in packages/repocop/src/index.ts [76:121]
await getRepositories(prisma, config.ignoredRepositoryPrefixes),
(repo) => !repo.archived,
);
const branches = await getRepositoryBranches(prisma, unarchivedRepos);
const repoLanguages = await getRepositoryLanguages(prisma);
const nonPlaygroundStacks: AwsCloudFormationStack[] = (
await getStacks(prisma)
).filter((s) => s.tags.Stack !== 'playground');
const teams = await getTeams(prisma);
const repoOwners = await getRepoOwnership(prisma);
const productionRepos = unarchivedRepos.filter((repo) => isProduction(repo));
const productionDependabotVulnerabilities: RepocopVulnerability[] =
await getDependabotVulnerabilities(
productionRepos,
config.gitHubOrg,
octokit,
);
console.log(productionDependabotVulnerabilities);
const productionWorkflowUsages: guardian_github_actions_usage[] =
await getProductionWorkflowUsages(prisma, productionRepos);
const evaluationResults: EvaluationResult[] = await evaluateRepositories(
unarchivedRepos,
branches,
repoOwners,
repoLanguages,
productionDependabotVulnerabilities,
productionWorkflowUsages,
);
const repocopRules = evaluationResults.map((r) => r.repocopRules);
const severityPredicate = (x: RepocopVulnerability) => x.severity === 'high';
const [high, critical] = partition(
evaluationResults.flatMap((r) => r.vulnerabilities),
severityPredicate,
);
const highPatchable = high.filter((x) => x.is_patchable).length;
const criticalPatchable = critical.filter((x) => x.is_patchable).length;
console.warn(
`Found ${high.length} out of date high vulnerabilities, of which ${highPatchable} are patchable`,