https://github.com/yahoo/github-security-alerts-workflow

Automation to Incorporate GitHub Security Alerts Into your Business Workflow
https://github.com/yahoo/github-security-alerts-workflow

Last synced: 3 months ago
JSON representation

Automation to Incorporate GitHub Security Alerts Into your Business Workflow

• Host: GitHub
• URL: https://github.com/yahoo/github-security-alerts-workflow
• Owner: yahoo
• License: apache-2.0
• Created: 2019-02-20T22:32:50.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2023-04-26T16:00:16.000Z (over 2 years ago)
• Last Synced: 2025-06-11T04:45:58.979Z (7 months ago)
• Language: Python
• Size: 17.6 KB
• Stars: 22
• Watchers: 4
• Forks: 18
• Open Issues: 7
• Metadata Files:
  • Readme: README.md
  • Contributing: Contributing.md
  • License: LICENSE
  • Code of conduct: Code-of-Conduct

Awesome Lists containing this project

README

          

# GitHub Security Alerts Workflow

This script is for teams that want to leverage GitHub Security Alerts into their workflow. It currently supports creating Jira tickets from the GitHub GraphQL API for security alerts. 

## Table of Contents

- [Background](#background)

- [Install](#install)

- [Configuration](#configuration)

- [Usage](#usage)

- [Contribute](#contribute)

- [License](#license)

## Background

This purpose of this project is to manage security vulnerabilities for open source projects using GitHub’s security alerts at scale.

## Install

This script requires Python3 to run, so ensure you have this installed first. Installation of this script is as simple as the following:

`git clone https://github.com/yahoo/GitHub-Security-Alerts-Workflow.git $$ cd GitHub-Security-Alerts-Workflow`

## Usage

Use the following command to run this script:

`python3 graph_ql.py graph_ql_authorization_key jira_authorization_key jira_url jira_project_key`

* graph_ql_authorization_key - A GitHub GraphQL access token that has the ability to view security alerts for the chosen repo.

* jira_authorization_key - An authorization key for your Jira instance with the ability to create and modify tickets.

* jira_url - The endpoint for your Jira instance's issue API, e.g. https://jira.xyz.com/rest/api/2/issue/

* jira_project_key - The identifier key for the Jira project you want to create issues for.

## Contribute

Please refer to [the contributing.md file](Contributing.md) for information about how to get involved. We welcome issues, questions, and pull requests. Pull Requests are welcome.

## Maintainers

Manikandan Subramaniam: manikandan.subramaniam@verizonmedia.com 


Ashley Wolf: awolf@verizonmedia.com

## License

This project is licensed under the terms of the [Apache 2.0](LICENSE-Apache-2.0) open source license. Please refer to [LICENSE](LICENSE) for the full terms.