Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

feat(sg/repoferee): add security command with repo-report subcommand to fetch latest repoferee report#62735

Merged
burmudar merged 4 commits into
mainfrom
wb/sg/security-repoferee
May 16, 2024
Merged

feat(sg/repoferee): add security command with repo-report subcommand to fetch latest repoferee report#62735
burmudar merged 4 commits into
mainfrom
wb/sg/security-repoferee

Conversation

@burmudar

@burmudar burmudar commented May 16, 2024

Copy link
Copy Markdown
Contributor

To fetch the latest results from https://repoferee.sgdev.org/results the request needs to be signed. This is because the report can contain sensitive repo names.

To make it easier to fetch report this PR adds the command sg security repo-report which will do the required signing of the request and fetch the results and then either print the report out to terminal or if the -o option is specified, write the results out to file

Test plan

Tested locally

go run ./dev/sg security repo-report -o report.json
✅ Response received from repoferee
✅ Report written to "report.json"

  Last report run:  2024-05-16T16:37:28Z
  Next report run:  2024-05-16T17:07:28Z

@burmudar burmudar requested review from a team May 16, 2024 16:53
@burmudar burmudar self-assigned this May 16, 2024
@cla-bot cla-bot Bot added the cla-signed label May 16, 2024
github-advanced-security[bot]
github-advanced-security AI found potential problems May 16, 2024
View reviewed changes
Comment thread dev/sg/sg_security.go
Comment on lines +26 to +44
Description: "Learn more about Sourcegraph security: https://sourcegraph.notion.site/Security-81d50b5ac5474b07bdbadd5359993c80",
Category: category.Company,
Subcommands: []*cli.Command{
{
Name: "repo-report",
Usage: "fetch the latest repoferee report",
Description: "Fetches the latest repoferee report which reports on repositories that conform to set rules. The rules can be found at https://github.com/sourcegraph/repoferee/blob/main/rules.yml",
Action: getRepofereeReport,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "output-file",
DefaultText: "standard out",
Usage: "<filename> to write the report to",
Value: "",
Aliases: []string{"o"},
},
},
},
},

Check notice

Code scanning / Semgrep OSS

Semgrep Finding: security-semgrep-rules.semgrep-rules.generic.comment-tagging-rule

Code that highlight SECURITY in comment has changed. Please review the code for changes. The changes might be sensitive.
@burmudar burmudar merged commit ec7cbee into main May 16, 2024
@burmudar burmudar deleted the wb/sg/security-repoferee branch May 16, 2024 17:21
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@jhchabran jhchabran jhchabran approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@burmudar burmudar

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@burmudar @jhchabran @github-advanced-security