You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Make the packaging easier (people should be able to run this with a uv tool install audit_repo_cloner
Have tokens saved in an encrypted file or something that can be sourced with the CLI
Add the report generation pipeline into this tool
Notes
Here is the flow.
You get a link to the private repo & commit hash
I want to get the client's repo into our org
Run audit_repo_cloner which:
Setup a new repo in the cyfrin org
Clone a copy of our version locally
audit_repo_cloner
spectre:
init – set up existing repos for report generation (create .toml replacement for .env and source .conf)
Report generation needs to have:
finding.md (issue template)
Report branch, and the workflow (the .github stuff, it should be on main too)
Save the .env stuff in an encrypted file, maybe have a prompt for the other stuff
Then run create_audit_repo.py. They are pretty content with what this script does. Need to change how it references the report "stuff".
They don't like:
add_subtree
They just want to run this command. So, we should turn that repo into a package, and have the audit_repo_cloner just install the package.
clone – clone a remote repository (private fork) and init for report generation audit_repo_cloner clone <REMOTE_URL>
source – create report source files in independent step (sort of like compile, and it creates a folder with the files it'll use to generate a report) (see this)
report – generate the report (run on compatible repo locally or in workflow)
contain – set devcontainer path once and run command to copy into current directory
cyaudit contain # reads from like a `.cyaudit` folder and paste the stuff into this folder
The text was updated successfully, but these errors were encountered:
Big Changes
uv tool install audit_repo_clonerNotes
Here is the flow.
audit_repo_clonerwhich:audit_repo_clonerspectre:
init – set up existing repos for report generation (create .toml replacement for .env and source .conf)
Report generation needs to have:
finding.md(issue template)Then run
create_audit_repo.py. They are pretty content with what this script does. Need to change how it references the report "stuff".They don't like:
They just want to run this command. So, we should turn that repo into a package, and have the
audit_repo_clonerjust install the package.clone – clone a remote repository (private fork) and init for report generation
audit_repo_cloner clone <REMOTE_URL>source – create report source files in independent step (sort of like compile, and it creates a folder with the files it'll use to generate a report) (see this)
report – generate the report (run on compatible repo locally or in workflow)
contain – set devcontainer path once and run command to copy into current directory
The text was updated successfully, but these errors were encountered: