{"id":34680162,"url":"https://github.com/yeswehack/ywh2bugtracker","last_synced_at":"2026-04-04T12:59:01.662Z","repository":{"id":46187699,"uuid":"224868730","full_name":"yeswehack/ywh2bugtracker","owner":"yeswehack","description":"YesWeHack BugTracker","archived":false,"fork":false,"pushed_at":"2026-03-16T08:48:51.000Z","size":8005,"stargazers_count":22,"open_issues_count":0,"forks_count":7,"subscribers_count":6,"default_branch":"master","last_synced_at":"2026-03-16T20:58:09.145Z","etag":null,"topics":["bugbounty","pentest","scripts"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yeswehack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-11-29T14:24:08.000Z","updated_at":"2026-03-16T08:48:56.000Z","dependencies_parsed_at":"2024-02-28T09:44:58.396Z","dependency_job_id":"b99c4ad5-1d56-4358-914d-915f14571ef2","html_url":"https://github.com/yeswehack/ywh2bugtracker","commit_stats":{"total_commits":212,"total_committers":6,"mean_commits":"35.333333333333336","dds":0.4386792452830188,"last_synced_commit":"7c7aa5512131c96b01d0dce9bd4fe0a222162c86"},"previous_names":[],"tags_count":39,"template":false,"template_full_name":null,"purl":"pkg:github/yeswehack/ywh2bugtracker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yeswehack%2Fywh2bugtracker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yeswehack%2Fywh2bugtracker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yeswehack%2Fywh2bugtracker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yeswehack%2Fywh2bugtracker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yeswehack","download_url":"https://codeload.github.com/yeswehack/ywh2bugtracker/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yeswehack%2Fywh2bugtracker/sbom","scorecard":{"id":1243143,"data":{"date":"2026-01-26","repo":{"name":"github.com/yeswehack/ywh2bugtracker","commit":"390d4dce34b07aa66b03578fdf942c9038432fcf"},"scorecard":{"version":"v5.4.1-0.20260109214540-85483c21ffbb","commit":"85483c21ffbb0f125cf1d16aa53f283d574f4ca5"},"score":1.4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#code-review"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#binary-artifacts"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#license"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.12.1-slim-bookworm to python:3.12.1-slim-bookworm@sha256:a64ac5be6928c6a94f00b16e09cdf3ba3edd44452d10ffa4516a58004873573e","Warn: containerImage not pinned by hash: Dockerfile:8: pin your Docker image by updating python:3.12.1-slim-bookworm to python:3.12.1-slim-bookworm@sha256:a64ac5be6928c6a94f00b16e09cdf3ba3edd44452d10ffa4516a58004873573e","Warn: containerImage not pinned by hash: docs/pandoc/Dockerfile:1: pin your Docker image by updating pandoc/latex:2.16.2 to pandoc/latex:2.16.2@sha256:022b50459ed17c57689467b700c42c2165838bb5b0955f9debf32e749f4c5dae","Warn: downloadThenRun not pinned by hash: Dockerfile:3","Info:   0 out of   3 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   1 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"42 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: https://osv.dev/PYSEC-2023-250","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2023-251","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2024-24","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2024-26","Warn: Project is vulnerable to: https://osv.dev/GHSA-54jq-c3m8-4m76","Warn: Project is vulnerable to: https://osv.dev/GHSA-5m98-qgg9-wh84","Warn: Project is vulnerable to: https://osv.dev/GHSA-69f9-5gxw-wvc2","Warn: Project is vulnerable to: https://osv.dev/GHSA-6jhg-hg63-jvvf","Warn: Project is vulnerable to: https://osv.dev/GHSA-6mq8-rvhq-8wgg","Warn: Project is vulnerable to: https://osv.dev/GHSA-7gpw-8wmc-pm8g","Warn: Project is vulnerable to: https://osv.dev/GHSA-8495-4g3g-x7pr","Warn: Project is vulnerable to: https://osv.dev/GHSA-9548-qrrj-x5pj","Warn: Project is vulnerable to: https://osv.dev/GHSA-fh55-r93g-j68g","Warn: Project is vulnerable to: https://osv.dev/GHSA-g84x-mcqj-x9qq","Warn: Project is vulnerable to: https://osv.dev/GHSA-jj3x-wxrx-4x23","Warn: Project is vulnerable to: https://osv.dev/GHSA-mqqc-3gqh-h2x8","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2024-48","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2024-230","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2024-225","Warn: