Scripts and tools to gather information about git repositories.
This repository is a collection of scripts and tools for a given repodiving effort. Repodiving in this context means going through a git repository and gathering relevant information for a specific purpose.
We're a group of civic-minded technologists transforming how the federal government delivers healthcare to the American people.
Establish and maintain guidance, policies, practices, and talent pipelines that advance equity, build trust, and amplify impact across CMS, HHS, and Federal Open Source Ecosystems by working and sharing openly.
A full list of contributors can be found on https://github.com/DSACMS/repodive-tools/graphs/contributors.
We follow GitHub Flow with protected branches and pull request reviews. Development includes automated code analysis, security scanning, and adherence to CMS Open Source Policy guidelines. See CONTRIBUTING.md for more details.
To run locally, please follow the instructions in CONTRIBUTING.md under Buidling the Project and Building Dependencies.
Run SCC on repos:
1. Make sure that scc is installed on your machine
2. Set valid environment variables including GitHub token
3. `./run-scc-on-repos.sh <Directory to store GitHub code>`
Note: The SCC script will clone the repositories in the directory that you specify. If the repository already exists in the directory then it will not download it again. This is useful for if you want to re-use this directory to run the other scripts on it.
Gen Gource logs on repos:
1. Make sure that gource is installed on your machine
2. Set valid environment variables including GitHub token
3. `./gen-gource-logs-on-repos.sh <Directory to store GitHub code`
Note: The gource script will clone the repositories in the directory that you specify. If the repository already exists in the directory then it will not download it again. This is useful for if you want to re-use this directory to run the other scripts on it.
Run contributor resolution (rough):
1. `./run-contrib-resolution.sh <Directory with the GitHub Code already there>`
3. Enter ctrl+d for any empty records that appear
4. `./concat.sh`
5. Look at merged_output.txt and enjoy!
Note: this script assumes that all of the repositories have been cloned already.
We adhere to the CMS Open Source Policy. If you have any questions, just shoot us an email.
Submit a vulnerability: Vulnerability reports can be submitted through Bugcrowd. Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see SECURITY.md.
A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software.
In the spirit of Executive Order 14028 - Improving the Nation’s Cyber Security, a SBOM for this repository is provided here: https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/network/dependencies.
For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication as indicated in LICENSE.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest.