Skip to content

A toolkit project for the BeSecure community contributors. Various tools and utilities that accelerates the contributions to community is available here

License

Notifications You must be signed in to change notification settings

pramit-d/BeS-dev-kit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BeS-dev-kit

BeS-dev-kit is a cli tool for generating metadata and assessment report for BeSLighthouse.

Pre-requisites

  1. Python 3.10
  2. pip
  3. Github personal access token

Installation

$ python3 -m pip install besecure-developer-toolkit

Usage

If you are running the command for the first time, you will be prompted to provide the complete path to your besecure-osspoi-datastore and besecure-assessment-datastore and your personal access token

Generate Metadata

Command helps to generate metadata such as OSSP-master file data and version details file.

$ bes-dev-kit generate-metadata

generate metadata

For more options use --help at end.

metadata help

Note: For the first time use this command will ask for three extra inputs - ASSETS_DIR: path of besecure-osspoi-datastore in local system, ASSESSMENT_DIR: path of besecure-assessment-datastore, GITHUB_AUTH_TOKEN

metadata first time

Generate Reports

$ bes-dev-kit generate-report - generate all reports (scorecard, sciticality_score, codeql, sbom)

$ bes-dev-kit generate-report < report name > ... < report name > - generate specific report

generate report

<report name> - scorecard, codeql, criticality_score

For more options use --help at end.

report help

Note: If an older version of criticality_score is already installed in the system (< v2.0.0), Please uninstall it using pip uninstall criticality-score.

Download Risk Summary

Command helps to download risk-summary of Be-Secure listed open source projects in PDF format.

$ bes-dev-kit risk-summary

risk_summary

For more options use --help at end.

risk_summary help

Validate Version Details file

$ bes-dev-kit validate-version-file

validate version_file

Command helps to check version details file naming convention.

For more details use --help at end.

validate version_file help

Validate Report files

Command helps to check report files naming convention / if report file available.

$ bes-dev-kit validate-report-file <report name> ... <report name>

Note: Provide listed parameters only. scorecard, codeql, criticality_score, sonarqube, sbom, fossology

validate report_file

Use bellow command to check all reports at a time.

$ bes-dev-kit validate-report-file

validate report_file

For more details use --help at end.

validate version_file help

Setting up locally

  1. Install poetry. Use the link to install Poetry.
  2. Clone the repo.
  3. Move into the cloned directory.
  4. Run the command - $ poetry add "typer[all]"
  5. Create a new virtual env using Poetry - $ poetry shell
  6. Run the command to install the tool- $ poetry install
  7. Check installation - $ bes-dev-kit --help

About

A toolkit project for the BeSecure community contributors. Various tools and utilities that accelerates the contributions to community is available here

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%