├── .github └── workflows │ └── codeql-analysis.yml ├── .gitignore ├── .vscode └── launch.json ├── LICENSE ├── README.md ├── get-code-scanning-alerts.js ├── lib └── p-reduce.js ├── package-lock.json └── package.json /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | name: "Code scanning - action" 2 | 3 | on: 4 | push: 5 | pull_request: 6 | schedule: 7 | - cron: '0 21 * * 2' 8 | 9 | jobs: 10 | CodeQL-Build: 11 | 12 | runs-on: ubuntu-latest 13 | 14 | steps: 15 | - name: Checkout repository 16 | uses: actions/checkout@v2 17 | with: 18 | # We must fetch at least the immediate parents so that if this is 19 | # a pull request then we can checkout the head. 20 | fetch-depth: 2 21 | 22 | # If this run was triggered by a pull request event, then checkout 23 | # the head of the pull request instead of the merge commit. 24 | - run: git checkout HEAD^2 25 | if: ${{ github.event_name == 'pull_request' }} 26 | 27 | # Initializes the CodeQL tools for scanning. 28 | - name: Initialize CodeQL 29 | uses: github/codeql-action/init@v1 30 | 31 | - name: Perform CodeQL Analysis 32 | uses: github/codeql-action/analyze@v1 33 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | lerna-debug.log* 8 | 9 | # Diagnostic reports (https://nodejs.org/api/report.html) 10 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 11 | 12 | # Runtime data 13 | pids 14 | *.pid 15 | *.seed 16 | *.pid.lock 17 | 18 | # Directory for instrumented libs generated by jscoverage/JSCover 19 | lib-cov 20 | 21 | # Coverage directory used by tools like istanbul 22 | coverage 23 | *.lcov 24 | 25 | # nyc test coverage 26 | .nyc_output 27 | 28 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) 29 | .grunt 30 | 31 | # Bower dependency directory (https://bower.io/) 32 | bower_components 33 | 34 | # node-waf configuration 35 | .lock-wscript 36 | 37 | # Compiled binary addons (https://nodejs.org/api/addons.html) 38 | build/Release 39 | 40 | # Dependency directories 41 | node_modules/ 42 | jspm_packages/ 43 | 44 | # TypeScript v1 declaration files 45 | typings/ 46 | 47 | # TypeScript cache 48 | *.tsbuildinfo 49 | 50 | # Optional npm cache directory 51 | .npm 52 | 53 | # Optional eslint cache 54 | .eslintcache 55 | 56 | # Microbundle cache 57 | .rpt2_cache/ 58 | .rts2_cache_cjs/ 59 | .rts2_cache_es/ 60 | .rts2_cache_umd/ 61 | 62 | # Optional REPL history 63 | .node_repl_history 64 | 65 | # Output of 'npm pack' 66 | *.tgz 67 | 68 | # Yarn Integrity file 69 | .yarn-integrity 70 | 71 | # dotenv environment variables file 72 | .env 73 | .env.test 74 | 75 | # parcel-bundler cache (https://parceljs.org/) 76 | .cache 77 | 78 | # Next.js build output 79 | .next 80 | 81 | # Nuxt.js build / generate output 82 | .nuxt 83 | dist 84 | 85 | # Gatsby files 86 | .cache/ 87 | # Comment in the public line in if your project uses Gatsby and *not* Next.js 88 | # https://nextjs.org/blog/next-9-1#public-directory-support 89 | # public 90 | 91 | # vuepress build output 92 | .vuepress/dist 93 | 94 | # Serverless directories 95 | .serverless/ 96 | 97 | # FuseBox cache 98 | .fusebox/ 99 | 100 | # DynamoDB Local files 101 | .dynamodb/ 102 | 103 | # TernJS port file 104 | .tern-port 105 | 106 | .env 107 | .DS_Store 108 | -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- 1 | { 2 | // Use IntelliSense to learn about possible attributes. 3 | // Hover to view descriptions of existing attributes. 