{"id":29947903,"url":"https://github.com/underdog-tech/vulnbot","last_synced_at":"2025-10-25T17:45:10.246Z","repository":{"id":152749968,"uuid":"606612380","full_name":"underdog-tech/vulnbot","owner":"underdog-tech","description":"A tool for regularly querying vulnerabilities detected by 3rd party tools and reporting them back to your teams","archived":false,"fork":false,"pushed_at":"2024-04-19T12:16:06.000Z","size":449,"stargazers_count":23,"open_issues_count":16,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-04-19T13:36:03.934Z","etag":null,"topics":["bot","dependabot","github","hacktoberfest","reporting","slack","slack-bot","vulnerability-management","vulnerability-report"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/underdog-tech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-02-26T02:17:27.000Z","updated_at":"2024-04-19T13:36:10.273Z","dependencies_parsed_at":"2023-07-24T01:16:21.848Z","dependency_job_id":"6c47041c-6206-4a76-8085-5e648c312cbd","html_url":"https://github.com/underdog-tech/vulnbot","commit_stats":{"total_commits":219,"total_committers":6,"mean_commits":36.5,"dds":"0.26940639269406397","last_synced_commit":"9cfdf550b92e84eee7f175553c962764a4f28393"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/underdog-tech/vulnbot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/underdog-tech%2Fvulnbot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/underdog-tech%2Fvulnbot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/underdog-tech%2Fvulnbot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/underdog-tech%2Fvulnbot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/underdog-tech","download_url":"https://codeload.github.com/underdog-tech/vulnbot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/underdog-tech%2Fvulnbot/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268512153,"owners_count":24261886,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-03T02:00:12.545Z","response_time":2577,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot","dependabot","github","hacktoberfest","reporting","slack","slack-bot","vulnerability-management","vulnerability-report"],"created_at":"2025-08-03T08:01:21.169Z","updated_at":"2025-10-25T17:45:05.211Z","avatar_url":"https://github.com/underdog-tech.png","language":"Go","readme":"# Vulnbot\n\n![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/underdog-tech/vulnbot)\n![GitHub](https://img.shields.io/github/license/underdog-tech/vulnbot)\n[![Go Report Card](https://goreportcard.com/badge/github.com/underdog-tech/vulnbot)](https://goreportcard.com/report/github.com/underdog-tech/vulnbot)\n[![Go](https://github.com/underdog-tech/vulnbot/actions/workflows/tests.yml/badge.svg)](https://github.com/underdog-tech/vulnbot/actions/workflows/tests.yml)\n[![CodeQL](https://github.com/underdog-tech/vulnbot/actions/workflows/codeql.yml/badge.svg)](https://github.com/underdog-tech/vulnbot/actions/workflows/codeql.yml)\n[![codecov](https://codecov.io/gh/underdog-tech/vulnbot/branch/main/graph/badge.svg?token=N4RI3WSI3I)](https://codecov.io/gh/underdog-tech/vulnbot)\n\nThis project aspires to be a bot for pulling in security and vulnerability\nalerts from all data sources you might have, and reporting them out to your\nappropriate systems.\n\nOur currently supported data sources are:\n\n* GitHub (Dependabot)\n\nOur currently supported reporting systems are:\n\n* Console\n* Slack\n\n## Getting Started\n\nTo get started, you will want to first set up a `.env` file with the following:\n\n```sh\nSLACK_AUTH_TOKEN=insert_slack_token_here\nGITHUB_TOKEN=insert_github_token_here\nGITHUB_ORG=github_org_name\n```\n\nThe `env.example` file can be used as a template for this.\n\nThe GitHub token will need the following scopes: `public_repo`, `read:org`,\n`read:user`, and `security_events`.\n\nYou will then want to construct a `config.toml`, an example for which can be\nfound in `config.example.toml`.\n\nOnce these files are in place, simply run `go run .` or\n`go build . \u0026\u0026 ./vulnbot`!\n\nAlternately you can run this in Docker:\n\n```sh\ndocker build . -t vulnbot\ndocker run --env-file .env -v ./config.toml:/app/config.toml vulnbot\n```\n\nBuilding and running a Docker image would be helpful if, for example, you wanted\nto run this as part of a regularly scheduled CI/CD job.\n\n## Documentation\n\nAt the moment, our documentation consists primarily of developer and\narchitecture docs. These can be found in the [docs/](docs/) folder, as well as\nat \u003chttps://pkg.go.dev/github.com/underdog-tech/vulnbot\u003e.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funderdog-tech%2Fvulnbot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funderdog-tech%2Fvulnbot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funderdog-tech%2Fvulnbot/lists"}