{"id":34846590,"url":"https://github.com/fritterhoff/vulnerability-bot","last_synced_at":"2026-04-27T04:32:38.474Z","repository":{"id":64305420,"uuid":"446003975","full_name":"fritterhoff/vulnerability-bot","owner":"fritterhoff","description":"Small bot to automate vulnerability updates in GitLab","archived":false,"fork":false,"pushed_at":"2022-02-08T06:59:30.000Z","size":134,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-27T03:40:13.860Z","etag":null,"topics":["ci","gitlab","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fritterhoff.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-01-09T05:41:03.000Z","updated_at":"2022-02-01T09:41:25.000Z","dependencies_parsed_at":"2023-01-15T10:30:27.618Z","dependency_job_id":null,"html_url":"https://github.com/fritterhoff/vulnerability-bot","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/fritterhoff/vulnerability-bot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fritterhoff%2Fvulnerability-bot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fritterhoff%2Fvulnerability-bot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fritterhoff%2Fvulnerability-bot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fritterhoff%2Fvulnerability-bot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fritterhoff","download_url":"https://codeload.github.com/fritterhoff/vulnerability-bot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fritterhoff%2Fvulnerability-bot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32323213,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","gitlab","security"],"created_at":"2025-12-25T18:15:50.445Z","updated_at":"2026-04-27T04:32:38.459Z","avatar_url":"https://github.com/fritterhoff.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vulnerability Bot for Gitlab\r\nSmall bot to automate vulnerability patches in GitLab\r\n\r\nSince keeping docker images up-to-date can be quite cumberstone this little bot was developed. It can be integrated into the GitLab CI and creates a merge request in case of some outstanding (automatic) patches.\r\n\r\nTherefore, a new image should be built without using cached data. This image can be compared afterwards to an existing image. In case of vulnerabilities in the old image that are fixed in the new image the merge request is created and the provided dockerfile gets automatically patched. This is done by adding a comment after each `FROM` line so the caches get missed.\r\n\r\n## Usage\r\n\r\n```\r\nUsage:\r\n  vulnerability-bot handle [flags]\r\n\r\nFlags:\r\n      --assign string   user to assign the MR to\r\n  -h, --help            help for handle\r\n      --new string      new image (may be path or image spec)\r\n      --old string      old image (may be path or image spec)\r\n      --path string     path to patch\r\n      --source string   source branch of the MR\r\n      --target string   target branch of the MR\r\n  -t, --title string    title of the MR\r\n\r\nGlobal Flags:\r\n      --host string      gitlab host\r\n      --project string   project id or name\r\n      --token string     gitlab token\r\n  -v, --verbose          verbose output\r\n```\r\n\r\n## Example\r\n\r\n```.yaml\r\nbuild:\r\n  stage: build\r\n  image:\r\n    name: gcr.io/kaniko-project/executor:debug\r\n    entrypoint: [\"\"]\r\n  rules:\r\n    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH \u0026\u0026 '$CI_PIPELINE_SOURCE == \"push\"'\r\n  script:\r\n    - mkdir -p /kaniko/.docker\r\n    - echo \"{\\\"auths\\\":{\\\"${CI_REGISTRY}\\\":{\\\"auth\\\":\\\"$(printf \"%s:%s\" \"${CI_REGISTRY_USER}\" \"${CI_REGISTRY_PASSWORD}\" | base64 | tr -d '\\n')\\\"}}}\" \u003e /kaniko/.docker/config.json\r\n    - /kaniko/executor --context \"${CI_PROJECT_DIR}/\" --dockerfile \"${CI_PROJECT_DIR}/Dockerfile\" --destination \"${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}\" --destination \"${CI_REGISTRY_IMAGE}:latest\" --cache=true\r\n\r\nbuild:on-schedule:\r\n  stage: build\r\n  image:\r\n    name: gcr.io/kaniko-project/executor:debug\r\n    entrypoint: [\"\"]\r\n  rules:\r\n    - if: $CI_PIPELINE_SOURCE == \"schedule\"\r\n  script:\r\n    - mkdir -p $CI_PROJECT_DIR/artifacts\r\n    - /kaniko/executor --force --context \"${CI_PROJECT_DIR}\" --dockerfile \"${CI_PROJECT_DIR}/Dockerfile\" --destination=image --tarPath artifacts/image.tar.gz --no-push\r\n  artifacts:\r\n    paths:\r\n      - artifacts/\r\n\r\ntest_fix:\r\n  stage: test\r\n  image:\r\n    name: ghcr.io/fritterhoff/vulnerability-bot:latest\r\n    entrypoint: [\"\"]\r\n  script:\r\n    - export TRIVY_USERNAME=${CI_REGISTRY_USER}\r\n    - export TRIVY_PASSWORD=${CI_REGISTRY_PASSWORD}\r\n    - /vulnerability-bot --host \"$CI_SERVER_URL\" \r\n                        --project $CI_PROJECT_ID \r\n                        --token \"**TOKEN**\" \r\n                        handle \r\n                        -t \"Vulnerability patch\" \r\n                        --old ${CI_REGISTRY_IMAGE}:latest \r\n                        --new artifacts/image.tar.gz \r\n                        --path \"Dockerfile\"\r\n                        --source \"fix\" --target \"main\"\r\n  rules:\r\n    - if: $CI_PIPELINE_SOURCE == \"schedule\"\r\n\r\n\r\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffritterhoff%2Fvulnerability-bot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffritterhoff%2Fvulnerability-bot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffritterhoff%2Fvulnerability-bot/lists"}