Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nyg/dependabot-vuln-viewer

Displays Dependabot security alerts for multiple GitHub repositories.
https://github.com/nyg/dependabot-vuln-viewer

apollo-client dependabot github github-api graphql log4shell security vulnerabilities

Last synced: about 2 months ago
JSON representation

Displays Dependabot security alerts for multiple GitHub repositories.

Host: GitHub
URL: https://github.com/nyg/dependabot-vuln-viewer
Owner: nyg
License: mit
Created: 2021-12-26T09:41:19.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2024-10-21T22:52:53.000Z (2 months ago)
Last Synced: 2024-10-22T19:16:57.301Z (2 months ago)
Topics: apollo-client, dependabot, github, github-api, graphql, log4shell, security, vulnerabilities
Language: JavaScript
Homepage: dependabot-vuln-viewer.vercel.app
Size: 2.62 MB
Stars: 2
Watchers: 1
Forks: 1
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Dependabot Vulnerability Viewer

Displays Dependabot vulnerability alerts of multiple repositories on a single
page. Only vulnerabilities of repositories that your personal access token has
access to will be displayed (restriction of GitHub's GraphQL API).

## Demo

Hosted at [dependabot-vuln-viewer.vercel.app][].

> *Disclaimer*: Your personal access token is, in theory, never sent to the
> server (the GraphQL API request is made by the browser). However, due to the
> magic behind Next.js and Apollo Client, I cannot guarantee it. Feel free to
> clone the repo and run it in local. Let me know if you know more than I do on
> this subject.

![demo screenshot](/public/dvv-screen.png)

### Query String

Can be any valid [advanced search][] query string:

* `user:`,
* `repo:/`,
* [etc.][],
* any combination of the above.

### Personal Access Token

See [here][] to create a personal access token for the GitHub API. Only the
`repo` [scope][] is needed, or `public_repo` if you don't care about private
repositories.

## Install & Run

```sh
git clone https://github.com/nyg/dependabot-vuln-viewer.git
cd dependabot-vuln-viewer
npm install
npm run dev # localhost:3000
```

## Improvements

* Store settings in `localStorage`
* Add OAuth login, GitHub Enterprise

[dependabot-vuln-viewer.vercel.app]: https://dependabot-vuln-viewer.vercel.app/
[Advanced Search]: https://github.com/search/advanced
[etc.]: https://docs.github.com/en/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax
[here]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
[scope]: https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps