Github

Over the years, GitHub organizations tend to accumulate repositories. Some are actively maintained, others slowly fade into obscurity, and a few become completely forgotten. Without a systematic way to assess repository health across an entire organization, it’s easy to lose track of what’s actively maintained and what’s collecting digital dust. I built Patina to solve this problem. What is Patina? Patina is a command-line tool that scans GitHub organizations to identify and assess repository freshness. The name comes from the surface coating that forms on materials over time—a fitting metaphor for detecting code that’s been left untouched. ...

At work I recently had to show our risk profile with Github vulnerability alerts and display them in Domo. Github’s APIv3 (REST) doesn’t allow you to query the vulnerability alerts, but APIv4 (GraphQL) does. I found the documentation around gathering those results very opaque due to being in Preview status, so here are some examples for pulling out the data you need. Github Vulnerability Alerts can be enabled in the Settings component of a repository. It will scan the dependencies listed in various package managers (requirements.txt, package.json, etc) and build a dependency graph (super cool!). From there, each dependency is checked for CVEs posted on public vulnerability websites. This is useful information but it is difficult to visualize when you have many (in my case, hundreds) of repositories to watch. ...