https://github.com/chainguard-dev/secureframe-issue-sync
Sync Secureframe tests to GitHub issues (unofficial)
https://github.com/chainguard-dev/secureframe-issue-sync
Last synced: 9 months ago
JSON representation
Sync Secureframe tests to GitHub issues (unofficial)
- Host: GitHub
- URL: https://github.com/chainguard-dev/secureframe-issue-sync
- Owner: chainguard-dev
- License: apache-2.0
- Created: 2022-05-04T21:35:21.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2025-03-13T00:20:08.000Z (10 months ago)
- Last Synced: 2025-03-22T00:05:26.112Z (10 months ago)
- Language: Go
- Size: 355 KB
- Stars: 2
- Watchers: 1
- Forks: 2
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# secureframe-issue-sync
Sync Secureframe tests to GitHub issues:
* Opens Github issues when a test fails
* Updates Github issues when test details change
* Closes Github issues when a test passes or is disabled
secureframe-issue-sync is designed to be used as a scheduled task, in particular GitHub Actions.
NOTE: This is using an undocumented Secureframe GraphQL API, so it may suddenly break. PR's welcome.
## Requirements
* A GitHub API token (preferably fine-grained for just issue management)
* A Secureframe API token (findable via browser headers)
* A Secureframe Company ID (findable via browser headers)
As Secureframe does not yet have a public API, you'll need to grab the latter two bits of information using your browser's Developer Tools functionality.
## Finding your Secureframe authentication data
1. Visit
2. Enter your browser's "Developer Tools" feature
3. Click on the **Console** tab.
4. Type `sessionStorage.getItem("AUTH_TOKEN");` and press . This will show your auth token.
5. Type `sessionStorage.getItem("CURRENT_COMPANY_USER");` and press . This will show your company ID.
NOTE: For a proper long-lived API token, see https://developer.secureframe.com/#section/Authentication - This tool understands long-lived tokens in the form of " ".
## Installation
```shell
go install github.com/chainguard-dev/secureframe-issue-sync@latest
```
## Usage: Command-Line
To build and install this tool, run:
```shell
secureframe-issue-sync --secureframe-token= \
--company= \
--reports=soc2_alpha \
--github-token= \
--github-repo=chainguard-dev/xyz`
```
There is a `--dry-run` flag available, which will pretend to make changes to GitHub instead of performing them.
You can also pass flags via environment variables, such as `SECUREFRAME_TOKEN=xyz`.
## Usage: GitHub Actions
In production, you're going to want to schedule the sync job to run every hour or so. Since you are already on GitHub, why not use GitHub Actions to do it?
See for an example.