module Neetob
               repo_data = [["Repository", "Vulnerabilities Found", "Comments", "Audit Passed"]]
               ui.info "\n"
               last_comment = nil
-              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+              products_and_nanos_repos(:backend).each do |repo|
                 ui.info("Checking bundle audit run results for #{repo}", print_to_audit_log: false)
                 bundle_audit_result = Neetob::CLI::Github::BundleAudit.new([repo]).run
                 vulnerabilities_found = "No"
                 audit_passed = "No"
                 comments = nil
-                if bundle_audit_result && bundle_audit_result.include?("No vulnerabilities found")
+                if bundle_audit_result.nil? || bundle_audit_result.include?("No vulnerabilities found")
                   audit_passed = "Yes"
                 else
 
                   vulnerabilities_found = "Yes"
-                  comments = bundle_audit_result.gsub("\n", "<br>").gsub("~", "\\~")
+                  formatted_result = bundle_audit_result.gsub("\n", "<br>").gsub("~", "\\~")
+                  comments = formatted_result.split("<br><br>").first(3).map { |comment| parse_advisory_block(comment) }.join("<br><br>") + " ... <br><br> (run `bundle-audit check` in #{repo} to see all issues)"
                   issue_url = GithubIssueCreation.new.create_issue(
                     repo:, title: "Fix vulnerabilities reported by bundle-audit",
                     description: comments)
@@ -39,10 +40,18 @@ module Neetob
                     comments = "''"
                   end
                 end
-                repo_data << [repo, vulnerabilities_found, comments, audit_passed]
+                table_comments = comments.nil? ? nil : comments.split("<br>").first(3).join("<br>") + " ..."
+                repo_data << [repo, vulnerabilities_found, table_comments, audit_passed]
               end
               ui.print_table(repo_data)
             end
+
+            private
+
+              def parse_advisory_block(block)
+                keys = ["Name:", "Version:", "CVE:", "Title:", "Solution:"]
+                block.split("<br>").select { |line| keys.any? { |key| line.strip.start_with?(key) } }.join("<br>")
+              end
           end
         end
       end

data/lib/neetob/cli/monthly_audit/security/code/fasterer.rb

@@ -17,13 +17,13 @@ module Neetob
               ui.success("### 1.1.6. Checking whether running `bundle exec fasterer` give any suggestions")
               repo_data = [["Repository", "Optimizations needed", "Comments", "Audit Passed"]]
               ui.info "\n"
-              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+              products_and_nanos_repos(:backend).each do |repo|
                 ui.info("Checking Fasterer run results for #{repo}", print_to_audit_log: false)
                 fasterer_exec_result = Neetob::CLI::Github::FastererAudit.new([repo]).run
                 optimizations_needed = "No"
                 audit_passed = "No"
                 comments = nil
-                if fasterer_exec_result.include?("0 offenses detected")
+                if fasterer_exec_result.nil? || fasterer_exec_result.include?("0 offenses detected")
                   audit_passed = "Yes"
                   comments = "Vulnerabilities not detected"
                 else

data/lib/neetob/cli/monthly_audit/security/code/yarn_audit.rb

@@ -16,7 +16,7 @@ module Neetob
               ui.success("### 1.1.2. Checking whether running `yarn audit` throws any vulnerabilities")
               repo_data = [["Repository", "Vulnerabilities Found", "Comments", "Audit Passed"]]
               ui.info "\n"
-              NeetoCompliance::NeetoRepos.products.keys.each do |repo|
+              products_and_nanos_repos(:frontend).each do |repo|
                 ui.info("Checking yarn audit run results for #{repo}", print_to_audit_log: false)
                 yarn_audit_result = Neetob::CLI::Github::YarnAudit.new([repo]).run
                 vulnerabilities_found = "No"

data/lib/neetob/cli/monthly_audit/security/github/dependabot_prs_merged.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require_relative "../../../github/repositories/pull_requests"
-require_relative "../../github_issue_creation"
 
 module Neetob
   class CLI
@@ -32,14 +31,30 @@ module Neetob
                 dependabot_prs_older_than_2_days_merged = "No"
                 audit_passed = "No"
                 comments = nil
+                pr_urls = []
+
                 if dependabot_prs_older_than_2_days.empty?
                   audit_passed = dependabot_prs_older_than_2_days_merged = "Yes"
                 else
                   comments = "PRs older than 2 days: #{dependabot_prs_older_than_2_days.map { |pr| pr[:number] }.join(', ')}"
-                  issue_url = GithubIssueCreation.new.create_issue(
-                    repo:, title: "Merge Dependabot PRs older than 2 days",
-                    description: comments)
-                  audit_passed += " #{issue_url}"
+
+                  # Add comments to each Dependabot PR and collect URLs
+                  pull_requests_client = Neetob::CLI::Github::Repositories::PullRequests.new([repo])
+                  dependabot_prs_older_than_2_days.each do |pr|
+                    comment_body = "⚠️ **Monthly Audit Alert** ⚠️\n\n" \
+                                  "This Dependabot PR has been open for more than 2 days. " \
+                                  "Please review and merge this PR to keep dependencies up to date.\n\n" \
+                                  "*This comment was automatically added by the monthly security audit.*"
+
+                    assignees = [Neetob::CLI::Github::Repositories::TeamLeads.team_lead_for(repo)]
+
+                    pr_url = pull_requests_client.add_comment_to_pr(
+                      prefix_org_name([repo]).first, pr[:number],
+                      comment_body, assignees)
+                    pr_urls << pr_url if pr_url
+                  end
+
+                  audit_passed = "No #{pr_urls.join(', ')}"
                 end
                 repo_data << [repo, dependabot_prs_older_than_2_days_merged, comments, audit_passed]
               end