Skip to content

chore: cleanup some old links #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
scastlara merged 1 commit into from
Dec 16, 2024
Merged

chore: cleanup some old links #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 4 additions & 7 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,29 +36,26 @@ sheriff patrol --url gitlab://your-namespace-or-group --report-to-issue
Sheriff analyzes repositories in source code repository hosting services (such as GitLab) looking for vulnerabilities
in the dependencies of the scanned repositories. Sheriff uses one or several third-party scanners to detect these vulnerabilities, and aggregates them into its reports. See a list of supported platforms and scanners in the [section below](#supported-platforms).

Sheriff is best used for analyzing vulnerabilities in bulk, regularly scanning groups of repositories to provide an overview of which vulnerabilities affect them. For that, Sheriff provides different types of reports, and it can publish them to different platforms: gitlab, ?.
Sheriff is best used for analyzing vulnerabilities in bulk, regularly scanning groups of repositories to provide an overview of which vulnerabilities affect them. For that, Sheriff provides different types of reports, and it can publish them to different platforms such as GitLab (see [supported platforms section](#supported-platforms)).

### Issue in the affected repository

Sheriff will keep an open issue in each one of the analyzed repositories, providing a detailed report of which vulnerabilities have been found by its scanners.

<img width="600" alt='issue-report' src='./assets/issue-report.png'>


### Report message

Sheriff will post a message to a messaging service with an overview of the analyzed repositories and the vulerabilities detected. This message is intended to provide a generic overview to those in charge of security to oversee the state of a given group of repositories.

<img width='400' alt='msg-report' src='assets/report-msg.png'>


### Specific repository message

Project teams can also be informed regularly by Sheriff (if they want to) by configuring a channel to which Sheriff should report its findings of a given repository. The message generated by Sheriff will be slightly different, and will contain only information relevant for the repository maintainers.

<img width='400' alt='repo-report' src='assets/report-repo.png'>


## Installation

### Docker
Expand Down Expand Up @@ -115,13 +112,13 @@ report-to-gitlab-issue = true
And if you wish to specify a different file, you can do so with `sheriff patrol --config your-config-file.toml`.

> [!NOTE]
> When using several type of configuration at once there is an order of preference: **cli flags** > **env vars** > **config file**
> When using several types of configurations at once there is an order of preference: **cli flags** > **env vars** > **config file**

## Supported platforms

### Source code hosting services

- [x] [GitLab](https://gitlab.com/dashboard/merge_requests?assignee_username=sergio.lara1)
- [x] [GitLab](https://gitlab.com)
- [ ] [GitHub](https://github.com) ([#9](https://github.com/elementsinteractive/sheriff/issues/9))

### Messaging services
Expand Down Expand Up @@ -156,4 +153,4 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d

<!-- ALL-CONTRIBUTORS-LIST:END -->

This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!
4 changes: 2 additions & 2 deletions internal/publish/to_gitlab.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,9 +146,9 @@ func getVulnReportHeader() string {
currentTime := now().Local()

return fmt.Sprintf(`
ℹ️ This issue lists all the vulnerabilities found in the project by [Sheriff](https://gitlab.com/namespace/sheriff) on %s.
ℹ️ This issue lists all the vulnerabilities found in the project by [Sheriff](https://github.com/elementsinteractive/sheriff) on %s.

Please review the vulnerabilities and take the necessary actions to fix or acknowledge them, see the [sheriff documentation](https://security-scanner-c26e93.gitlab.io/user-guide/) for more information.`,
Please review the vulnerabilities and take the necessary actions to fix or acknowledge them, see the [sheriff documentation](https://github.com/elementsinteractive/sheriff) for more information.`,
currentTime.Format("2006-01-02"),
)
}
2 changes: 1 addition & 1 deletion internal/publish/to_gitlab_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ func TestGitlabIssueReportHeader(t *testing.T) {

got := getVulnReportHeader()

want := `ℹ️ This issue lists all the vulnerabilities found in the project by [Sheriff](https://gitlab.com/namespace/sheriff) on 2021-01-01.`
want := `ℹ️ This issue lists all the vulnerabilities found in the project by [Sheriff](https://github.com/elementsinteractive/sheriff) on 2021-01-01.`

assert.Contains(t, got, want)

Expand Down
Loading