Project is vulnerable to: https://osv.dev/GHSA-3ww4-gg4f-jr7f","Warn: Project is vulnerable to: https://osv.dev/GHSA-9v9h-cgj8-h64p","Warn: Project is vulnerable to: https://osv.dev/GHSA-h4gh-qq45-vh27","Warn: Project is vulnerable to: https://osv.dev/GHSA-qmgc-5h2g-mvrw","Warn: Project is vulnerable to: https://osv.dev/GHSA-w853-jp5j-5j7f","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2024-60","Warn: Project is vulnerable to: https://osv.dev/GHSA-428g-f7cq-pgp5","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2022-42969","Warn: Project is vulnerable to: https://osv.dev/GHSA-mrfv-m5wm-5w6w","Warn: Project is vulnerable to: https://osv.dev/GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: https://osv.dev/GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2025-49","Warn: Project is vulnerable to: https://osv.dev/GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2023-192","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2023-212","Warn: Project is vulnerable to: https://osv.dev/GHSA-2xpw-w6gg-jr37","Warn: Project is vulnerable to: https://osv.dev/GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: https://osv.dev/GHSA-38jv-5279-wg99","Warn: Project is vulnerable to: https://osv.dev/GHSA-gm62-xv2j-4w53","Warn: Project is vulnerable to: https://osv.dev/GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: https://osv.dev/PYSEC-2024-187","Warn: Project is vulnerable to: https://osv.dev/GHSA-597g-3phw-6986","Warn: Project is vulnerable to: https://osv.dev/GHSA-jfmj-5v4g-7637"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/85483c21ffbb0f125cf1d16aa53f283d574f4ca5/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2026-02-09T20:56:41.460Z","repository_id":46187699,"created_at":"2026-02-09T20:56:41.460Z","updated_at":"2026-02-09T20:56:41.460Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31400460,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","pentest","scripts"],"created_at":"2025-12-24T21:02:39.036Z","updated_at":"2026-04-04T12:59:01.657Z","avatar_url":"https://github.com/yeswehack.png","language":"Python","readme":"# ywh2bt\n\nywh2bt synchronizes your vulnerability reports from the [Yes We Hack platform][YesWeHack-Platform]\nwith issues of your bug tracker(s). It automatically retrieves reports you want to copy in your bug tracker,\ncreates the related issue, and syncs further updates between issues and reports.  \nIt comes with a handy GUI to set up and test the integration,\nwhile completely controlling the information you allow to be synchronized from both side.\n\n![Screenshot of GUI with loaded example file](docs/img/screenshot-gui-example.png)\n\n## Table of contents\n\n- [User Guide](#user-guide)\n- [Architecture](#architecture)\n- [Requirements](#requirements)\n- [Installation](#installation)\n- [Supported trackers](#supported-trackers)\n- [Changelog](#changelog)\n- [Local development](#local-development)\n    - [Requirements](#requirements-1)\n    - [Installation](#installation-1)\n    - [Usage](#usage-1)\n    - [Updating User Guide](#updating-user-guide)\n\n## User Guide\n\nA User Guide is available in [PDF][User-Guide-pdf] and [HTML][User-Guide-html] formats.\n\n## Architecture\n\nYWH2BT embeds both the GUI to set up the integration,\nand the application to be scheduled on your server to periodically poll and synchronize new reports.  \nYou can either run both on a single machine, or prepare the configuration file\non a computer (with the GUI) and transfer it on the server and use it through a scheduled command.\n\nSince data is pulled from YWH platform to your server, only regular outbound web connections need to be authorized on your server.