Crate ghastoolkit

Source
Expand description

§GHASToolkit

This is the GitHub Advanced Security (GHAS) Toolkit in Rust. This toolkit is designed to help developers and security researchers to interact with the GitHub Advanced Security API.

§✨ Features

  • [Core GHAS Library][code-core]
    • [Documentation][docs]
    • GitHub Cloud and Enterprise Server support
    • API Support
      • [Code Scanning][github-code-scanning]
      • 👷 [Secret Scanning][github-secret-scanning]
      • 👷 [Supply Chain][github-supplychain]
        • 👷 [Dependabot][github-dependabot] (Security Alerts)
        • 👷 [Dependency Graph][github-depgraph] (SCA / SBOMs)
        • 👷 [Security Advisories][github-advisories]
  • [CLI Tool][code-cli]

§🚀 Usage

§GitHub APIs

You can use the GitHub and Repository structs to interact with the GitHub API.

use ghastoolkit::{GitHub, Repository};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let github = GitHub::default();
    println!("GitHub :: {}", github);

    let repository = Repository::parse("geekmasher/ghastoolkit-rs@main")
        .expect("Failed to parse repository");
    println!("Repository :: {}", repository);

    Ok(())
}

§CodeQL

You can use the CodeQL struct to interact with the CodeQL CLI.

use ghastoolkit::{CodeQL, CodeQLDatabase, CodeQLDatabases};
use ghastoolkit::{GitHub, Repository};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let codeql = CodeQL::new().await;
    println!("CodeQL :: {}", codeql);

    let languages = codeql.get_languages().await?;
    println!("Languages :: {:#?}", languages);

    // Get all CodeQL databases from the default path
    let databases = CodeQLDatabases::default();
    for database in databases {
        println!("Database :: {}", database);
    }

    // Create a new CodeQL database
    let database = CodeQLDatabase::init()
        .name("my-project")
        .language("javascript")
        .path("/path/to/code".to_string())
        .build()
        .expect("Failed to create CodeQL database");

    // Create the database using the CodeQL CLI
    codeql.database(&database)
        .create()
        .await?;

    // Run a CodeQL query
    codeql.database(&database)
        .analyze()
        .await?;


    // You can also download a CodeQL Database from GitHub
    let github = GitHub::default();
    let repo = Repository::parse("geekmasher/ghastoolkit-rs@main")
        .expect("Failed to parse repository");

    let databases = CodeQLDatabase::download("./".into(), &repo, &github).await?;
    println!("Databases :: {:#?}", databases);

    Ok(())
}

Re-exports§

pub use errors::GHASError;
pub use octokit::github::GitHub;
pub use octokit::repository::Repository;
pub use codeql::extractors::BuildMode;
pub use codeql::extractors::CodeQLExtractor;
pub use codeql::packs::CodeQLPack;
pub use codeql::packs::CodeQLPackType;
pub use codeql::packs::CodeQLPacks;
pub use codeql::CodeQL;
pub use codeql::CodeQLDatabase;
pub use codeql::CodeQLDatabases;
pub use supplychain::Dependencies;
pub use supplychain::Dependency;

Modules§

codeql
CodeQL
codescanning
Code Scanning module
errors
GHASToolkit Errors
octokit
Octokit is a GitHub API client for Rust.
secretscanning
Secret Scanning
supplychain
GHASToolkit supplychain module
utils
GHASToolkit utils module