Dependabot Vulnerability Viewer

Displays Dependabot vulnerability alerts of multiple repositories on a single page. Only vulnerabilities of repositories that your personal access token has access to will be displayed (restriction of GitHub's GraphQL API).

Demo

Hosted at dependabot-vuln-viewer.vercel.app.

Disclaimer: Your personal access token is, in theory, never sent to the server (the GraphQL API request is made by the browser). However, due to the magic behind Next.js and Apollo Client, I cannot guarantee it. Feel free to clone the repo and run it in local. Let me know if you know more than I do on this subject.

Query String

Can be any valid advanced search query string:

user:<a GitHub user>,
repo:<repo owner>/<repo name>,
etc.,
any combination of the above.

Personal Access Token

See here to create a personal access token for the GitHub API. Only the repo scope is needed, or public_repo if you don't care about private repositories.

Install & Run

git clone https://github.com/nyg/dependabot-vuln-viewer.git
cd dependabot-vuln-viewer
npm install
npm run dev # localhost:3000

Improvements

Store settings in localStorage
Add OAuth login, GitHub Enterprise

Name		Name	Last commit message	Last commit date
Latest commit History 186 Commits
.github/workflows		.github/workflows
components		components
graphql		graphql
pages		pages
public		public
styles		styles
utils		utils
.env.production		.env.production
.eslintrc.json		.eslintrc.json
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
next.config.js		next.config.js
package-lock.json		package-lock.json
package.json		package.json
pnpm-lock.yaml		pnpm-lock.yaml
postcss.config.js		postcss.config.js
renovate.json		renovate.json
tailwind.config.js		tailwind.config.js

License

nyg/dependabot-vuln-viewer

Folders and files

Latest commit

History

Repository files navigation

Dependabot Vulnerability Viewer

Demo

Query String

Personal Access Token

Install & Run

Improvements

About

Topics

Resources

License

Stars

Watchers

Forks

Languages