4 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 5 | "version": "0.2.0", 6 | "configurations": [ 7 | { 8 | "type": "node", 9 | "request": "launch", 10 | "name": "Get Code Scanning Alert", 11 | "skipFiles": [ 12 | "/**" 13 | ], 14 | "program": "${workspaceFolder}/get-code-scanning-alerts.js", 15 | "args": ["github"] 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Justin Hutchings 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Get code scanning alerts in org 2 | This repo demonstrates how to use the GitHub code scanning API to export all the alerts on an organization to a CSV file. This makes it possible for a security team to quickly audit the known vulnerabilities across their organizations that are using GitHub Advanced Security 3 | 4 | ### Running the script 5 | 1. Clone this repo to your local machine 6 | 2. Create a file called .env 7 | 3. Create a [GitHub Token](https://github.com/settings/tokens) which has the `repo` > `security_events` permission. (`repo` permission is needed for private repo) 8 | 4. Add the token to your .env file as shown `GH_AUTH_TOKEN=inserttokenhere` 9 | 5. Run `npm install` to install node dependencies 10 | 6. Run `node get-code-scanning-alerts.js orgname > output.csv` where `orgname` is the name of your target org. Note, if SSO is enabled on your org, you will need to SSO enable your token 11 | 12 | ### License 13 | This project is licensed under the MIT License. 14 | -------------------------------------------------------------------------------- /get-code-scanning-alerts.js: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | require('dotenv').config() 4 | const pReduce = require('./lib/p-reduce'); 5 | const delay = require('delay'); 6 | const {Octokit} = require('@octokit/rest') 7 | const octokit = new Octokit({ 8 | auth: process.env.GH_AUTH_TOKEN, 9 | previews: ['dorian-preview'] 10 | }) 11 | 12 | var buffer = "" 13 | 14 | const [, , ...args] = process.argv 15 | const owner = args[0] 16 | 17 | console.log("org,repo,tool,rule_id,severity,open,created_at,closed_by,closed_at,url,closed_reason") 18 | octokit 19 | .paginate(octokit.repos.listForOrg, { 20 | org: owner, 21 | }) 22 | .then(repositories => 23 | pReduce(repositories, (repository) => { 24 | if (repository.archived) { 25 | return Promise.resolve(); 26 | } 27 | const repo = repository.name 28 | 29 | return octokit 30 | .paginate("GET /repos/:owner/:repo/code-scanning/alerts?per_page=100", { 31 | owner: owner, 32 | repo: repo 33 | }) 34 | .then(alerts => { 35 | if (alerts.length > 0) { 36 | 37 | pReduce(alerts, (alert) => { 38 | console.log(`${owner},${repo},${alert.tool.name},${alert.rule.id},${alert.rule.severity},${alert.state},${alert.created_at},${alert.dismissed_by},${alert.dismissed_at},${alert.html_url},${alert.dismissed_reason}`) 39 | }) 40 | } 41 | delay(300); 42 | }) 43 | .catch(error => { 44 | // console.error(`Failed for ${owner}/${repo}\n${error.message}\n${error.documentation_url}`) 45 | }) 46 | }) 47 | 48 | ) 49 | .catch(error => { 50 | console.error(`Getting repositories for organization ${owner} failed. 