Sigrid Integrations

This repo contains useful code we've created to leverage the power of Sigrid's REST API to integrate data from Sigrid in your process. The code is provided as-is, so when you use it, sanity-check your results. We do accept pull requests, so don't hesitate to contribute. Given the as-is nature of the repo, code maybe added, changed, removed or restructured as we learn more.

Usage remarks

• The code is packaged in a Docker image that is available at softwareimprovementgroup/sigrid-integrations
• This repo contains a convenience script integrations.sh to start a container and provides access to the code that is currenty available
• All available integrations contain a README that describes functionality and usage in more detail.

Contributing remarks

• Currently, all code is written in Python. This is not a hard rule, but it does make it easier to package it in a Docker image.
• All integrations should:
  • Contain a README.
  • Display a usage message when called with no arguments.
  • Write any output to the current directory if none specified.
  • Not need to run as root.
• When applicable, please modify the Dockerfile and the integrations.sh script to support your script.

Available integrations

We currently have the following integrations:

• Get scope file uses the Sigrid API to retrieve the latest scope configuration file that was used by Sigrid.
• Issue tracker export exports anonymized issue tracker history into a format that can be analyzed by SIG.
• Objectives report generates charts based on Sigrid objectives, suitable to include in internal reporting. These charts go beyond what is available in the Sigrid user interface, and have a focus on reporting progress over longer periods of time.
• Polarion integration synchronizes data between Sigrid and Siemens Polarion.
• Report Generator is a tool/framework designed to generate any kind of report.
• Slack security findings uses Sigrid's API to get open security findings for a system and posts the result to Slack.
• Open Source Health portfolio export exports all open source dependencies for a portfolio to Excel.

License

Copyright Software Improvement Group

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.