@security-alert monorepo

A Command Line ToolKit for GitHub Security Alert.

Tools

• @security-alert/create-issue
  • Create an issue form GitHub Security Alert URL
• @security-alert/list-alerts
  • Show list of GitHub Security Alerts.

SARIF to GitHub Issue/Comment

These tools aim to integration CodeQL and GitHub. CodeQL output the scanned results as SARIF format.

• @security-alert/sarif-to-issue
  • Create an issue form SARIF file
• @security-alert/sarif-to-comment
  • Comment to issue from SARIF file
• @security-alert/sarif-to-markdown
  • Convert SARIF to Markdown format
  • Good work with GitHub's CodeQL results

Changelog

See Releases page.

Development

yarn install
yarn run build
yarn test

Release Workflow

git checkout -b release-branch
git push -u
GH_TOKEN=xxx npm run versionup
npm run release # use npm instead of yarn

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

1. Fork it!
2. Create your feature branch: git checkout -b my-new-feature
3. Commit your changes: git commit -am 'Add some feature'
4. Push to the branch: git push origin my-new-feature
5. Submit a pull request :D

Releases

Release all packages via following command:

GH_TOKEN="${GITHUB_TOKEN}" npm run versionup -- --create-release=github && npm run release -- --yes
# or just release and write Release Note manually
# npm run versionup && npm run release -- --yes

Author

• github/azu
• twitter/azu_re

License

MIT © azu