This tool wraps the OSSF criticality score tool as an AWS lambda so that we can generate the report for each active project/repository in LFX Security. The tool accepts a payload with details on the project, repository and GitHub authorization. Once the tool performs the analysis, the results are packaged up and sent to the LFX Security API for storage and later retrieval.
yarn deploy:dev# First: Log into your AWS account for the appropriate environment
# Second: invoke using the desired payload, adjust the target repository and provide a GitHub authorization token value
aws --region us-east-2 lambda invoke \
--function-name lfx-security-ossf-scanner \
--cli-binary-format raw-in-base64-out \
--payload '{"project_id":"...", "project_sfid": "...", "repository_id": "...", "repository_url":"github.com/communitybridge/easycla", "github_auth_token":"ghs_XXXX..."}' \
out.txtCopyright The Linux Foundation and each contributor to LFX.
This project’s source code is licensed under the MIT License. A copy of the license is available in LICENSE.
The project leverages source code from the Open Source Security Foundation's (OSSF) - Criticality Score, which is licensed under the Apache License, version 2.0 (Apache-2.0),
This project’s documentation is licensed under the Creative Commons Attribution 4.0 International License (CC-BY-4.0). A copy of the license is available in LICENSE-docs.