Skip to content
/ ghas-reviewer-app Public

GitHub Advanced Security Pull Request Security Team required review GitHub App

License

MIT license
28 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

advanced-security/ghas-reviewer-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

102 Commits

.github

.github

 
 

docs

docs

 
 

ghasreview

ghasreview

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Pipfile

Pipfile

 
 

Pipfile.lock

Pipfile.lock

 
 

README.md

README.md

 
 

SECURITY.md

SECURITY.md

 
 

SUPPORT.md

SUPPORT.md

 
 

docker-compose.yml

docker-compose.yml

 
 

wsgi.py

wsgi.py

 
 

Repository files navigation

GHAS Reviewer App

GitHub GitHub Actions GitHub Issues GitHub Stars Licence

Overview

GitHub Advanced Security (GHAS) Reviewer App allows security teams to enforces a reviewer to approve and dismiss alerts. This allows security experts to provide 4-eyes principle over all security alerts generated in GitHub.

Caution

The public GitHub App will be sent security data and is only used for testing purposes. It is recommended to deploy your own instance of the app for production use.

Public GitHub App

✨ Features

⚡️ Requirements

  • Python +3.9
  • GitHub Application Setup
  • [optional] Docker / Docker Compose

Usage

GHAS Reviewer is a Python based web application which primarily uses Docker for easy deployment.

GitHub Application Configuration

Checkout how to setup a GitHub App here.

Store the App key so the service can read it from the path provided along with the other environment variables or cli arguments.

Environment Variable:

# Application ID
GITHUB_APP_ID=123456
# Path to the App private key
GITHUB_APP_KEY_PATH=./config/key.pem
# or use the private key directly
GITHUB_APP_KEY=-----BEGIN PRIVATE KEY-----\n...
# Webhook Secret
GITHUB_APP_SECRET=123456789012345678901234567890

Permissions

The GitHub App requires the following permissions:

  • Repository
    • Security Events: Read & Write

Container / Docker

The application is designed to be run in a container, this allows for easy deployment and scaling.

Pull / Download image:

# Pull latest (or a release)
docker pull ghcr.io/advanced-security/ghas-reviewer-app:main

Or Build From Source:

docker build -t {org}/ghas-reviewer-app .

Run Docker Image:

docker run \
    --env-file=.env \
    -v ./config:/ghasreview/config \
    -p 8000:8000 \ 
    ghcr.io/advanced-security/ghas-reviewer-app:main

Docker Compose

If you are testing the GitHub App you can quickly use Docker Compose to spin-up the container.

docker-compose build
docker-compose up -d

Limitations

  • Pull Request require team approval
  • No Dependabot or Secret Scanning support

Maintainers / Contributors

Support

Please create GitHub Issues if there are bugs or feature requests.

This project uses Sematic Versioning (v2) and with major releases, breaking changes will occur.

License

This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.

About

GitHub Advanced Security Pull Request Security Team required review GitHub App

Topics

github-app advanced-security

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

28 stars

Watchers

3 watching

Forks

6 forks
Report repository

Packages 1

 

Contributors 3

Languages