A GitHub action for organizations that enables advanced security code scanning on all new repos

Last update: May 17, 2022

Overview

Advanced-Security-Enforcer

What this repository does

This code is for an active GitHub Action written in Python to check (on a schedule) for new repositories created in the last 24 hours and open pull requests in the new repositories to enable GitHub advanced security code scanning.

Support

If you need support using this project or have questions about it, please open up an issue in this repository. Requests made directly to GitHub staff or support team will be redirected here to open an issue. GitHub SLA's and support/services contracts do not apply to this repository.

Example workflow

name: Enforce advanced security scanning

on:
  repository_dispatch:
  schedule:
    - cron: '00 5 * * *'

jobs:
  build:
    name: Enforce advanced security scanning
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/[email protected]
    
    - name: Run enforcer tool
      uses: github/[email protected]
      env:
        GH_ACTOR: ${{ secrets.GH_ACTOR }}
        GH_TOKEN: ${{ secrets.GH_TOKEN }}
        ORGANIZATION: ${{ secrets.ORGANIZATION }}
        PR_BODY: your text goes here

Be sure to fill out the env values above with your information. More info on creating secrets can be found here.
Your GitHub token will need to have read/write access to all the repos in the organization

How it does this

A CRON job on GitHub actions triggers a nightly run of this script
The script checks for new repositories by storing the known repositories to a file
It then iterates over new repositories and opens a pull request for the codeql.yml file stored in this repository

Contributions

We would ❤️ contributions to improve this action. Please see CONTRIBUTING.md for how to get involved.

Instructions to run locally

Clone the repository
Create a personal access token with read only permissions
Copy the .env-example file to .env
Edit the .env file by adding your Personal Access Token to it and the desired organization
Install dependencies pip install -r requirements.txt
Run the code python3 enforcer.py
Note the log output for details on any pull requests that were opened
After running locally this will have changed your git config user.name and user.email so those should be reset for this repository

License

MIT

Comments

Get timedelta delay from config instead of hardcode 24hrs
fixes #29

[x] Change time delay to configurable so that instead of checking for repos created yesterday, users can choose, via the .env file, an optional delay such as 1 week or 3 days in order to allow time for actual code to be pushed to the repository.

[x] Update the .env-example

[x] Write up documentation on the README for how to set the delay

[x] Test

enhancement
opened by zkoppert 4
Bump github3-py from 1.3.0 to 2.0.0
Bumps github3-py from 1.3.0 to 2.0.0.

Commits

9345f86 Release v2.0

6572d75 Merge pull request #1020 from sigmavirus24/fix-history-keyerrors

2bf6380 Rollback changes to unnecessary fields

0f2b844 Fix gist.history keyerrors

99c6515 Merge pull request #1017 from sigmavirus24/add-github-labeler

0632e9b Add Github Labeler

404ea04 Merge pull request #1015 from sigmavirus24/remove-unicode-handling

b28febf Add changes to release notes

cd1af16 Remove unicode legacy code

5766ecd Merge pull request #1013 from sigmavirus24/deprecated-code-removal

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 2
Bump python-dotenv from 0.19.2 to 0.20.0
Bumps python-dotenv from 0.19.2 to 0.20.0.

Release notes

Sourced from python-dotenv's releases.

Version 0.20.0

Added

Add encoding (Optional[str]) parameter to get_key, set_key and unset_key. (#379 by @bbc2)

Fixed

Use dict to specify the entry_points parameter of setuptools.setup (#376 by @mgorny).

Don't build universal wheels (#387 by @bbc2).

Changelog

Sourced from python-dotenv's changelog.

[0.20.0] - 2022-03-24

Added

Add encoding (Optional[str]) parameter to get_key, set_key and unset_key. (#379 by [@bbc2])

Fixed

Use dict to specify the entry_points parameter of setuptools.setup (#376 by [@mgorny]).

Don't build universal wheels (#387 by [@bbc2]).