51 | ${error.message} (${error.status}) 52 | ${error.documentation_url}`) 53 | }) 54 | -------------------------------------------------------------------------------- /lib/p-reduce.js: -------------------------------------------------------------------------------- 1 | const pReduce = (values, fn) => 2 | values.reduce( 3 | (prev, ...args) => prev.then(() => fn(...args)), 4 | Promise.resolve() 5 | ); 6 | 7 | module.exports = pReduce; -------------------------------------------------------------------------------- /package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "get-code-scanning-alerts", 3 | "version": "1.0.0", 4 | "lockfileVersion": 1, 5 | "requires": true, 6 | "dependencies": { 7 | "@octokit/auth-token": { 8 | "version": "2.4.2", 9 | "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.4.2.tgz", 10 | "integrity": "sha512-jE/lE/IKIz2v1+/P0u4fJqv0kYwXOTujKemJMFr6FeopsxlIK3+wKDCJGnysg81XID5TgZQbIfuJ5J0lnTiuyQ==", 11 | "requires": { 12 | "@octokit/types": "^5.0.0" 13 | } 14 | }, 15 | "@octokit/core": { 16 | "version": "2.5.4", 17 | "resolved": "https://registry.npmjs.org/@octokit/core/-/core-2.5.4.tgz", 18 | "integrity": "sha512-HCp8yKQfTITYK+Nd09MHzAlP1v3Ii/oCohv0/TW9rhSLvzb98BOVs2QmVYuloE6a3l6LsfyGIwb6Pc4ycgWlIQ==", 19 | "requires": { 20 | "@octokit/auth-token": "^2.4.0", 21 | "@octokit/graphql": "^4.3.1", 22 | "@octokit/request": "^5.4.0", 23 | "@octokit/types": "^5.0.0", 24 | "before-after-hook": "^2.1.0", 25 | "universal-user-agent": "^5.0.0" 26 | } 27 | }, 28 | "@octokit/endpoint": { 29 | "version": "6.0.5", 30 | "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.5.tgz", 31 | "integrity": "sha512-70K5u6zd45ItOny6aHQAsea8HHQjlQq85yqOMe+Aj8dkhN2qSJ9T+Q3YjUjEYfPRBcuUWNgMn62DQnP/4LAIiQ==", 32 | "requires": { 33 | "@octokit/types": "^5.0.0", 34 | "is-plain-object": "^4.0.0", 35 | "universal-user-agent": "^6.0.0" 36 | }, 37 | "dependencies": { 38 | "universal-user-agent": { 39 | "version": "6.0.0", 40 | "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz", 41 | "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w==" 42 | } 43 | } 44 | }, 45 | "@octokit/graphql": { 46 | "version": "4.5.3", 47 | "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.5.3.tgz", 48 | "integrity": "sha512-JyYvi3j2tOb5ofASEpcg1Advs07H+Ag+I+ez7buuZfNVAmh1IYcDTuxd4gnYH8S2PSGu+f5IdDGxMmkK+5zsdA==", 49 | "requires": { 50 | "@octokit/request": "^5.3.0", 51 | "@octokit/types": "^5.0.0", 52 | "universal-user-agent": "^6.0.0" 53 | }, 54 | "dependencies": { 55 | "universal-user-agent": { 56 | "version": "6.0.0", 57 | "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz", 58 | "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w==" 59 | } 60 | } 61 | }, 62 | "@octokit/plugin-paginate-rest": { 63 | "version": "2.3.0", 64 | "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.3.0.tgz", 65 | "integrity": "sha512-Ye2ZJreP0ZlqJQz8fz+hXvrEAEYK4ay7br1eDpWzr6j76VXs/gKqxFcH8qRzkB3fo/2xh4Vy9VtGii4ZDc9qlA==", 66 | "requires": { 67 | "@octokit/types": "^5.2.0" 68 | } 69 | }, 70 | "@octokit/plugin-request-log": { 71 | "version": "1.0.0", 72 | "resolved": "https://registry.npmjs.org/@octokit/plugin-request-log/-/plugin-request-log-1.0.0.tgz", 73 | "integrity": "sha512-ywoxP68aOT3zHCLgWZgwUJatiENeHE7xJzYjfz8WI0goynp96wETBF+d95b8g/uL4QmS6owPVlaxiz3wyMAzcw==" 74 | }, 75 | "@octokit/plugin-rest-endpoint-methods": { 76 | "version": "3.17.0", 77 | "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-3.17.0.tgz", 78 | "integrity": "sha512-NFV3vq7GgoO2TrkyBRUOwflkfTYkFKS0tLAPym7RNpkwLCttqShaEGjthOsPEEL+7LFcYv3mU24+F2yVd3npmg==", 79 | "requires": { 80 | "@octokit/types": "^4.1.6", 81 | "deprecation": "^2.3.1" 82 | }, 83 | "dependencies": { 84 | "@octokit/types": { 85 | "version": "4.1.10", 