Giter Club home page Giter Club logo

iq-scm-audit's Introduction

IQ SCM Audit

Overview

This tool will take a GitHub graphql repository search query to fetch a list of GitHub source code repositories and for each repository:

  • Create an IQ Application
  • Configure IQ Application against source control
  • Scan GitHub reported dependencies against IQ Application using third party data API
  • Download and evaluate policy against latest GitHub release assets
  • Download and evaluate policy against latest GitHub Packages assets
  • Create GitHub Issue in repository with results and hints on how to configure CI tools

Setup

IQ SCM Audit works best when:

  • The GitHub repositories' Dependency Graphs are enabled.
  • The GitHub repositories have at least one Release or Package with evaluatable assets.
  • The JVM is installed to run a policy evaluation using the CLI. Note that if the JVM is not installed you must set skipIQEvaluations to true and there is no need to have a GitHub Release or Package.

Usage

Usage:
iq-scm-audit [options]
  -gitHubQuery string
    	Query String for GitHub graphql repository search (GITHUB_QUERY)
  -gitHubToken string
    	GitHub Token (GITHUB_TOKEN)
  -iqOrganization string
    	Organization to create new applications (IQ_ORGANIZATION)
  -iqPassword string
    	Nexus IQ Password (IQ_PASSWORD)
  -iqServerUrl string
    	Nexus IQ Server Url (IQ_SERVER_URL)
  -iqUsername string
    	Nexus IQ Username (IQ_USERNAME)
  -iqcontact string
    	Email of person to contact for access to Nexus IQ (IQ_CONTACT)
  -skipExistingApplications
    	Skip Audit and Evaluation against existing applications
  -skipIQEvaluations
    	Skip IQ Evaluations against latest Release or Package assets
  -skipIssueCreation
    	Skip GitHub Issue Creation

Example Queries

Queries can be formed to search for organizations:

org:whyjustin

or particular repositories:

whyjustin/spring-hello-webmvc

iq-scm-audit's People

Contributors

whyjustin avatar

Watchers

avatar avatar

Forkers

sonatype-nexus-community

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.