{"id":20354548,"url":"https://github.com/pluralsight/blackcat","last_synced_at":"2025-05-08T05:31:28.545Z","repository":{"id":52300055,"uuid":"218144036","full_name":"pluralsight/BlackCat","owner":"pluralsight","description":"Centralized reporting on GitHub dependency scanning outputs","archived":true,"fork":false,"pushed_at":"2023-07-25T16:47:38.000Z","size":102,"stargazers_count":4,"open_issues_count":5,"forks_count":3,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-03-29T07:11:37.223Z","etag":null,"topics":["dependencies","dependency-analysis","devsecops","github","security","security-automation","security-scanner","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pluralsight.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-28T20:58:22.000Z","updated_at":"2024-11-19T16:47:18.000Z","dependencies_parsed_at":"2023-01-24T17:20:14.454Z","dependency_job_id":null,"html_url":"https://github.com/pluralsight/BlackCat","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pluralsight%2FBlackCat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pluralsight%2FBlackCat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pluralsight%2FBlackCat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pluralsight%2FBlackCat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pluralsight","download_url":"https://codeload.github.com/pluralsight/BlackCat/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253008767,"owners_count":21839699,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dependencies","dependency-analysis","devsecops","github","security","security-automation","security-scanner","static-analysis"],"created_at":"2024-11-14T23:08:59.474Z","updated_at":"2025-05-08T05:31:28.182Z","avatar_url":"https://github.com/pluralsight.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BlackCat\n🐈🎃 _Dependencies can be spooky!_ 🎃🐈  \n  \n![](https://img.shields.io/github/v/tag/pluralsight/blackcat?color=%2300CC00\u0026label=Latest%20Git%20Tag\u0026style=flat-square) \n![](https://img.shields.io/docker/pulls/pssecops/blackcat?label=Docker%20Pulls\u0026style=flat-square)\n\nBlackCat is a tool for the centralization of github dependency scanning outputs, mainly through output to splunk, which allows for\nbetter tracking and reporting at an organizational level using GitHub's dependency scanning functionality.\n## Setup and Installation\n### Configuration\nBefore you begin, There's a few pieces of information blackcat needs:  \n1. A github token for accessing dependencies. This will require `read:org` and `repo` \npermissions on an account with visibility to your security vulnerabilities (likely an admin).\n2. (Optional) A token for splunks' HTTP Event Collectors (HECs)\n  \nYou should put these two items in the config.yml(see config.example.yml for reference) file, along with any other additional options\nIf you're using kubernetes, put these values in `k8s/secrets.yml` instead.\n\n### Deployment Info   \n\nNow that you've configured BlackCat, it can be deployed in a few ways:\n1. Using pythons' pipenv\n2. Using Docker\n3. Using kubernetes\n\n#### Using Pipenv\n1. Install pipenv: `pip install pipenv`\n2. Install the dependencies (from within the project directory): `pipenv install`\n3. Run the enable command (will enable dependency scans organization-wide, may be noisy):   \n`pipenv run python blackcat/main.py --enable`\n3. Run: `pipenv run python blackcat/main.py`\n\n#### Using Docker\n1. Install docker\n2. Build the image using `docker build -t blackcat:latest .`\n3. Run the enable command (will enable dependency scans organization-wide, may be noisy):  \n   `docker run blackcat:latest --enable`\n4. Run the main command `docker run blackcat:latest`\n\n#### Using Kubernetes\n_This assumes a basic knowledge of kubernetes, as well as an existing cluster and registry._\n1. Go through the steps described in the `Using Docker` section above and publish that image to your container registry \n2. Modify `k8s-cron.spec` to run at whatever interval you want (Defaults to every day at 15:00:00)\n3. Put your secrets in `secrets.yml` ([More Info](https://kubernetes.io/docs/concepts/configuration/secret/))\n4. Run `kubectl apply -f  ./k8s/secrets.yml`\n5. Run `kubectl create -f ./k8s/k8s-cron.spec`\n5. Run `kubectl create -f ./k8s/enabler-cron.spec`\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpluralsight%2Fblackcat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpluralsight%2Fblackcat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpluralsight%2Fblackcat/lists"}