/report

NodeSecure HTML & PDF report generator for any public and/or private git repositories.

Primary LanguageJavaScriptMIT LicenseMIT

Security

version Maintenance MIT dep size known vulnerabilities Build Status

Project created to generate periodic security reports (HTML and PDF formats). It use Node-secure under the hood to fetch all required datas.

Screen1 Screen2

Goals

  • Automatically clone GIT projects for you.
  • Have an overview of several projects (git or npm).
  • Ability to visualize changes over weeks.
  • Being able to go back down to a more complete view (not yet implemented).

Requirements

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ git clone https://github.com/SlimIO/Security.git
$ cd Security
$ npm ci
$ npm start

The report will be generated in the root folder reports.

Environment Variables

To configure the project you have to register (set) environment variables on your system. These variables can be set in a .env file (that file must be created at the root of the project).

GIT_TOKEN=
NODE_SECURE_TOKEN=

To known how to get a GIT_TOKEN or how to register environment variables follow our Governance Guide.

For NODE_SECURE_TOKEN, please check the nsecure documentation.

Configuration example (for SlimIO)

To generate your own report just edit the data/config.json file.

{
    "theme": "dark",
    "report_title": "SlimIO Security Report",
    "report_logo": "https://avatars0.githubusercontent.com/u/29552883?s=200&v=4",
    "npm_org_prefix": "@slimio",
    "npm_packages": [
        "@slimio/addon",
        "@slimio/scheduler",
        "@slimio/config",
        "@slimio/core",
        "@slimio/arg-parser",
        "@slimio/profiles",
        "@slimio/queue",
        "@slimio/sqlite-transaction",
        "@slimio/alert",
        "@slimio/metrics",
        "@slimio/units",
        "@slimio/ipc",
        "@slimio/safe-emitter"
    ],
    "git_url": "https://github.com/SlimIO",
    "git_repositories": [
        "Aggregator",
        "Alerting",
        "Socket",
        "Gate",
        "ihm"
    ],
    "charts": [
        {
            "name": "Extensions",
            "display": true,
            "interpolation": "d3.interpolateRainbow"
        },
        {
            "name": "Licenses",
            "display": true,
            "interpolation": "d3.interpolateCool"
        },
        {
            "name": "Warnings",
            "display": true,
            "interpolation": "d3.interpolateInferno"
        },
        {
            "name": "Flags",
            "display": true,
            "interpolation": "d3.interpolateWarm"
        }
    ]
}

The theme can be either dark or light. Themes are editable in public/css/themes (feel free to PR new themes if you want).

All D3 scale-chromatic for charts can be found here.

License

MIT