DependabotReport

Dependabot Report is a command line tool that creates reports from Dependabot. Sometimes you want to share this information with people or collaborate on that information outside of github.

Installation

Install it:

$ gem install dependabot_report

Usage

Run this to print out usage:

$ dependabot_report

Typical usage example to create a CSV of all dependabot vulnerabilities for two repositories:

$ dependabot_report csv joshuacronemeyer dependabot_report shellsink --oauth_token=some-token-string

You can find instructions for getting an oauth token here. Be sure to give it repo access for whatever repo you are reporting on.

Limitations

If a repo has more than 100 alerts the report will not include them since we don't paginate from the github API.

Development

After checking out the repo, run bin/setup to install dependencies. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/dependabot_report. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the DependabotReport project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.