GitHunt
AL

alphagov/cyber-security-security-advisory-dashboard

A web dashboard surfacing the state of github security advisories across our estate

cyber-securitycyber-security-team

Total alerts Language grade: JavaScript Language grade: Python

Security Advisory Dashboard

Prerequisites

  • Check you have docker and docker-compose installed
docker --version
docker-compose --version

  • Set a GITHUB_ORG env var containing the organisation login short name
    from the GitHub URL.

  • Set a TOKEN env var containing a read-only personal access token for a GitHub org
    admin user. The permissions needed for the token are:

repo, read:org, read:public_key, read:repo_hook, read:user, user:email

(Alternatively the token can be retrieved from SSM if the make command
is run via aws-vault or similar to set AWS credentials.)

  • Create or change the settings.[env].json file

Run an audit

make audit

Gets the paged repository data with vulnerability alerts

The audit process runs the api calls to collect vulnerability and
activity data from github as well as the dependabot config API to
determine which repositories have dependabot enabled.

Run audit component tasks

You can run individual tasks from the audit process for testing.

For example to rebuild the interface route template data files you
can call the following:

make task TASK=routes

You can call the tasks separately because the full audit takes a long
time to run.

Run a local dev server

The run task currently runs the npm install and then runs the gulp tasks
to build the static assets, js and css.

make run

Run the tests

Run the unit tests by running

make test

Terraform

Build

Before you can run the terraform you need to create a zipped lambda
deployment.

You can do that by running

make zip

TODO We can probably make the terraform run the zip command

Init

The terraform is in build/terraform

To init you need a backend.tfvars

bucket  = "<bucket name>"
key     = "<state file path>"
region  = "eu-west-2"
encrypt = true

Then you can run

terraform init -reconfigure -backend-config=path/to/backend.tfvars

Plan or apply

You need an apply.tfvars

region              = "eu-west-2"
bucket_prefix       = "cyber-security"
runtime             = "python3.7"

github_org          = "<github organisation shortname>"

Service             = "github-audit"
SvcOwner            = "<who to email>"
Environment         = "<should match a setting file env>"
DeployedUsing       = "Terraform"
SvcCodeURL          = "https://github.com/alphagov/cyber-security-security-advisory-dashboard"

Then you can run

terraform apply -var-file=path/to/apply.tfvars

Find vars at

https://github.com/alphagov/cyber-security-terraform/tree/master/service/github_audit/account/103495720024

Languages

Python49.1%HTML28.9%HCL19.6%Shell1.4%Makefile0.8%Dockerfile0.2%
MIT License
Created August 20, 2019
Updated June 19, 2025
alphagov/cyber-security-security-advisory-dashboard | GitHunt