\n\n## Requirements\n\n- `python` \u003e=3.8,\u003c=3.13\n- [`pip`](https://pip.pypa.io/en/stable/installing/)\n\n## Supported trackers\n\n- github\n- gitlab\n- jira / jiracloud\n- servicenow\n\n## Changelog\n- v2.15:\n    - automatic management of program slugs \n    - link to reports from the same program\n    - display warning message for KEY trackers\n    - fix Gitlab version parsing error\n- v2.14:\n    - fix report and comment images not displayed correctly in tracked issue on git.clacos.ninja\n- v2.13:\n    - fix GET YesWeHack API calls method have a body\n- v2.12:\n    - added support for new triage workflow\n- v2.11:\n    - added support for new impact and cve fields\n- v2.10: \n    - added support for new ask for fix process\n    - added support for report transfer log \n- v2.9:\n    - prevented issue synchronization to fail when tracker file upload is unsuccessful\n- v2.8:\n    - improved Python versions support (\u003e=3.8 to \u003c=3.12)\n    - removed the GUI from the default installation (use `pip install 'ywh2bt[gui]'` to include the GUI)\n    - fixed an issue with github when the title of an issue is longer than 255 characters\n    - fixed an issue with jira image previews when multiple attached images have the same name\n    - fixed an issue when a report/comment has no attachments and the description contains an invalid URL\n- v2.7:\n    - added synchronization of \"fix verification\" logs when \"Upload status updates\" is checked\n    - fixed an issue with jira when scope contains special markdown characters\n    - fixed an issue when \"Download bug trackers comments\" feedback option is activated\n      and bug tracker attachments do not meet platform attachments requirements (unacceptable mime-type, maximum allowed size exceeded)\n    - fixed an issue with jira when the title of an issue is longer than 255 characters\n- v2.6:\n    - added work around bug trackers maximum size allowed for the text of the issues/comments (content put in Markdown file attachment when necessary)\n- v2.5:\n    - added Personal Access Token (PAT) authentication\n    - removed OAuth authentication\n- v2.4:\n    - added option to prevent recreation of issues that were created by a previous synchronization\n      but are not found into the bug tracker anymore\n- v2.3:\n    - added support for ServiceNow\n- v2.2:\n    - added GitLab option for confidential issues\n- v2.1:\n    - added feedback feature (synchronize from bug tracker to report)\n    - added [docker image yeswehack/ywh2bugtracker](https://hub.docker.com/r/yeswehack/ywh2bugtracker)\n    - added User Guide [PDF][User-Guide-pdf] and [HTML][User-Guide-html]\n- v0.* to v2.0.0:\n    - behavior changes:\n        - reports logs can selectively be synchronized with the trackers:\n            - public comments\n            - private comments\n            - report details changes\n            - report status changes\n            - rewards\n        - a program can now only be synchronized with 1 tracker\n    - added support for JSON configuration files\n    - removed `ywh-bugtracker` command (use `ywh2bt synchronize`)\n    - added `ywh2bt` command:\n        - added `ywh2bt synchronize`:\n            - note: `ywh2bt synchronize --config-file FILE --config-format FORMAT` \n              is the equivalent of `ywh-bugtracker -n -f FILE` in v0.*\n        - added `ywh2bt validate`\n        - added `ywh2bt test`\n        - added `ywh2bt convert`\n        - added `ywh2bt schema`\n    - removed command line interactive mode\n    - added GUI via `ywh2bt-gui` command\n\n## Local development\n\n### Requirements\n\n- [`poetry`](https://python-poetry.org/) (`pip install poetry`)\n\n### Installation\n\n- `make install` (or `poetry install`): creates a virtualenv and install dependencies\n- `make install-with-gui` (or `poetry install --extras=gui`): creates a virtualenv and install dependencies, including the gui\n\n### Usage\n\nInstead of `ywh2bt [command]`, run commands using `poetry run ywh2bt [command]`.\n\nSame goes for `ywh2bt-gui`, run `poetry run ywh2bt-gui` instead.\n\n### Updating User Guide\n\n[PDF][User-Guide-pdf] and [HTML][User-Guide-html] versions of the User Guide are generated via Pandoc\nusing [docs/User-Guide.md][User-Guide-md] as an input file.  \nAny changes made to [docs/User-Guide.md][User-Guide-md] **must be followed** by the execution of the command\n`make user-guide` in order to regenerate the PDF and HTML files, **otherwise the CI will fail**.\n\n[YesWeHack-Platform]: https://www.yeswehack.com/\n\n[User-Guide-md]: docs/User-Guide.md\n\n[User-Guide-pdf]: docs/user-guide/User-Guide.pdf\n\n[User-Guide-html]: docs/user-guide/User-Guide.html\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyeswehack%2Fywh2bugtracker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyeswehack%2Fywh2bugtracker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyeswehack%2Fywh2bugtracker/lists"}