{"id":15755275,"url":"https://github.com/hmarr/advisories-analysis","last_synced_at":"2025-03-31T08:16:15.160Z","repository":{"id":66955397,"uuid":"556798447","full_name":"hmarr/advisories-analysis","owner":"hmarr","description":"Analysing the GitHub Advisory Database with sqlite and pandas","archived":false,"fork":false,"pushed_at":"2022-10-24T14:34:14.000Z","size":44,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-06T12:32:41.289Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hmarr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-24T14:32:25.000Z","updated_at":"2023-02-01T22:01:28.000Z","dependencies_parsed_at":"2023-02-23T00:46:12.194Z","dependency_job_id":null,"html_url":"https://github.com/hmarr/advisories-analysis","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmarr%2Fadvisories-analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmarr%2Fadvisories-analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmarr%2Fadvisories-analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmarr%2Fadvisories-analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hmarr","download_url":"https://codeload.github.com/hmarr/advisories-analysis/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246436380,"owners_count":20776995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-04T08:21:03.188Z","updated_at":"2025-03-31T08:16:15.132Z","avatar_url":"https://github.com/hmarr.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Advisory Database Analysis\n\nScripts for performing analysis on the GitHub Advisory Database.\n\n## Building a sqlite database of GHSAs\n\nThe public [GitHub Advisory Database](https://github.com/github/advisory-database) is a repo with 180k+ JSON files, which is not very easy to work with. This repo contains a script to download the data, and a small Rust program to build a sqlite database of the GHSAs, which is much easier to work with.\n\nNote: you'll need a recent version of Rust installed to import the data.\n\n1. Download the data by running `./download-data.sh`. This will download the GHSA OSV-formatted JSON files to `data/advisory-database-main`.\n2. Build the sqlite database by running `cargo run --release`. The database will be written to `data/advisory-database.db`.\n\nHere's the schema for the database:\n\n```sql\nCREATE TABLE advisories (\n  ghsa TEXT PRIMARY KEY,\n  modified TEXT NOT NULL,\n  published TEXT,\n  withdrawn TEXT,\n  cve TEXT,\n  ecosystems TEXT,\n  summary TEXT,\n  details TEXT,\n  severity TEXT,\n  cwes TEXT\n);\nCREATE TABLE affected_packages (\n  ghsa TEXT,\n  name TEXT NOT NULL,\n  ecosystem TEXT NOT NULL,\n  ranges TEXT,\n  versions TEXT\n);\n```\n\n## Analysis notebook\n\nThe `analysis.ipynb` notebook contains some basic analysis of the data, and should serve as a good starting point for anyone who wants to dig into the data. You'll need pandas, matplotlib, and jupyter (or the notebook plugin for vscode) installed to run the notebook.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhmarr%2Fadvisories-analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhmarr%2Fadvisories-analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhmarr%2Fadvisories-analysis/lists"}