Commits

53cee8c Release version 0.20.0

3832011 Don't mark wheels as universal (#387)

06c645c Fix installing entry points

157282c Add encoding parameter to {get,set,unset}_key

ba9408c chore: add test with Python 3.11 (#368)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 1
Bump github3-py from 3.1.0 to 3.1.2
Bumps github3-py from 3.1.0 to 3.1.2.

Commits

efa105e Release 3.1.2

196814e Merge pull request #1078 from dev022022/patch-1

92a0b1d Add extra flag [crpyto] for PyJWT dependency

28abf6d Merge pull request #1076 from sigmavirus24/support-adding-parents-to-teams

3c965e3 Update to prepare for 3.1.1 release

4e11e8f Support adding parent teams

dccad7d Create codeql-analysis.yml

6db9296 Merge pull request #1074 from greggilbert/feature/add-deployment-statuses

40b9f2e [pre-commit.ci] auto fixes from pre-commit.com hooks

f4314e8 Bump release notes, add self to authors

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 1
Bump github3-py from 3.1.0 to 3.1.1
Bumps github3-py from 3.1.0 to 3.1.1.

Commits

28abf6d Merge pull request #1076 from sigmavirus24/support-adding-parents-to-teams

3c965e3 Update to prepare for 3.1.1 release

4e11e8f Support adding parent teams

dccad7d Create codeql-analysis.yml

6db9296 Merge pull request #1074 from greggilbert/feature/add-deployment-statuses

40b9f2e [pre-commit.ci] auto fixes from pre-commit.com hooks

f4314e8 Bump release notes, add self to authors

6935b76 Allow more deployment statuses per Github docs

1d27cfe Merge pull request #1073 from sigmavirus24/release/3.1

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 1
Bump python-dotenv from 0.20.0 to 0.21.0
Bumps python-dotenv from 0.20.0 to 0.21.0.

Release notes

Sourced from python-dotenv's releases.

Version 0.21.0

What's Changed

Added

CLI: add support for invocations via 'python -m'. (#395 by @theskumar)

load_dotenv function now returns False. (#388 by @larsks)

CLI: add --format= option to list command. (#407 by @sammck)

Fixed

Drop Python 3.5 and 3.6 and upgrade GA (#393 by @eggplants)

Use open instead of io.open. (#389 by @rabinadk1)

Improve documentation for variables without a value (#390 by @bbc2)

Add parse_it to Related Projects by (#410 by @naorlivne)

Update README.md by (#415 by @harveer07)

Improve documentation with direct use of MkDocs by (#398 by @bbc2)

New Contributors

@rabinadk1 made their first contribution in theskumar/python-dotenv#389

@larsks made their first contribution in theskumar/python-dotenv#388

@naorlivne made their first contribution in theskumar/python-dotenv#410

@eggplants made their first contribution in theskumar/python-dotenv#393

@sammck made their first contribution in theskumar/python-dotenv#407

@harveer07 made their first contribution in theskumar/python-dotenv#415

@theGOTOguy made their first contribution in theskumar/python-dotenv#414

Full Changelog: https://github.com/theskumar/python-dotenv/compare/v0.20.0...v0.21.0

Changelog

Sourced from python-dotenv's changelog.

[0.21.0] - 2022-09-03

Added

CLI: add support for invocations via 'python -m'. (#395 by @theskumar)

load_dotenv function now returns False. (#388 by @larsks)

CLI: add --format= option to list command. (#407 by @sammck)

Fixed

Drop Python 3.5 and 3.6 and upgrade GA (#393 by @eggplants)

Use open instead of io.open. (#389 by @rabinadk1)

Improve documentation for variables without a value (#390 by @bbc2)

Add parse_it to Related Projects by (#410 by @naorlivne)

Update README.md by (#415 by @harveer07)

Improve documentation with direct use of MkDocs by (#398 by @bbc2)

Commits

b6fe193 Bump version: 0.20.0 → 0.21.0

5d07931 update changelog

490b116 Revert "fix: out of scope error when "dest" variable is undefined #413"

b1f041d Add release notes for 0.21.0

6399af6 chore: fix flake8 issue

a53d652 fix: out of scope error when "dest" variable is undefined #413

a7c811d Update README.md (#415)

914c68e feat(cli) add --format= option to list command (#407)

2f36c08 Drop Python 3.5 and 3.6 and upgrade GA (#393)

a50a3bf Add .vscode to gitignore

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump github3-py from 3.1.0 to 3.2.0
Bumps github3-py from 3.1.0 to 3.2.0.

