-
Notifications
You must be signed in to change notification settings - Fork 0
/
cve-report.js
executable file
·88 lines (78 loc) · 2.03 KB
/
cve-report.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/usr/bin/env node
const graphql = require('graphql-request');
const argparse = require('argparse').ArgumentParser;
const GITHUB_GRAPHQL_ENDPOINT = 'https://api.github.com/graphql';
const parser = new argparse({
version: '1.0.0',
addHelp: true,
description: 'Pass in a list of orgs and generate a report of the repos and the CVEs opened against its packages.'
});
parser.addArgument(
[ '-o', '--org' ],
{
help: 'The orgs that you want to run against',
nargs: '*',
required: true
}
);
parser.addArgument(
[ '-t', '--token' ],
{
help: 'GitHub developer token to query GitHub.',
required: true
}
);
const args = parser.parseArgs();
const client = new graphql.GraphQLClient(GITHUB_GRAPHQL_ENDPOINT, {
headers: {
Accept: 'application/vnd.github.vixen-preview+json',
Authorization: `token ${args.token}`,
}
});
getOrgCVE = async (org) => {
const query = `{
organization(login: "${org}") {
repositories(first:100) {
edges {
node {
owner {
id
}
name
vulnerabilityAlerts ( first: 100 ) {
edges {
node {
affectedRange
dismissReason
dismissedAt
externalIdentifier
externalReference
fixedIn
id
packageName
}
}
}
}
}
}
}
}`;
return await client.request(query);
};
run = async () => {
const orgList = args.org;
if (orgList.length) {
for (const org of args.org) {
const data = await getOrgCVE(org).catch(error => console.error(error));
for (const repo of data.organization.repositories.edges) {
if (repo.node.vulnerabilityAlerts.edges.length) {
console.log('\n', org, ' - ', repo.node.name,'\n', repo.node.vulnerabilityAlerts.edges, '\n');
}
};
};
} else {
console.log('At least one GitHub org must be provided');
};
};
run();