AppSec Cronjob / CI script that scores Github Adv Enterprise Security findings across different GH orgs etc. - AppSec Metrics

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

marius 2e34dffa13 Replace GHSec_Reports.ipynb		1 year ago
GHSec_Reports.ipynb	Replace GHSec_Reports.ipynb	1 year ago
GHSec_Reports.py	Import of project for personal learning / private internal	1 year ago
README.md	Import of project for personal learning / private internal	1 year ago
Untitled.ipynb	Import of project for personal learning / private internal	1 year ago
config.ini	Import of project for personal learning / private internal	1 year ago
pdf.css	Import of project for personal learning / private internal	1 year ago
report.html	Import of project for personal learning / private internal	1 year ago
requirements.txt	Import of project for personal learning / private internal	1 year ago
typography.css	Import of project for personal learning / private internal	1 year ago

GitHub Security Reports

This generates Application Secuirty metrics from GitHub using GitHub Enterprise Security. The purpose is to measure compliance to the AppSec Baseline

If you just want the Dashboard Reports go here: AppSec Dashboard (Kibana)

Full technical documentation is within the iPython Notebook GHSec_reports

Setup dependencies

User in GH with access to the GitHub Organizations and with the Security Manager privilege (svc-secops-github@zeal.int in Bitwarden)
Elastic Filebeat forwarder from github-actions-runner-01.mgmt.h.zeal.zone (todo: system user)
The AppSec Sharepoint stores the reports
- technical user (svc-appsec@zealnetwork.de in Bitwarden)
- Microsoft 365 PowerAutomate workflow for Email notifications to link the new reports for regular review