search
LinkedInTwitterBuyMeABeerMore

πŸ€”Do you know what's in your code?

When we are importing external things to our projects there might be some cases where we import things we do not know. In this brief article we are going to explore some nice cases.

hashtag
Git Submodule Crawler

Super basic tool to list given a list of repositories all of the nested gitmodules that you could have in them.

hashtag
What is a submodule?

In Git, a submodule is a way to include another Git repository as a subdirectory within your own repository. If you want to know more please refer to the docsarrow-up-right.

Security risks: Submodules can potentially introduce security risks if you're including code from untrusted sources or not carefully managing the versions of your dependencies. For example, if a submodule contains a vulnerability or malicious code, it could compromise the security of your entire project.

hashtag
What for?

  • You could spot out easily repositories that you may not know that you are importing with it because they would be printed as red.

  • In large ecosystems there are times when you might need to know which are the repos that are serving more than one tool, within this you can spot them out.

hashtag
Usage

$ python git_submodule_crawler.py --h
usage: git_submodule_crawler.py [-h] (--repoUrl REPOURL | --file FILE) [--allDependenciesGroupedByLevel] [--format {json,table}] [--githubEnterpriseHost GITHUBENTERPRISEHOST]
                                [--githubToken GITHUBTOKEN]

Git Submodule Crawler is used to fetch given a particular repository or a file containing several repos all of the submodules they depend on recursively

options:
  -h, --help            show this help message and exit
  --repoUrl REPOURL, -r REPOURL
                        Github Repository HTTPS/SSH url to be fetched but it could also be Owner/Name
  --file FILE, -f FILE  File containing Github Repository HTTPS/SSH url to be fetched but it could also be Owner/Name separated with new lines, you can select to display the info returned
                        ordered by having first the repos that have no dependency and the others after that
  --allDependenciesGroupedByLevel, -adgbl
                        Specifies to the script to group the output repos by lvl so you can first pull the data of repos that have no dependencies
  --format {json,table}
                        Specifies the format used to print the data found
  --githubEnterpriseHost GITHUBENTERPRISEHOST, -geh GITHUBENTERPRISEHOST
                        Github Enterprise host that is going to be used to fetch the information, wont be required if env var GITHUB_ENTERPRISE_HOST is set, if not defined would try to
                        fetch the repos in the Github Public API
  --githubToken GITHUBTOKEN, -gt GITHUBTOKEN
                        Github token that is going to be used to fetch the information, wont be required if env var GITHUB_TOKEN is set

hashtag
Examples

hashtag
Fetching all the dependencies from the given repos and listing the path where they are pretended to be mounted.

hashtag
Fetching all of the repos and grouping the result by the ones without any dependency and so

Last updated