This repo contains useful code we've created to leverage the power of Sigrid's REST API to integrate data from Sigrid in your process. The code is provided as-is, so when you use it, sanity-check your results. We do accept pull requests, so don't hesitate to contribute. Given the as-is nature of the repo, code maybe added, changed, removed or restructured as we learn more.
- The code is packaged in a Docker image that is available at
softwareimprovementgroup/sigrid-integrations - This repo contains a convenience script
integrations.shto start a container and provides access to the code that is currenty available - All available integrations contain a README that describes functionality and usage in more detail.
- Currently, all code is written in Python. This is not a hard rule, but it does make it easier to package it in a Docker image.
- All integrations should:
- contain a README
- display a usage message when called with no arguments
- write any output to the current directory if none specified
- not need to run as root
- When applicable, please modify the
Dockerfileand theintegrations.shscript to support your script.
We currently have the following integrations:
- Slack security findings uses Sigrid's API to get open security findings for a system and posts the result to Slack.
- Objectives report generates charts based on Sigrid objectives, suitable to include in internal reporting. These charts go beyond what is available in the Sigrid user interface, and have a focus on reporting progress over longer periods of time.
- Get scope file uses the Sigrid API to retrieve the latest scope configuration file that was used by Sigrid.
- Report Generator is a tool/framework designed to generate any kind of report.
- Export Portfolio dependencies exports to Excel all the third-party open source dependencies of a portfolio.
Copyright Software Improvement Group
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