86 | "resolved": "https://registry.npmjs.org/@octokit/types/-/types-4.1.10.tgz", 87 | "integrity": "sha512-/wbFy1cUIE5eICcg0wTKGXMlKSbaAxEr00qaBXzscLXpqhcwgXeS6P8O0pkysBhRfyjkKjJaYrvR1ExMO5eOXQ==", 88 | "requires": { 89 | "@types/node": ">= 8" 90 | } 91 | } 92 | } 93 | }, 94 | "@octokit/request": { 95 | "version": "5.4.7", 96 | "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.4.7.tgz", 97 | "integrity": "sha512-FN22xUDP0i0uF38YMbOfx6TotpcENP5W8yJM1e/LieGXn6IoRxDMnBf7tx5RKSW4xuUZ/1P04NFZy5iY3Rax1A==", 98 | "requires": { 99 | "@octokit/endpoint": "^6.0.1", 100 | "@octokit/request-error": "^2.0.0", 101 | "@octokit/types": "^5.0.0", 102 | "deprecation": "^2.0.0", 103 | "is-plain-object": "^4.0.0", 104 | "node-fetch": "^2.3.0", 105 | "once": "^1.4.0", 106 | "universal-user-agent": "^6.0.0" 107 | }, 108 | "dependencies": { 109 | "universal-user-agent": { 110 | "version": "6.0.0", 111 | "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz", 112 | "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w==" 113 | } 114 | } 115 | }, 116 | "@octokit/request-error": { 117 | "version": "2.0.2", 118 | "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.0.2.tgz", 119 | "integrity": "sha512-2BrmnvVSV1MXQvEkrb9zwzP0wXFNbPJij922kYBTLIlIafukrGOb+ABBT2+c6wZiuyWDH1K1zmjGQ0toN/wMWw==", 120 | "requires": { 121 | "@octokit/types": "^5.0.1", 122 | "deprecation": "^2.0.0", 123 | "once": "^1.4.0" 124 | } 125 | }, 126 | "@octokit/rest": { 127 | "version": "17.11.2", 128 | "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-17.11.2.tgz", 129 | "integrity": "sha512-4jTmn8WossTUaLfNDfXk4fVJgbz5JgZE8eCs4BvIb52lvIH8rpVMD1fgRCrHbSd6LRPE5JFZSfAEtszrOq3ZFQ==", 130 | "requires": { 131 | "@octokit/core": "^2.4.3", 132 | "@octokit/plugin-paginate-rest": "^2.2.0", 133 | "@octokit/plugin-request-log": "^1.0.0", 134 | "@octokit/plugin-rest-endpoint-methods": "3.17.0" 135 | } 136 | }, 137 | "@octokit/types": { 138 | "version": "5.2.1", 139 | "resolved": "https://registry.npmjs.org/@octokit/types/-/types-5.2.1.tgz", 140 | "integrity": "sha512-PugtgEw8u++zAyBpDpSkR8K1OsT2l8QWp3ECL6bZHFoq9PfHDoKeGFWSuX2Z+Ghy93k1fkKf8tsmqNBv+8dEfQ==", 141 | "requires": { 142 | "@types/node": ">= 8" 143 | } 144 | }, 145 | "@types/node": { 146 | "version": "14.0.27", 147 | "resolved": "https://registry.npmjs.org/@types/node/-/node-14.0.27.tgz", 148 | "integrity": "sha512-kVrqXhbclHNHGu9ztnAwSncIgJv/FaxmzXJvGXNdcCpV1b8u1/Mi6z6m0vwy0LzKeXFTPLH0NzwmoJ3fNCIq0g==" 149 | }, 150 | "before-after-hook": { 151 | "version": "2.1.0", 152 | "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.1.0.tgz", 153 | "integrity": "sha512-IWIbu7pMqyw3EAJHzzHbWa85b6oud/yfKYg5rqB5hNE8CeMi3nX+2C2sj0HswfblST86hpVEOAb9x34NZd6P7A==" 154 | }, 155 | "cross-spawn": { 156 | "version": "6.0.5", 157 | "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz", 158 | "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==", 159 | "requires": { 160 | "nice-try": "^1.0.4", 161 | "path-key": "^2.0.1", 162 | "semver": "^5.5.0", 163 | "shebang-command": "^1.2.0", 164 | "which": "^1.2.9" 165 | } 166 | }, 167 | "delay": { 168 | "version": "4.4.0", 169 | "resolved": "https://registry.npmjs.org/delay/-/delay-4.4.0.tgz", 170 | "integrity": "sha512-txgOrJu3OdtOfTiEOT2e76dJVfG/1dz2NZ4F0Pyt4UGZJryssMRp5vdM5wQoLwSOBNdrJv3F9PAhp/heqd7vrA==" 171 | }, 172 | "deprecation": { 173 | "version": "2.3.1", 174 | "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", 