Commits

58f7060 Merge pull request #1081 from sigmavirus24/teams-deprecation

c55b4b9 Update to avoid /teams deprecation

38b6f88 Merge pull request #1079 from zkdev/zkdev-setupcfg-fix-typo

aae984e Update AUTHORS

512c827 Fix typo

efa105e Release 3.1.2

196814e Merge pull request #1078 from dev022022/patch-1

92a0b1d Add extra flag [crpyto] for PyJWT dependency

28abf6d Merge pull request #1076 from sigmavirus24/support-adding-parents-to-teams

3c965e3 Update to prepare for 3.1.1 release

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump github3-py from 3.0.0 to 3.1.0
Bumps github3-py from 3.0.0 to 3.1.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump python-dotenv from 0.19.1 to 0.19.2
Bumps python-dotenv from 0.19.1 to 0.19.2.

Release notes

Sourced from python-dotenv's releases.

Version 0.19.2

What's Changed

Fixed

Add missing trailing newline before adding new entry with set_key by @bbc2 in theskumar/python-dotenv#361

Full Changelog: https://github.com/theskumar/python-dotenv/compare/v0.19.1...v0.19.2

Changelog

Sourced from python-dotenv's changelog.

[0.19.2] - 2021-11-11

Fixed

In set_key, add missing newline character before new entry if necessary. (#361 by [@bbc2])

Commits

2471a5a Release version 0.19.2

45848bb Add missing trailing newline when adding new value

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump github3-py from 2.0.0 to 3.0.0
Bumps github3-py from 2.0.0 to 3.0.0.

Commits

535eb22 Merge pull request #1053 from sigmavirus24/docs-updates

0777b75 Fix broken documentation

c5c8d84 Update date in Release notes

fffaf84 Add expire_in to login_as_app_installation

2607150 Add Stargazer and use stargazer media type

9a5dcf3 Add privacy attribute to Team objects

b65b13f Remove incorrect iterator documentation

d96ac52 Add API Ref for Projects

9218903 Merge pull request #1052 from sigmavirus24/pr-updates

d57c987 Update attributes available on Pull Requests

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump python-dotenv from 0.19.0 to 0.19.1
Bumps python-dotenv from 0.19.0 to 0.19.1.

Release notes

Sourced from python-dotenv's releases.

Version 0.19.1

What's Changed

CHANGELOG.md: Fix typos discovered by codespell by @cclauss in theskumar/python-dotenv#350

Add Python 3.10 support by @theskumar in theskumar/python-dotenv#359

New Contributors

@cclauss made their first contribution in theskumar/python-dotenv#350

Full Changelog: https://github.com/theskumar/python-dotenv/compare/v0.19.0...v0.19.1

Changelog

Sourced from python-dotenv's changelog.

[0.19.1] - 2021-08-09

Added

Add support for Python 3.10. (#359 by [@theskumar])

Commits

fc138ce Release version 0.19.1

9b1ab5d Add Python 3.10 support (#359)

36516a7 CHANGELOG.md: Fix typos discovered by codespell

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
use pipenv instead of pip in docker build

Docker builds are giving a warning that pip should not be used as root. It suggests configuring pipenv.

WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

see here for an example of this error as seen in the log.
bug

opened by zkoppert 0

Releases(v2.0.0)

v2.0.0(Feb 22, 2022)
Changelog

🚀 Features

Get timedelta delay from config instead of hardcode 24hrs @zkoppert (#30)

Add Ruby @zkoppert (#25)

🧰 Maintenance

Clarify creation time window of repos to look for @zkoppert (#22)

Bump github3-py from 3.0.0 to 3.1.0 @dependabot (#28)

Bump github3-py from 2.0.0 to 3.0.0 @dependabot (#23)

Bump python-dotenv from 0.19.1 to 0.19.2 @dependabot (#24)

