Scan GitHub repository via DeepSCA

DeepBits GitHub API

The DeepBits GitHub API provides a set of endpoints to analyze and identify threats in your GitHub repository.

You can check the API spec by the GitHub API Spec doc.

import requests
import hashlib
import os
import time

# Update these two
API_KEY = ''
API_BASE = 'https://api.deepbits.com/api/v1'

# GitHub Repo Owner You Want To Scan
owner = 'facebook'

# GitHub Repo Name You Want To Scan
repository = 'react'

# GitHub Repo Branch Name
branchName = 'main'


default_headers = {"x-api-key": API_KEY, "x-public-tool": "true"}

def get_shared_project_id():
	response = requests.get(
		f"{API_BASE}/user",
		headers=default_headers,
	)

	return response.json()['data']['publicTool']['sharedProjectId']

def get_shared_gh_account_id():
	response = requests.get(
		f"{API_BASE}/github/account",
		headers=default_headers,
	)

	return response.json()['data'][0]['_id']

def add_github_repo_to_deepbits(accountId, owner, repository):
	response = requests.post(
		f"{API_BASE}/github/repos/add",
		headers=default_headers,
		json={
			"fullName": f"{owner}/{repository}",
		}
	)
	print(response.json()['data'])

	res = response.json()['data']
	addedRepo = res['repo']
	projectAsset = res['projectAsset']

	return {
		"repoId": addedRepo['_id'],
		"projectAssetId": projectAsset['_id'],
	}

def list_github_branches(accountId, repoId):
	response = requests.get(
		f"{API_BASE}/github/{accountId}/repos/{repoId}/branch",
		headers=default_headers,
	)

	return response.json()['data']

def watch_github_branch(projectId, projectAssetId, branchName):
	print('Watching branch...', branchName)

	response = requests.put(
		f"{API_BASE}/project/{projectId}/{projectAssetId}/stream_watch",
		headers=default_headers,
		json={
			"action": "watch",
			"identifier": branchName,
		}
	)

	return response.json()['data']['_id']

def get_branch_scan_detail(accountId, owner, repository, branchName):
	encodedBranchName = branchName.replace('/', '%2F')
	response = requests.get(
		f"{API_BASE}/github/{accountId}/repos/{owner}/{repository}/branch/{encodedBranchName}",
		headers=default_headers,
	)

	return response.json()['data']

def get_stream_scan_detail(projectId, assetId, streamId):
	response = requests.get(
		f"{API_BASE}/project/{projectId}/{assetId}/{streamId}/scan_result",
		headers=default_headers,
	)

	return response.json()['data']

sharedProjectId = get_shared_project_id()
print(f"SharedProjectId: {sharedProjectId}")

sharedGhAccountId = get_shared_gh_account_id()
print(f"SharedGhAccountId: {sharedGhAccountId}")

addedRepoData = add_github_repo_to_deepbits(sharedGhAccountId, owner, repository)
print("Added repo data:")
print(addedRepoData)

branches = list_github_branches(sharedGhAccountId, addedRepoData['repoId'])
print(f"\nBranchesData: {branches}")

watchedStreamId = watch_github_branch(sharedProjectId, addedRepoData['projectAssetId'], branchName)
print(f"\nWatchedStreamId: {watchedStreamId}")

branchScanDetail = get_branch_scan_detail(sharedGhAccountId, owner, repository, branchName)
print(f"\nBranchScanDetail: {branchScanDetail}")

scanResultDetail = get_stream_scan_detail(sharedProjectId, branchScanDetail['asset']['_id'], branchScanDetail['stream']['_id'])

# Do not print scanResult field since it's too big for print
filtered_scan_result_detail = {k: v for k, v in scanResultDetail.items() if k != 'scanResult'}
print(f"\nScanResultDetail: {filtered_scan_result_detail}")

print("\nDemo run successfully without error, get API docs on https://docs.deepbits.com/reference/post_github-repos-add")

Notes

This guide will show you how to generate your API KEY.