Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/bitoiu/vulnerability-pr-checks

PR Checks for Security Vulnerabilities
https://github.com/bitoiu/vulnerability-pr-checks

github-app github-graphql probot-app secdevops security-automation security-vulnerability

Last synced: 9 months ago
JSON representation

PR Checks for Security Vulnerabilities

Awesome Lists containing this project

README 

          
# vulnerability-pr-checks 



> A GitHub App built with [Probot](https://github.com/probot/probot) that Probot App that posts GitHub Statuses Checks based on security vulnerabilities



## Installation



Install the app at: https://github.com/apps/vulnerability-pr-checks



## Current limitations



- The app is by default ignoring dismissed vulnerabilities. This is an internal variable that soon needs to be a configuration on the `.github` folder.

- GitHub Security Vulnerability alerts are only indexed on the `master` branch, this means that when checking for active vulnerabilities, the app is actually only checking master. This means that if the developer acts on the vulnerabilities on the branch, the results won't change. It's recommended if using the app, that security vulnerabilities are changed on another PR and merged before the current branch under analysis. Hoping one day all the branches are indexed, but this is the reality today.

- I was lazy with the tests, sorry. 



## Running your own



Check instructions at: https://probot.github.io/docs/deployment/



## Setup



```sh

# Install dependencies

npm install



# Run the bot

npm start

```



## Contributing



If you have suggestions for how `vulnerability-pr-checks` could be improved, or want to report a bug, open an issue! We'd love all and any contributions.



For more, check out the [Contributing Guide](CONTRIBUTING.md).



## License



[ISC](LICENSE) © 2019 Vitor Monteiro  (https://github.com/bitoiu)