See details of all code changes since previous release
Source code(tar.gz)
Source code(zip)
v1.0.3(Oct 23, 2021)
Changelog

🐛 Bug Fixes

Update repo link @zkoppert (#20)

🧰 Maintenance

Bump github3-py from 1.3.0 to 2.0.0 @dependabot (#3)

Update repository links @zkoppert (#19)

Use prebuilt docker image @zkoppert (#21)

See details of all code changes since previous release
Source code(tar.gz)
Source code(zip)
v1.0.2(Oct 13, 2021)
Changelog

🚀 Features

Use prebuilt docker image for performance @zkoppert (#18)

Add debug instructions for docker @zkoppert (#14)

🐛 Bug Fixes

Ensure the codeql configuration file is present in the docker container @zkoppert (#17)

Change to UI based manual actions kickoff instead of API based @zkoppert (#15)

Fix path from getting overridden by docker @zkoppert (#16)

See details of all code changes since previous release
Source code(tar.gz)
Source code(zip)
v1.0.1(Oct 12, 2021)
Changelog

Create SECURITY.md @zkoppert (#13)

Add support expectations @zkoppert (#12)

🧰 Maintenance

Bump python-dotenv from 0.19.0 to 0.19.1 @dependabot (#11)

See details of all code changes since previous release
Source code(tar.gz)
Source code(zip)
v1.0.0(Oct 8, 2021)
🎉 The initial release of the advanced-security-enforcer!

🚀 Features

Customizable pull request body

Opens pull request on any repo created within the last 24 hours

Scoped to a specific organization

⏳ What's Changed

Create LICENSE by @zkoppert in https://github.com/github/advanced-security-enforcer/pull/1

Create codeql-analysis.yml by @zkoppert in https://github.com/github/advanced-security-enforcer/pull/2

Bump python-dotenv from 0.15.0 to 0.19.0 by @dependabot in https://github.com/github/advanced-security-enforcer/pull/4

Quote to prevent word splitting by @zkoppert in https://github.com/github/advanced-security-enforcer/pull/5

Add release drafter by @zkoppert in https://github.com/github/advanced-security-enforcer/pull/6

Expand README sections by @zkoppert in https://github.com/github/advanced-security-enforcer/pull/9

Create CODE_OF_CONDUCT.md by @zkoppert in https://github.com/github/advanced-security-enforcer/pull/8

Add release procedure by @zkoppert in https://github.com/github/advanced-security-enforcer/pull/10

🧑🏻‍🤝‍🧑🏻 New Contributors

@zkoppert made their first contribution in https://github.com/github/advanced-security-enforcer/pull/1

@AAugustine made their first contribution in https://github.com/github/advanced-security-enforcer/pull/1

@dependabot made their first contribution in https://github.com/github/advanced-security-enforcer/pull/4

Full Changelog: https://github.com/github/advanced-security-enforcer/commits/v1.0.0
Source code(tar.gz)
Source code(zip)

Owner

Zack Koppert

Open/Inner Source enthusiast Senior Software Engineer, Professional Services @github

GitHub Repository

♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

2 Jul 23, 2022

Cisco RV110w UPnP stack overflow

Cisco RV110W UPnP 0day 分析前言最近UPnP比较火，恰好手里有一台Cisco RV110W，在2021年8月份思科官方公布了一个Cisco RV系列关于UPnP的0day，但是具体的细节并没有公布出来。于是想要用手中的设备调试挖掘一下这个漏洞，漏洞的公告可以在官网看到。准

25 Nov 09, 2022

Proof of concept GnuCash Webinterface

Proof of Concept GnuCash Webinterface This may one day be a something truly great. Milestones [ ] Browse accounts and view transactions [ ] Record sim

14 Dec 28, 2022

md5 hash cracking with python.

