Name		Name	Last commit message	Last commit date
Latest commit History 93 Commits
.github		.github
docs		docs
ghasreview		ghasreview
.dockerignore		.dockerignore
.gitignore		.gitignore
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
Dockerfile		Dockerfile
LICENSE		LICENSE
Pipfile		Pipfile
Pipfile.lock		Pipfile.lock
README.md		README.md
SECURITY.md		SECURITY.md
SUPPORT.md		SUPPORT.md
docker-compose.yml		docker-compose.yml
wsgi.py		wsgi.py

Repository files navigation

GHAS Reviewer App

Overview

GitHub Advanced Security (GHAS) Reviewer App allows security teams to enforces a reviewer to approve and dismiss alerts. This allows security experts to provide 4-eyes principle over all security alerts generated in GitHub.

Caution

The public GitHub App will be sent security data and is only used for testing purposes. It is recommended to deploy your own instance of the app for production use.

Public GitHub App

✨ Features

Re-open closed alerts if an unapproved users changes the alert
GitHub Advanced Security Features
- Code Scanning alerts
- Secret Scanning alerts
- Dependabot alerts

⚡️ Requirements

Python +3.9
GitHub Application Setup
- Permissions
[optional] Docker / Docker Compose

Usage

GHAS Reviewer is a Python based web application which primarily uses Docker for easy deployment.

GitHub Application Configuration

Checkout how to setup a GitHub App here.

Store the App key so the service can read it from the path provided along with the other environment variables or cli arguments.

Environment Variable:

# Application ID
GITHUB_APP_ID=123456
# Path to the App private key
GITHUB_APP_KEY_PATH=./config/key.pem
# or use the private key directly
GITHUB_APP_KEY=-----BEGIN PRIVATE KEY-----\n...
# Webhook Secret
GITHUB_APP_SECRET=123456789012345678901234567890

Permissions

The GitHub App requires the following permissions:

Repository
- Security Events: Read & Write

Container / Docker

The application is designed to be run in a container, this allows for easy deployment and scaling.

Pull / Download image:

# Pull latest (or a release)
docker pull ghcr.io/advanced-security/ghas-reviewer-app:main

Or Build From Source:

docker build -t {org}/ghas-reviewer-app .

Run Docker Image:

docker run \
    --env-file=.env \
    -v ./config:/ghasreview/config \
    -p 8000:8000 \ 
    ghcr.io/advanced-security/ghas-reviewer-app:main

Docker Compose

If you are testing the GitHub App you can quickly use Docker Compose to spin-up the container.

docker-compose build
docker-compose up -d

Limitations

Pull Request require team approval
No Dependabot or Secret Scanning support

Maintainers / Contributors

@GeekMasher - Author / Core Maintainer

Support

Please create GitHub Issues if there are bugs or feature requests.

This project uses Sematic Versioning (v2) and with major releases, breaking changes will occur.

License

This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

GHAS Reviewer App

Overview

✨ Features

⚡️ Requirements

Usage

GitHub Application Configuration

Permissions

Container / Docker

Docker Compose

Limitations

Maintainers / Contributors

Support

License

About

Releases 4

Packages

Contributors 5

Languages

License

advanced-security/ghas-reviewer-app

Folders and files

Latest commit

History

Repository files navigation

GHAS Reviewer App

Overview

✨ Features

⚡️ Requirements

Usage

GitHub Application Configuration

Permissions

Container / Docker

Docker Compose

Limitations

Maintainers / Contributors

Support

License

About

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases 4

Packages 0

Contributors 5

Languages

Packages