GitShow/jessfraz/secping
jessfraz

secping

A tool for reading the SECURITY_CONTACTS file in a kubernetes repository.

by jessfraz
Star on GitHubFork

Go

11 stars4 forks4 contributorsQuiet · 6mo agoSince 2018MIT

Meet the team

See all 4 on GitHub →
jessfraz
jessfraz26 contributions
fejta
fejta2 contributions
toc-me[bot]Bot
toc-me[bot]1 contribution

Languages

View on GitHub →
Go69.6%
Makefile27.7%
Dockerfile2.7%

Commit activity

Last 12 weeks · 0 commits

Full graph →

Community health

2 of 6 standards met

Community profile →
42
✓README✓License○Contributing○Code of Conduct○Issue Template○PR Template

Recent PRs & issues

Quiet · 3 in progress · Last activity 6mo ago
See all on GitHub →
sfowl
Draft: Update for SECURITY_CONTACTS merge into OWNERSOpenPR

Draft to support proposed change here: https://github.com/kubernetes/security/issues/56 https://github.com/kubernetes/community/pull/5398 We might also want to temporarily disable secping from running in test-infra, during the migration from SECURITY_CONTACTS to OWNERS: https://github.com/kubernetes/test-infra/blob/master/config/jobs/kubernetes/test-infra/fejta-bot-periodics.yaml#L333

sfowl · 5y ago
fejta
getIssue() should search for issues created by token userOpenIssue

Currently this is hard-coded to jessfraz: https://github.com/jessfraz/secping/blob/eb0c7abc31ba2d68472c9ee18c7e8db7f0e81565/main.go#L329-L331 We should probably use this api instead: https://developer.github.com/v3/users/#get-the-authenticated-user

fejta · 7y ago
fejta
Errors leak oauth tokenOpenIssue

If you call this with --token=foo then the program prints an error with foo in the name (which leaks out to gubernator and gcs) https://github.com/jessfraz/secping/blob/eb0c7abc31ba2d68472c9ee18c7e8db7f0e81565/main.go#L176-L179

fejta · 7y ago

Recent fixes

View closed PRs →
justaugustus
Which branch?MergedPR
justaugustus · 4y ago
fejta
Add a bunch of new functionalityMergedPR

Search for issue opened by anyone, not just Jess ;-) Create new issue when previous one was closed without creating the SECURITY_CONTACTS file () Ping open issues on a regular basis () Auto-assign people (, , ) Auto-close issues once there is a SECURITY_CONTACTS file () Add flags to modify behavior: : control which orgs to scan : do not scan this repo : do not log email addresses in the file : actually created/edit issues, otherwise pretend. : read token from this file instead of putting the value in Require go-github to be on the local path until https://github.com/google/go-github/pull/1076 is addressed

fejta · 7y ago
fejta
Github expects token $TOKEN rather than bearer $TOKENClosedIssue

https://github.com/jessfraz/secping/blob/eb0c7abc31ba2d68472c9ee18c7e8db7f0e81565/main.go#L119 Looks like t.TokenType = "token" will fix this: https://godoc.org/golang.org/x/oauth2#Token.Type

fejta · 7y ago
Structured data for AI agents

Repository: jessfraz/secping. Description: A tool for reading the SECURITY_CONTACTS file in a kubernetes repository. Stars: 11, Forks: 4. Primary language: Go. Languages: Go (69.6%), Makefile (27.7%), Dockerfile (2.7%). License: MIT. Open PRs: 3, open issues: 2. Last activity: 6mo ago. Community health: 42%. Top contributors: jessfraz, fejta, toc-me[bot].

·@ofershap

Replace github.com with gitshow.dev