Merge branch 'main' of https://github.com/advanced-security/ghas-api-scripts

Author: aegilops

README.md

@@ -11,8 +11,11 @@ This is a set of scripts that use these APIs to access and manage alerts. The sc
 ## Requirements
 
 - Python 3.10 or higher
-- Install dependencies with `python3 -mpip install -r requirements.txt`
+- Install dependencies with `python3 -mpip install -r requirements.txt --user`
+  - Consider using a virtualenv, managed by `pyenv`
+  - On MacOS, add `--break-system-packages` to the end of the install command, if you are not using a virtualenv: `python3 -mpip install -r requirements.txt --user --break-system-packages`
 - Put a suitable GitHub token in your environment in `GITHUB_TOKEN`
+  - for example with `GITHUB_TOKEN=$(gh auth token)` before the command
   - requires read access to GitHub Advanced Security alerts
   - requires read access to the repository, organization or Enterprise you are querying
   - Note that Secret Scanning alerts are only available to admins of the repository, organization or Enterprise, a security manager, or where explicitly enabled by the repository owner

resolve_duplicate_secret_scanning_alerts.py

@@ -195,10 +195,8 @@ def main() -> None:
     # index results by secret and type for easy lookup
     indexed_results = index_results_by_secret(results)
 
-    LOG.debug(indexed_results)
-
     resolve_duplicates(indexed_results, matching_secrets_lookup, hostname)
 
 
 if __name__ == "__main__":
-    main()
+    main()