Skip to content

Latest commit

 

History

History
84 lines (55 loc) · 2.46 KB

README.md

File metadata and controls

84 lines (55 loc) · 2.46 KB

Audit Report

This tool generates a report of issues from dependency and supply chain vulnerabilities reported by Dependabot.

Asciidoc Setup

Asciidoc is a ruby project and depends on various ruby gems to make things work

I used the MacOS version and i followed the instructions on this link here

Set Up

Getting started with general prerequisites set up:

  1. Install ruby ≥ 2.3 see documentation

    brew intall ruby

    Recommended: Install ruby version using RVM (Ruby Version Manager)

    \curl -sSL https://get.rvm.io | bash -s stable --rails
  2. Install asciidoc see docs

    gem install asciidoc
  3. Install asciidoc-pdf see docs

    gem install asciidoc-pdf
  4. Install pygments

    pip install 'pygments[plugins]'

Auto-Generate Report from Dependabot alerts

  1. Set up Dependabot on project you are auditing

  2. Save results from to results.json

    gh api \
      -H "Accept: application/vnd.github+json" \
      -H "X-GitHub-Api-Version: 2022-11-28" \
      /repos/USER/REPO/dependabot/alerts >> results.json

    Common Errors: Bad Authentication, 401

    Go to Developer Settings and give Fine-grained tokens read and write access to Dependabot alerts

    • After updating dependabot access re-authenticate:
    gh auth refresh
    # Continue steps in browser and use the code generated in your terminal to authenticate, then do step 1 again
  3. Run formating command reads the json and converts it into .asciidoc format report:

    python3 main.py
  4. Convert .asciidoc report to .pdf with asciidoc-pdf:

    asciidoctor -r asciidoctor-pdf -b pdf report/README.adoc
  5. Include URI reference content see documentation

    asciidoctor -a allow-uri-read filename.adoc