search

chainguard-dev / secureframe-issue-sync

Sync Secureframe tests to GitHub issues (unofficial)
Apache License 2.0
2 stars 2 forks source link

readme

secureframe-issue-sync

Sync Secureframe tests to GitHub issues:

secureframe-issue-sync is designed to be used as a scheduled task, in particular GitHub Actions.

NOTE: This is using an undocumented Secureframe GraphQL API, so it may suddenly break. PR's welcome.

Requirements

As Secureframe does not yet have a public API, you'll need to grab the latter two bits of information using your browser's Developer Tools functionality.

Finding your Secureframe authentication data

  1. Visit https://app.secureframe.com/
  2. Enter your browser's "Developer Tools" feature
  3. Click on the Console tab.
  4. Type sessionStorage.getItem("AUTH_TOKEN"); and press . This will show your auth token.
  5. Type sessionStorage.getItem("CURRENT_COMPANY_USER"); and press . This will show your company ID.

NOTE: For a proper long-lived API token, see https://developer.secureframe.com/#section/Authentication - This tool understands long-lived tokens in the form of " ".

Installation

go install github.com/chainguard-dev/secureframe-issue-sync@latest

Usage: Command-Line

To build and install this tool, run:

secureframe-issue-sync --secureframe-token=<token> \
  --company=<company id> \
  --reports=soc2_alpha \
  --github-token=<token> \
  --github-repo=chainguard-dev/xyz`

There is a --dry-run flag available, which will pretend to make changes to GitHub instead of performing them.

You can also pass flags via environment variables, such as SECUREFRAME_TOKEN=xyz.

Usage: GitHub Actions

In production, you're going to want to schedule the sync job to run every hour or so. Since you are already on GitHub, why not use GitHub Actions to do it?

See https://github.com/chainguard-dev/secureframe-issue-sync/blob/main/github-action.yaml for an example.