https://github.com/embulk/audit
Automated audit for GitHub repositories under https://github.com/embulk
https://github.com/embulk/audit
embulk
Last synced: 26 days ago
JSON representation
Automated audit for GitHub repositories under https://github.com/embulk
- Host: GitHub
- URL: https://github.com/embulk/audit
- Owner: embulk
- Created: 2023-03-23T14:35:55.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2025-02-13T01:38:50.000Z (3 months ago)
- Last Synced: 2025-04-25T15:26:33.153Z (26 days ago)
- Topics: embulk
- Language: Ruby
- Homepage:
- Size: 27.3 KB
- Stars: 0
- Watchers: 8
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Audit: audit.rb
Awesome Lists containing this project
README
Audit GitHub repositories automatically, especially about security-related matters, such as :
* Permitted users, and their permissions
* Permissions for GitHub Actions, such as approval needed for all / first-time contributors (to be implemented)
* Secrets and Variables (to be implemented)
* ...
This just compares the current repository configurations retrieved from GitHub API with `repos.yaml`, which contains their "expected" configurations.
How to run audit
=================
Create a GitHub fine-grained personal access token at : https://github.com/settings/personal-access-tokens/new
* Resource owner: embulk
* Expiration: as needed
* Repository access: All repositories
* Permissions:
* Repository permissions:
* Administration: Read-only
* Commit statuses: Read-only
* Contents: Read-only
* Custom properties: Read-only
* Environments: Read-only
* Metadata: Read-only (mandatory)
* Pull requests: Read-only
```
bundle install
```
```
# Or, it loads GitHub Token from the "GITHUB_TOKEN` environment variable if the file does not exist.
echo "..." > github_token
```
```
bundle exec ruby ./audit.rb
```