Skip to content
/ audit Public

Automated audit for GitHub repositories under https://github.com/embulk

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

embulk/audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
.ruby-version
.ruby-version
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
README.md
README.md
 
 
audit.rb
audit.rb
 
 
repos.yaml
repos.yaml
 
 

Repository files navigation

Audit GitHub repositories automatically, especially about security-related matters, such as :

  • Permitted users, and their permissions
  • Permissions for GitHub Actions, such as approval needed for all / first-time contributors (to be implemented)
  • Secrets and Variables (to be implemented)
  • ...

This just compares the current repository configurations retrieved from GitHub API with repos.yaml, which contains their "expected" configurations.

How to run audit

Create a GitHub fine-grained personal access token at : https://github.com/settings/personal-access-tokens/new

  • Resource owner: embulk
  • Expiration: as needed
  • Repository access: All repositories
  • Permissions:
    • Repository permissions:
      • Administration: Read-only
      • Commit statuses: Read-only
      • Contents: Read-only
      • Custom properties: Read-only
      • Environments: Read-only
      • Metadata: Read-only (mandatory)
      • Pull requests: Read-only
bundle install

# Or, it loads GitHub Token from the "GITHUB_TOKEN` environment variable if the file does not exist.
echo "..." > github_token

bundle exec ruby ./audit.rb

About

Automated audit for GitHub repositories under https://github.com/embulk

Topics

embulk

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

8 watching

Forks

0 forks
Report repository

Languages