GitHub Inventory

What if your SDLC could be queried?

Viewing repos and then some…

If you’ve created many repos on GitHub, searching and moving between them can be a little cumbersome. Additionally, if you’re concerned with applying a standard set of permissions or “settings” to each of these repos, it’s difficult to verify things are applied to each repo correctly. I first saw this problem working for a company where we had ~750 repos across two GitHub organizations—even using Terraform to standardize repo creation we had a problem.

I wanted to view each of my repos in a table, search among them, and apply a rudimentary “policy”. This way I could see which repos were missing the “settings” I wanted applied. And it’s a fun excuse to play with the GitHub API 😉

Deployed here —> [coming soon]

👉Code on GitHub

Next.js logo image
Tailwind CSS logo image
GitHub logo image of the "octocat"
Vercel logo image

Where from here?

A query-able model for an SDLC

Originally, the idea for this project started while I was building an AppSec program at a previous role. We needed an inventory, but also wanted to improve our software supply chain security.

The concern was knowing what was changing, or being introduced, at each step in the SDLC. This landed me at “code attestation”—can we prove (“attest for”) what our application is made of at each step in the process. And tie each change back to a commit hash, or build ID, etc.

To me, if code attestation was achievable, then the next logical question is—well can we query all of this data?

Previous

Amortize
Next

Budgeting App