Audit Report

This tool generates a report of issues from dependency and supply chain vulnerabilities reported by Dependabot.

Asciidoc Setup

Asciidoc is a ruby project and depends on various ruby gems to make things work

I used the MacOS version and i followed the instructions on this link here

Set Up

Getting started with general prerequisites set up:

1. Install ruby ≥ 2.3 see documentation

   brew intall ruby

   Recommended: Install ruby version using RVM (Ruby Version Manager)

   \curl -sSL https://get.rvm.io | bash -s stable --rails

2. Install asciidoc see docs

   gem install asciidoc

3. Install asciidoc-pdf see docs

   gem install asciidoc-pdf

4. Install pygments

   pip install 'pygments[plugins]'

Auto-Generate Report from Dependabot alerts

1. Set up Dependabot on project you are auditing

2. Save results from to results.json

   gh api \
     -H "Accept: application/vnd.github+json" \
     -H "X-GitHub-Api-Version: 2022-11-28" \
     /repos/USER/REPO/dependabot/alerts >> results.json

   Common Errors: Bad Authentication, 401

   Go to Developer Settings and give Fine-grained tokens read and write access to Dependabot alerts

   • After updating dependabot access re-authenticate:

   gh auth refresh
   # Continue steps in browser and use the code generated in your terminal to authenticate, then do step 1 again

3. Run formating command reads the json and converts it into .asciidoc format report:

   python3 main.py

4. Convert .asciidoc report to .pdf with asciidoc-pdf:

   asciidoctor -r asciidoctor-pdf -b pdf report/README.adoc

5. Include URI reference content see documentation

   asciidoctor -a allow-uri-read filename.adoc