This repo demonstrates how to use the GitHub code scanning API to export all the alerts on an organization to a CSV file. This makes it possible for a security team to quickly audit the known vulnerabilities across their organizations that are using GitHub Advanced Security
- Clone this repo to your local machine
- Create a file called .env
- Create a GitHub Token which has the
repo>security_eventspermission. (repopermission is needed for private repo) - Add the token to your .env file as shown
GH_AUTH_TOKEN=inserttokenhere - Run
npm installto install node dependencies - Run
node get-code-scanning-alerts.js orgname > output.csvwhereorgnameis the name of your target org. Note, if SSO is enabled on your org, you will need to SSO enable your token
This project is licensed under the MIT License.