-
Notifications
You must be signed in to change notification settings - Fork 11
5. Play with GitLab Web API
-
Ruby Gem:
git 1.8.1 -
Python3
-
Create a GitLab personal token and define it in the configuration.rb file for the
GILAB_PERSONAL_ACCESS_TOKENvariable. -
Define the GitLab organization id in the configuration.rb file for the
GITLAB_ORGANIZATION_IDvariable. It will allow to send requests to query and modify your organization.
gem install gitKeywords: #organisation #GitLab #repositories #clones #dump
This feature allows to clone all repositories of the defined GitLab organization (groups and subgroups incldued) and save them in a specific folder.
Run the following command:
bash GitLabWizard.sh backup-all-repositories-from-orgThis script will get configuation details picked from the Ruby configuration file; and triggers another Shell script to make a CURL request to the GitLab endpoint. A Python code will be called so as to extract repositories URLbefoire the cloning operation.
You need to define in the configuration.rb files the GitLab organisation ID at GITLAB_ORGANIZATION_ID. You have to also define the location to store clones at REPOSITORIES_CLONE_LOCATION_PATH and the access token at GILAB_PERSONAL_ACCESS_TOKEN.
You should also have your git environment ready, i.e. add your SSH private key if you clone by SSH for example.
Keywords: #organisation #GitLab #repositories #leaks #gitleaks
Warning: This operation can take long time because of both Git histories and file trees parsing
This feature allows to check in all repositories of the GitHub organisation if there are leaks using the gitleaks tool.
Run the following command:
bash GitLabWizard.sh look-for-leaksThis script needs a GitLab personal access otken to make requests to GitLab API and also the GitLab group ID to use to get projects under it. The wizard Shell script will pick configuration details from the Ruby configuration file ; and triggers another Shell script for the data process. A Python code will be called too to process JSON sent by GItLab API..
The gitleaks tool will be used to look inside the repository. To install it:
brew install gitleaksYou need to define in the configuration.rb files the GitLab organisation ID at GITLAB_ORGANIZATION_ID. You have to also define the location to store clones at REPOSITORIES_CLONE_LOCATION_PATH and the access token at GILAB_PERSONAL_ACCESS_TOKEN.
You should also have your git environment ready i.e. add your SSH private key if you clone by SSH for example. gh must be installed, and python3 be ready. Obviously gitleaks must be installed
Keywords: #organisation #GitLab #KPI #year #review
You will need to define a .env file with the GitLab API token for key GITLAB_API_TOKEN, the organization name and some settings. Here the organization name is Orange-OpenSource, replace with your own and add the suitable token.
See for example:
GITLAB_API_TOKEN=your-api-token
ORGANIZATION_NAME=Orange-OpenSource
Run the following command to compute a year review of the organization
# Do not forget to install dependencies
pip install -r requirements.txt
# For year 2024
python3.8 gitlab-year-review.py --year 2024Keywords: #organisation #GitLab #dependencies #locks
We may need quickly to know which projects use some dependencies, because these dependencies can be compromised or because we just need to know who use it.
The script scan_gitab_organization_projects_for_dependencies.py will request GitLab REST API to get public projects, then check if there are known package and locks files, and check inside if there are dependencies like the ones listed in a side file given as argument.
This side file is just a text file with one dependency by line without expected format: the script will look for the text as is.
Of course a GitLab Personal Access Token (PAT) must be defined as environment variable.
# Define the PAT
export GITLAB_TOKEN=...
# Do not forget to install dependencies
pip install -r requirements.txt
# For year 2024
python3.8 scan_gitlab_organization_projects_for_dependencies.py path/to/dependencies/file.txt