Centralized reporting on GitHub dependency scanning outputs
🐈🎃 Dependencies can be spooky! 🎃🐈
BlackCat is a tool for the centralization of github dependency scanning outputs, mainly through output to splunk, which allows for
better tracking and reporting at an organizational level using GitHub’s dependency scanning functionality.
Before you begin, There’s a few pieces of information blackcat needs:
read:org
and repo
You should put these two items in the config.yml(see config.example.yml for reference) file, along with any other additional options
If you’re using kubernetes, put these values in k8s/secrets.yml
instead.
Now that you’ve configured BlackCat, it can be deployed in a few ways:
pip install pipenv
pipenv install
pipenv run python blackcat/main.py --enable
pipenv run python blackcat/main.py
docker build -t blackcat:latest .
docker run blackcat:latest --enable
docker run blackcat:latest
This assumes a basic knowledge of kubernetes, as well as an existing cluster and registry.
Using Docker
section above and publish that image to your container registry k8s-cron.spec
to run at whatever interval you want (Defaults to every day at 15:00:00)secrets.yml
(More Info)kubectl apply -f ./k8s/secrets.yml
kubectl create -f ./k8s/k8s-cron.spec
kubectl create -f ./k8s/enabler-cron.spec