{"id":29406972,"url":"https://github.com/xprnvd/threataware","last_synced_at":"2026-05-19T19:05:16.689Z","repository":{"id":212767286,"uuid":"732259254","full_name":"xprnvd/threataware","owner":"xprnvd","description":"Github native application for organisations; uses OpenAI models to identify Security Risks introduced by PRs","archived":false,"fork":false,"pushed_at":"2024-04-19T12:44:07.000Z","size":19,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-06-21T02:13:37.086Z","etag":null,"topics":["github-security","gpt","openai","pull-requests","security","security-risks"],"latest_commit_sha":null,"homepage":"https://github.com/apps/gh-threataware","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xprnvd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-12-16T04:39:47.000Z","updated_at":"2023-12-16T07:15:45.000Z","dependencies_parsed_at":"2023-12-16T06:49:01.798Z","dependency_job_id":"1eac312e-3b84-487b-be9a-0e8938f070d6","html_url":"https://github.com/xprnvd/threataware","commit_stats":null,"previous_names":["raxpd/threataware","xprnvd/threataware"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/xprnvd/threataware","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xprnvd%2Fthreataware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xprnvd%2Fthreataware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xprnvd%2Fthreataware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xprnvd%2Fthreataware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xprnvd","download_url":"https://codeload.github.com/xprnvd/threataware/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xprnvd%2Fthreataware/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264696632,"owners_count":23650937,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-security","gpt","openai","pull-requests","security","security-risks"],"created_at":"2025-07-11T00:10:27.140Z","updated_at":"2026-05-19T19:05:16.634Z","avatar_url":"https://github.com/xprnvd.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gh-ThreatAware\n\ngh-ThreatAware is a GitHub application developed from the ground up, designed to be installed across GitHub organizations. It efficiently tracks and analyzes pull requests (PRs) within the organization's repositories.\n\n## How it Works\n\ngh-ThreatAware utilizes webhooks to monitor and track PR events. Upon receiving a PR event, it collects essential context surrounding the PR, including details such as the PR description, file changes, commit diffs, user information, and other relevant parameters.\n\n## Security Risk Analysis\n\nThe application employs OpenAI's GPT-3.5 Turbo models to evaluate the security risks introduced by each PR. Leveraging these models, it measures and assigns a risk score based on the analysis performed.\n\n## Review Process\n\nIf the PR's risk level exceeds a predefined threshold, gh-ThreatAware takes action by adding reviewers from the security team to ensure comprehensive evaluation and mitigation of potential security risks.\n\n#### PR that introduces Security Risk\n\n\u003cimg width=\"1092\" alt=\"290974888-366968c8-15ac-48f2-98e8-0c451c77354b\" src=\"https://github.com/raxpd/threataware/assets/42084500/78d25187-83c7-4b83-ad37-7c9fed9d567b\"\u003e\n\u003cimg width=\"982\" alt=\"290974953-4073d839-d9e6-4185-89d8-44f22d0e4841\" src=\"https://github.com/raxpd/threataware/assets/42084500/a5261d44-f384-4acf-8280-a4d23715becc\"\u003e\n\n#### PR that does not introduce Security Risk\n\n\u003cimg width=\"954\" alt=\"290975013-79d7be96-a5fe-427d-9f4b-3392be8a8936\" src=\"https://github.com/raxpd/threataware/assets/42084500/2881d670-a05b-4e88-b8d1-c7f5d9dd85e1\"\u003e\n\n## Installation\n\nTo install gh-ThreatAware within your GitHub organization, follow these steps:\n\n1. **Clone the Repository:** Clone the gh-ThreatAware repository to a local environment or server that will host the application.\n2. **Configure Webhooks:** Set up webhooks in your GitHub organization's repositories to trigger events that communicate with the gh-ThreatAware application. Configure these webhooks to point to the application's designated endpoint.\n3. **Configure Permissions:** Ensure that gh-ThreatAware has appropriate permissions to access PR details and assign reviewers. Review and adjust permissions as needed within your GitHub organization settings.\n\n## Configuration\n\nCustomize the risk threshold and reviewer assignment logic according to your organization's security policies and requirements. These configurations are adjustable within the designated configuration files provided with the application.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxprnvd%2Fthreataware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxprnvd%2Fthreataware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxprnvd%2Fthreataware/lists"}