privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use gh repo clone instead of sshUrl git clone

Browse Source 
Agents authenticate via GitHub App HTTPS tokens, not SSH keys.
gh repo clone uses the authenticated HTTPS credential helper.
This commit is contained in:
Test User
2026-04-21 19:44:30 +00:00
parent 82c99a4674
commit c8db75fa38
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hugh-hackman/HEARTBEAT.md
+1 -1
View File
@@ -96,7 +96,7 @@ Check for known dependency vulnerabilities using local tools (GitHub vulnerabili
gh repo list privilegedescalation --json name --jq '.[].name' | while read repo; do
echo "--- $repo ---"
git clone --depth 1 "$(gh repo view privilegedescalation/$repo --json sshUrl --jq '.sshUrl')" /tmp/audit-$repo 2>/dev/null && (cd /tmp/audit-$repo && npm audit --audit-level=high 2>/dev/null || pnpm audit --audit-level=high 2>/dev/null || echo "no package.json") && rm -rf /tmp/audit-$repo
gh repo clone privilegedescalation/$repo /tmp/audit-$repo -- --depth 1 2>/dev/null && (cd /tmp/audit-$repo && npm audit --audit-level=high 2>/dev/null || pnpm audit --audit-level=high 2>/dev/null || echo "no package.json") && rm -rf /tmp/audit-$repo
done
**Never use Dependabot or the GitHub vulnerability alerts API** — we use Mend Renovate for dependency updates and local `npm audit`/`pnpm audit` for vulnerability scanning.