Skip to content

bitoiu/vulnerability-pr-checks

Repository files navigation

vulnerability-pr-checks

A GitHub App built with Probot that Probot App that posts GitHub Statuses Checks based on security vulnerabilities

Installation

Install the app at: https://github.com/apps/vulnerability-pr-checks

Current limitations

  • The app is by default ignoring dismissed vulnerabilities. This is an internal variable that soon needs to be a configuration on the .github folder.
  • GitHub Security Vulnerability alerts are only indexed on the master branch, this means that when checking for active vulnerabilities, the app is actually only checking master. This means that if the developer acts on the vulnerabilities on the branch, the results won't change. It's recommended if using the app, that security vulnerabilities are changed on another PR and merged before the current branch under analysis. Hoping one day all the branches are indexed, but this is the reality today.
  • I was lazy with the tests, sorry.

Running your own

Check instructions at: https://probot.github.io/docs/deployment/

Setup

# Install dependencies
npm install

# Run the bot
npm start

Contributing

If you have suggestions for how vulnerability-pr-checks could be improved, or want to report a bug, open an issue! We'd love all and any contributions.

For more, check out the Contributing Guide.

License

ISC © 2019 Vitor Monteiro [email protected] (https://github.com/bitoiu)