Skip to content

Support for Dependabot commands#41

Merged
jboursier-mwb merged 18 commits intomainfrom
dependabot_alerts
Mar 19, 2024
Merged

Support for Dependabot commands#41
jboursier-mwb merged 18 commits intomainfrom
dependabot_alerts

Conversation

@jboursier-mwb
Copy link
Copy Markdown
Collaborator

@jboursier-mwb jboursier-mwb commented Oct 20, 2022
edited
Loading

Closes #102

  • list alerts: dependabot get_alerts
  • export dependencies: dependabot get_dependencies
  • export dependencies for an entire org: mass dependencies
  • export a repository topics: repositories get_topics
  • export an organization topics: mass topics

New page: https://github.com/Malwarebytes/ghas-cli/wiki/Export-dependencies-for-a-repository

@jboursier-mwb
Initial support for Dependabot commands
9f5aaa6 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
@jboursier-mwb jboursier-mwb added documentation Improvements or additions to documentation enhancement New feature or request labels Oct 20, 2022
@jboursier-mwb jboursier-mwb self-assigned this Oct 20, 2022
@jboursier-mwb
Fixes
0a7af42 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
@jboursier-mwb
Support multiple repositories to be passed on the CLI
6a5ddcf 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems Oct 21, 2022
View reviewed changes
@jboursier-mwb
Merge branch 'main' into dependabot_alerts
15e1cff 
Signed-off-by: jboursier-mwb <jboursier@malwarebytes.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems May 24, 2023
View reviewed changes
@jboursier-mwb
Support exporting SBOM in various formats
4007fa4 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems May 24, 2023
View reviewed changes
@jboursier-mwb
Rename Dependabot group commands
8f28b14 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
@jboursier-mwb
Fix typo
dedbc1b 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
@jboursier-mwb
Remove unused import
3188684 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
@jboursier-mwb jboursier-mwb marked this pull request as draft May 26, 2023 18:32
ghost
ghost reviewed May 26, 2023
View reviewed changes
Sophie and others added 7 commits June 1, 2023 22:57
Merge branch 'main' into dependabot_alerts
a2cf402
@jboursier-mwb
Merge branch 'main' into dependabot_alerts
45f2cc4
@jboursier-mwb
Fix the license fetching logic for sbom CSV export
4a0e793 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
@jboursier-mwb
Merge branch 'dependabot_alerts' of github.com:Malwarebytes/ghas-cli …
b8f1167 
…into dependabot_alerts
@jboursier-mwb
Support exporting topics from repositories.
afbc75d 
Support mass export of dependencies

Signed-off-by: jboursier <jboursier@malwarebytes.com>
@jboursier-mwb
Fix passed credentials for the get_topics function
0a2fb76 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
@jboursier-mwb
Support mass export of dependencies for an org
cd4d6a2 
Signed-off-by: jboursier <jboursier@malwarebytes.com>
@jboursier-mwb jboursier-mwb marked this pull request as ready for review March 18, 2024 16:31
@jboursier-mwb jboursier-mwb changed the title Initial support for Dependabot commands Support for Dependabot commands Mar 19, 2024
github-advanced-security[bot]
github-advanced-security AI found potential problems Mar 19, 2024
View reviewed changes
src/ghas_cli/utils/dependabot.py
license = "Unknown"
try:
license = dep['licenseConcluded']
except:

Check notice

Code scanning / CodeQL

Except block handles 'BaseException'

Except block directly handles BaseException.
src/ghas_cli/utils/dependabot.py
except:
try:
license = dep['licenseDeclared']
except:

Check notice

Code scanning / CodeQL

Except block handles 'BaseException'

Except block directly handles BaseException.
src/ghas_cli/utils/dependabot.py Outdated
elif "csv" == format:
deps = ""
for dep in dependencies.json()["sbom"]["packages"]:
license = "Unknown"

Check warning

Code scanning / CodeQL

Variable defined multiple times

This assignment to 'license' is unnecessary as it is [redefined](1) before this value is used. This assignment to 'license' is unnecessary as it is [redefined](2) before this value is used. This assignment to 'license' is unnecessary as it is [redefined](3) before this value is used.
@jboursier-mwb
Update dependabot.py
185dfcb 
Signed-off-by: jboursier-mwb <jboursier@malwarebytes.com>
@jboursier-mwb
Do not sleep twice when hitting the rate limit
d08e439 
Signed-off-by: jboursier-mwb <jboursier@malwarebytes.com>
@jboursier-mwb jboursier-mwb merged commit 4fe1c72 into main Mar 19, 2024
github-advanced-security[bot]
github-advanced-security AI found potential problems Mar 19, 2024
View reviewed changes
src/ghas_cli/utils/dependabot.py
from typing import List
import requests
import json
import time

Check notice

Code scanning / CodeQL

Unused import

Import of 'time' is not used.
@ghost ghost deleted the dependabot_alerts branch July 26, 2024 00:10
@ghost ghost restored the dependabot_alerts branch July 26, 2024 00:11
@ghost ghost deleted the dependabot_alerts branch July 26, 2024 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
Reviewers whose approvals may not affect merge requirements

Assignees

@jboursier-mwb jboursier-mwb

Labels

documentation Improvements or additions to documentation enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Export list of dependencies for an entire organization

2 participants

@jboursier-mwb @github-advanced-security