30-second pitch
Do you know what workflows run across your GitHub org?
Butler scans every repo for workflows, actions, secrets/variables, third-party actions, and produces HTML and CSV outputs to assist with security reviews, third-party dependency audits, and workflow management.
Click here for sample reports for organisations like GitHub, OpenAI, Docker, AWS Labs - not mobile friendly.
Screenshots
Creating a view of an organisation consists of the following steps:
- Download all repos into a local SQLite database. You can download multiple organisations into a single database file.
- Process a database.
- Create a report against a database.
# Create virtual environment
python3 -m venv venv
. venv/bin/activate
pip3 install -r requirements.txt
A GitHub PAT is also required:
export GITHUB_TOKEN=ghp_wpB...
python butler.py download --repo "github" --database ./github.db --threads 10 --all-repos --very-verbose
export GITHUB_TOKEN_1=ghp_aaa...
export GITHUB_TOKEN_2=ghp_aaa...
...
export GITHUB_TOKEN_N=ghp_aaa...
python butler.py download [...] --token "GITHUB_TOKEN_*"
python butler.py download [...] --repo "github" --repo "microsoft/vscode" --repo "openai"
python butler.py process --database ./github.db --threads 10 --very-verbose
python butler.py report --database ./github.db --output ./report --repo "github"
This project is under active development, if you find any bugs or have any feature requests please create an issue.