{"id":16167710,"url":"https://github.com/jlleitschuh/security-checklist-transformer","last_synced_at":"2025-04-07T06:15:47.969Z","repository":{"id":49970491,"uuid":"219823789","full_name":"JLLeitschuh/security-checklist-transformer","owner":"JLLeitschuh","description":"Sqreen Security Checklist Transformer \u0026 Uploader","archived":false,"fork":false,"pushed_at":"2021-06-07T12:52:22.000Z","size":858,"stargazers_count":27,"open_issues_count":1,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-13T10:21:37.057Z","etag":null,"topics":["security","security-checklists","security-plan","security-tools"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JLLeitschuh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security-checklist-transformer.gradle.kts","support":null}},"created_at":"2019-11-05T18:30:05.000Z","updated_at":"2024-08-13T05:59:37.000Z","dependencies_parsed_at":"2022-08-27T06:12:03.196Z","dependency_job_id":null,"html_url":"https://github.com/JLLeitschuh/security-checklist-transformer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JLLeitschuh%2Fsecurity-checklist-transformer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JLLeitschuh%2Fsecurity-checklist-transformer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JLLeitschuh%2Fsecurity-checklist-transformer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JLLeitschuh%2Fsecurity-checklist-transformer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JLLeitschuh","download_url":"https://codeload.github.com/JLLeitschuh/security-checklist-transformer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247601445,"owners_count":20964865,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security","security-checklists","security-plan","security-tools"],"created_at":"2024-10-10T03:09:11.174Z","updated_at":"2025-04-07T06:15:47.865Z","avatar_url":"https://github.com/JLLeitschuh.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Security Checklist Transformer\n\nUtility application for taking the absolutely awesome Security checklists from [Sqreen](https://www.sqreen.com/),\nconverting the HTML into markdown and uploading them into your ticketing system.\n\nChecklists Supported:\n - [SaaS CTO Security Checklist](https://www.sqreen.com/checklists/saas-cto-security-checklist)\n - [The Early Security Engineer’s First 90 Days Checklist](https://www.sqreen.com/checklists/security-engineer-checklist)\n\nOthers can be easily added as the HTML document structure for each of these checklists are pretty much the same.\n\n## Why\n\nWhen establishing a security plan for your company, you and your management will probably want to establish\nboth short and long term goals for your security team.\n\nYou may want to capture these \"User Stories\" in your companies tracking system.\nThe purpose of this tool is to simplify the import of these checklist items into your ticketing system\nalong with wiring each issue to the appropriate project board and adding the appropriate labels.\n\n## What does it look like?\n\nCurrently this uploader only works for GitHub (the use case I needed to support) but others could easily be added.\n\n![Security Roadmap Project Board](https://github.com/JLLeitschuh/security-checklist-transformer/raw/master/media/result-project.png)\n\n## How do I use this project?\n\n### Building\n\nTo build the application, checkout the repository and run:\n```bash\n./gradlew install\n```\n\nYou can then execute the application from the root directory of this project with the following commands: \n```bash\n./subprojects/security-checklist-application/build/install/security-checklist-application/bin/security-checklist-application -h\n```\n\nThis will display the configuration options for how the various labels will be pre-processed before upload.\nI've made the defaults the way that I wanted them, and most of the defaults will probably be fine for you as well.\nRunning without a `COMMAND` will allow you to preview what the uploaded content will somewhat look like before upload.\n\nI also recommend running this against a throw-away repository before import into your production system.\n \n```\nUsage: checklisttransformer [OPTIONS] COMMAND [ARGS]...\n\nOptions:\n  --list-names TEXT             The names of the lists to use. Default:\n                                SaaS_CTO, SECURITY_ENGINEER\n  --capitalize-phase            Capitalize the phase names. Default: true\n  --capitalize-group            Capitalize the group names. Default: true\n  --prepend-list-name-to-phase  Prepend the list name to the phase. Default:\n                                true\n  --various-semantic-fixes      Apply other semantic fixes to the data.\n                                Default: true\n  --quote-body-text             Quote body text and cite source in issue body.\n                                Default: true\n  -h, --help                    Show this message and exit\n\nCommands:\n  github  Upload to GitHub\n```\n\nWhen run with the `github` command there are additional options for uploading to GitHub\n\n```\nUsage: checklisttransformer github [OPTIONS]\n\n  Upload to GitHub\n\nOptions:\n  --repo-owner TEXT    The owner of the repository\n  --repo-name TEXT     The name of the repository\n  --project-name TEXT  The name of the project board\n  -h, --help           Show this message and exit\n```\n\n### GitHub Authentication\n\nThis project uses [Kohsuke's GitHub API Project](https://github.com/github-api/github-api) to interact with the \nGitHub API. This library expects your credentials (ie. OAUTH Token) in a `~/.github` file.\n\nMore information [here](https://github-api.kohsuke.org/#Authentication).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjlleitschuh%2Fsecurity-checklist-transformer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjlleitschuh%2Fsecurity-checklist-transformer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjlleitschuh%2Fsecurity-checklist-transformer/lists"}