175 | "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" 176 | }, 177 | "dotenv": { 178 | "version": "8.2.0", 179 | "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz", 180 | "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw==" 181 | }, 182 | "end-of-stream": { 183 | "version": "1.4.4", 184 | "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", 185 | "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", 186 | "requires": { 187 | "once": "^1.4.0" 188 | } 189 | }, 190 | "execa": { 191 | "version": "1.0.0", 192 | "resolved": "https://registry.npmjs.org/execa/-/execa-1.0.0.tgz", 193 | "integrity": "sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==", 194 | "requires": { 195 | "cross-spawn": "^6.0.0", 196 | "get-stream": "^4.0.0", 197 | "is-stream": "^1.1.0", 198 | "npm-run-path": "^2.0.0", 199 | "p-finally": "^1.0.0", 200 | "signal-exit": "^3.0.0", 201 | "strip-eof": "^1.0.0" 202 | } 203 | }, 204 | "get-stream": { 205 | "version": "4.1.0", 206 | "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz", 207 | "integrity": "sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==", 208 | "requires": { 209 | "pump": "^3.0.0" 210 | } 211 | }, 212 | "is-plain-object": { 213 | "version": "4.1.1", 214 | "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-4.1.1.tgz", 215 | "integrity": "sha512-5Aw8LLVsDlZsETVMhoMXzqsXwQqr/0vlnBYzIXJbYo2F4yYlhLHs+Ez7Bod7IIQKWkJbJfxrWD7pA1Dw1TKrwA==" 216 | }, 217 | "is-stream": { 218 | "version": "1.1.0", 219 | "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", 220 | "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=" 221 | }, 222 | "isexe": { 223 | "version": "2.0.0", 224 | "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", 225 | "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=" 226 | }, 227 | "macos-release": { 228 | "version": "2.4.1", 229 | "resolved": "https://registry.npmjs.org/macos-release/-/macos-release-2.4.1.tgz", 230 | "integrity": "sha512-H/QHeBIN1fIGJX517pvK8IEK53yQOW7YcEI55oYtgjDdoCQQz7eJS94qt5kNrscReEyuD/JcdFCm2XBEcGOITg==" 231 | }, 232 | "nice-try": { 233 | "version": "1.0.5", 234 | "resolved": "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz", 235 | "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==" 236 | }, 237 | "node-fetch": { 238 | "version": "2.6.1", 239 | "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz", 240 | "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==" 241 | }, 242 | "npm-run-path": { 243 | "version": "2.0.2", 244 | "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", 245 | "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", 246 | "requires": { 247 | "path-key": "^2.0.0" 248 | } 249 | }, 250 | "once": { 251 | "version": "1.4.0", 252 | "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", 253 | "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", 254 | "requires": { 255 | "wrappy": "1" 256 | } 257 | }, 258 | "os-name": { 259 | "version": "3.1.0", 260 | "resolved": "https://registry.npmjs.org/os-name/-/os-name-3.1.0.tgz", 261 | "integrity": "sha512-h8L+8aNjNcMpo/mAIBPn5PXCM16iyPGjHNWo6U1YO8sJTMHtEtyczI6QJnLoplswm6goopQkqc7OAnjhWcugVg==", 262 | "requires": { 263 | "macos-release": "^2.2.0", 264 | "windows-release": "^3.1.0" 265 | } 266 | }, 267 | "p-finally": { 268 | "version": "1.0.0", 269 | "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", 270 | "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=" 271 | }, 272 | "p-reduce": { 273 | "version": "2.1.0", 274 | "resolved": "https://registry.npmjs.org/p-reduce/-/p-reduce-2.1.0.tgz", 275 | "integrity": "sha512-2USApvnsutq8uoxZBGbbWM0JIYLiEMJ9RlaN7fAzVNb9OZN0SHjjTTfIcb667XynS5Y1VhwDJVDa72TnPzAYWw==" 276 | }, 277 | "path-key": { 278 | "version": "2.0.1", 279 | "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", 280 | "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=" 281 | }, 282 | "pump": { 283 | "version": "3.0.0", 284 | "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", 285 | "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", 286 | "requires": { 287 | "end-of-stream": "^1.1.0", 288 | "once": "^1.3.1" 289 | } 290 | }, 291 | "semver": { 292 | "version": "5.7.1", 293 | "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", 294 | "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" 295 | }, 296 | "shebang-command": { 297 | "version": "1.2.0", 298 | "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz", 299 | "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=", 300 | "requires": { 301 | "shebang-regex": "^1.0.0" 302 | } 303 | }, 304 | "shebang-regex": { 305 | "version": "1.0.0", 306 | "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz", 307 | "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=" 308 | }, 309 | "signal-exit": { 310 | "version": "3.0.3", 311 | "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz", 312 | "integrity": "sha512-VUJ49FC8U1OxwZLxIbTTrDvLnf/6TDgxZcK8wxR8zs13xpx7xbG60ndBlhNrFi2EMuFRoeDoJO7wthSLq42EjA==" 313 | }, 314 | "strip-eof": { 315 | "version": "1.0.0", 316 | "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", 317 | "integrity": "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8=" 318 | }, 319 | "universal-user-agent": { 320 | "version": "5.0.0", 321 | "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-5.0.0.tgz", 322 | "integrity": "sha512-B5TPtzZleXyPrUMKCpEHFmVhMN6EhmJYjG5PQna9s7mXeSqGTLap4OpqLl5FCEFUI3UBmllkETwKf/db66Y54Q==", 323 | "requires": { 324 | "os-name": "^3.1.0" 325 | } 326 | }, 327 | "which": { 328 | "version": "1.3.1", 329 | "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", 330 | "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", 331 | "requires": { 332 | "isexe": "^2.0.0" 333 | } 334 | }, 335 | "windows-release": { 336 | "version": "3.3.1", 337 | "resolved": "https://registry.npmjs.org/windows-release/-/windows-release-3.3.1.tgz", 338 | "integrity": "sha512-Pngk/RDCaI/DkuHPlGTdIkDiTAnAkyMjoQMZqRsxydNl1qGXNIoZrB7RK8g53F2tEgQBMqQJHQdYZuQEEAu54A==", 339 | "requires": { 340 | "execa": "^1.0.0" 341 | } 342 | }, 343 | "wrappy": { 344 | "version": "1.0.2", 345 | "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", 346 | "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" 347 | } 348 | } 349 | } 350 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "get-code-scanning-alerts", 3 | "version": "1.0.0", 4 | "description": "Gets stats about code scanning alerts in an organization", 5 | "main": "get-code-scanning-alerts.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "GitHub", 10 | "license": "MIT", 11 | "dependencies": { 12 | "@octokit/rest": "^17.11.2", 13 | "delay": "^4.4.0", 14 | "dotenv": "^8.2.0", 15 | "p-reduce": "^2.1.0" 16 | } 17 | } 18 | --------------------------------------------------------------------------------