Skip to content

Latest commit

 

History

History
74 lines (58 loc) · 3.15 KB

ghas-org-scan.md

File metadata and controls

74 lines (58 loc) · 3.15 KB
Raw

This is a Python script that interacts with the GitHub API to fetch repository details and code scanning analysis information. Make sure the repository exists and your GitHub token has the necessary permissions to access it.

Prerequisites

  • Python 3.6 or higher
  • requests library

Installation

  1. Clone this repository:

    git clone [email protected]:austimkelly/ghas-utils.git

  2. Navigate to the cloned repository:

    cd ghas-utils

  3. Install the required Python libraries:

    pip3 install requests

    or

    pip3 install -r requests.txt

Usage

  1. Create a Github Personal Access Token and set the value in a GITHUB_ACCESS_TOKEN environment variable. Your personal access token will start with github_pat_

    • This script is tested with these permissions:

    Permissions

NOTE: For organizations which you are not an owner, please see Setting a Personal Access Token for your Organization. If you leverage a personal access token to read organization repositories, you will need to enable this policy, otherwise only public repositories will be readable. You will need one personal access token per organization.

  1. Open ghas-scan.py in your favorite text editor.
  2. Replace owner_type variable value with user or org.
  3. Replace owner_name variable value with the corresponding user or org name.
  4. Set skip_forks to True if you want to omit forked repos from the results.
  5. Run the script: 
    python3 ghas-scan.py

Output and Example

Output is written to github_data.csv at the repository root. The console output will look like this:

Getting list of repositories...
Fetching repo security configs...
CSV file 'github_data.csv' written successfully.
Total repositories: 16
Total public repositories: 16
Percent of repositories that are forked: 0.0%
Percent of repositories with Codeowners: 6.25%
Percent of repositories with Secrets Scanning Enabled: 12.5%
Percent of repositories with Secrets Push Protection Enabled: 12.5%
Total number of open critical and high code scanning alerts: 0
Total number of open critical dependabot alerts: 0
Done.

You can see an example CSV in ./example/example_output.csv. This is just a simple example to give you an idea of the schema.

References