Python-Md5-Cracker- md5 hash cracking with python. Original files added First create a file called word.txt then run the wordCreate.py script The task

0 Aug 31, 2022

The First Python Compatible Camera Hacking Tool

ZCam Hack webcam using python by sending malicious link. FEATURES : [+] Real-time Camera hacking [+] Python compatible [+] URL Shortener using bitly [

109 Dec 28, 2022

PrivateRoom - Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin

privateRoom Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin STEPS: Uploa

3 Nov 08, 2022

Port scanning tool that uses Python3. Created by Noble Wilson

Hello There! My name is Noble Wilson and I am an aspiring IT/InfoSec coder practicing for my future. ________________________________________________

1 Nov 23, 2021

A security system to warn you when people enter your room 🎥

Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid

1 Jan 11, 2022

Nmap scanner with python

Nmap_scanner Usage: sudo python3 nmap_ping.py -i Network List.txt -o Output Folder Location Program can Run Ping Scan Run Port Scan Run Nmap Vuln

3 Apr 13, 2022

INFO 3350/6350, Spring 2022, Cornell

Information Science 3350/6350 Text mining for history and literature Staff and sections Instructor: Matthew Wilkens Graduate TAs: Federica Bologna, Ro

6 Feb 21, 2022

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

108 Dec 04, 2021

Python APK Reverser & Patcher Tool

DTL-X An Advanced Python APK Reverser and Patcher Tool. --rmads1: target=AndroidManifest.xml,replace=com.google.android.gms.ad --rmads2: No Internet (

10 Oct 31, 2022

This is a js front-end encryption blasting account and password tools

Author:0xAXSDD By Gamma安全实验室 version:1.0 explain:这是一款用户绕过前端js加密进行密码爆破的工具，你无需在意js加密的细节，只需要输入你想要爆破url，以及username输入框的classname，password输入框的clas

75 Nov 25, 2022

CTF framework and exploit development library

pwntools - CTF toolkit Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and develo

9.8k Dec 31, 2022

DNS hijacking via dead records automation tool

DeadDNS Multi-threaded DNS hijacking via dead records automation tool How it works 1) Dig provided subdomains file for dead DNS records. 2) Dig the fo

45 Dec 20, 2022

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

Free HTTP Proxy List 🌍 It is a lightweight project that hourly scrapes lots of

142 Jan 05, 2023

A GitHub action for organizations that enables advanced security code scanning on all new repos

Related tags

Overview

Advanced-Security-Enforcer

What this repository does

Support

Example workflow

How it does this

Contributions

Instructions to run locally

License

Comments

Version 0.20.0

Added

Fixed

[0.20.0] - 2022-03-24

Added

Fixed

Version 0.21.0

What's Changed

Added

Fixed

New Contributors

[0.21.0] - 2022-09-03

Added

Fixed

Version 0.19.2

What's Changed

Fixed

[0.19.2] - 2021-11-11

Fixed

Version 0.19.1

What's Changed

New Contributors

[0.19.1] - 2021-08-09

Added

Releases(v2.0.0)

v2.0.0(Feb 22, 2022)

Changelog

🚀 Features

🧰 Maintenance

v1.0.3(Oct 23, 2021)

Changelog

🐛 Bug Fixes

🧰 Maintenance

v1.0.2(Oct 13, 2021)

Changelog

🚀 Features

🐛 Bug Fixes

v1.0.1(Oct 12, 2021)

Changelog

🧰 Maintenance

v1.0.0(Oct 8, 2021)

🚀 Features

⏳ What's Changed

🧑🏻‍🤝‍🧑🏻 New Contributors

Owner

Zack Koppert

♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

Cisco RV110w UPnP stack overflow

Proof of concept GnuCash Webinterface

md5 hash cracking with python.

The First Python Compatible Camera Hacking Tool

PrivateRoom - Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin

Port scanning tool that uses Python3. Created by Noble Wilson

A security system to warn you when people enter your room 🎥

Nmap scanner with python

INFO 3350/6350, Spring 2022, Cornell

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

Python APK Reverser & Patcher Tool

This is a js front-end encryption blasting account and password tools

CTF framework and exploit development library

DNS hijacking via dead records automation tool

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

Log4j command generator: Generate commands for CVE-2021-44228

IDA plugin for quickly copying disassembly as encoded hex bytes

S2-061 的payload，以及对应简单的PoC/Exp

PoC encrypted diary in Python 3