{"id":22214356,"url":"https://github.com/zstyblik/dependabot-report","last_synced_at":"2025-10-14T10:10:37.474Z","repository":{"id":262324593,"uuid":"858407172","full_name":"zstyblik/dependabot-report","owner":"zstyblik","description":"dependabot-report is a script which fetches data from GitHub API and generates a static HTML page","archived":false,"fork":false,"pushed_at":"2025-09-22T07:33:01.000Z","size":736,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-06T12:46:13.642Z","etag":null,"topics":["dependabot","github","reporting-tool"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zstyblik.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["zstyblik"]}},"created_at":"2024-09-16T20:54:26.000Z","updated_at":"2025-09-22T07:33:03.000Z","dependencies_parsed_at":null,"dependency_job_id":"d4a180b1-b657-480c-86b5-754b4e58a0ea","html_url":"https://github.com/zstyblik/dependabot-report","commit_stats":null,"previous_names":["zstyblik/dependabot-report"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zstyblik/dependabot-report","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zstyblik%2Fdependabot-report","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zstyblik%2Fdependabot-report/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zstyblik%2Fdependabot-report/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zstyblik%2Fdependabot-report/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zstyblik","download_url":"https://codeload.github.com/zstyblik/dependabot-report/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zstyblik%2Fdependabot-report/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279018771,"owners_count":26086449,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dependabot","github","reporting-tool"],"created_at":"2024-12-02T21:15:58.917Z","updated_at":"2025-10-14T10:10:37.445Z","avatar_url":"https://github.com/zstyblik.png","language":"Python","funding_links":["https://github.com/sponsors/zstyblik"],"categories":[],"sub_categories":[],"readme":"# dependabot report\n\ndependabot report is a tool I wish I had, or at least thought so. Imagine\nyourself working for a software company which has more than 10 repositories on\nGitHub. GitHub sends you \"Your Dependabot alerts for today\" for 10 repositories\nand as for the rest of repositories you're on your own. Happy click through!\nYes, in ideal world everything would be patched and updated immediately.\nHowever, some of us aren't there yet.\n\n![dependabot_report_demo][dependabot_report_demo]\n\ndependabot report is a simple script which fetches data from GitHub API and\npresents it as a static HTML page(minus bootstrap and GitHub avatars). And\nthat's pretty much it. Could it be more complex with more moving parts? It\nabsolutely could. However, this is good enough for PoC/demo and for now.\n\n## Dependencies\n\n* [Jinja2]\n* [PyGithub]\n* [bootstrap] which is loaded from their(!) CDN\n* [GitHub avatars] which will be loaded directly from GitHub when report is\n  viewed\n\n## GitHub token and permissions\n\nCurrently only authentication via token is supported.\n\n### Classic token\n\nWhen used with classic token then at least `repo:public_repo` permission is\nrequired. I guess that `repo` permission is required in order to access private\nrepositories since `repo:public_repo` limits access to only to public\nrepositories. I suggest to use fine-grained personal access token instead.\n\n### Fine-grained personal access token\n\nWhen used with fine-grained personal access token then read access to\ndependabot alerts and metadata(which is mandatory anyway) is required.\n\nWhether you grant access only to public, all or selected repositories, is up to\nyou.\n\n## Usage\n\nRead GitHub token from ENV variable:\n\n```\nexport MY_TOKEN=123456\npython3 dependabot_report.py \\\n    --github-token-provider 'env:MY_TOKEN' \\\n    --include-repo-owner \\\n    --output-file report.html\n```\n\nor read GitHub token from file:\n\n```\npython3 dependabot_report.py \\\n    --github-token-provider 'file:my-token.txt' \\\n    --include-repo-owner \\\n    --output-file report.html\n```\n\n## License\n\nMIT\n\n[Jinja2]: https://pypi.org/project/Jinja2/\n[PyGithub]: https://pypi.org/project/PyGithub/\n[bootstrap]: https://getbootstrap.com\n[GitHub avatars]: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile\n[dependabot_report_demo]: ../assets/dependabot_report_demo.png?raw=true\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzstyblik%2Fdependabot-report","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzstyblik%2Fdependabot-report","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzstyblik%2Fdependabot-report/lists"}