secureCodeBox · rfelber · Apr 12, 2021 · Mar 13, 2021 · Mar 13, 2021 · Mar 14, 2021
diff --git a/scanners/git-repo-scanner/README.md b/scanners/git-repo-scanner/README.md
@@ -31,22 +31,32 @@ or
 ```
 
 #### GitHub
-For type github you can use the following options:
-- `--organization`: The name of the github organization you want to scan.
-- `--url`: The url of the api for a github enterprise server. Skip this option for repos on <https://github.com>.
-- `--access-token`: Your personal github access token.
-- `--ignore-repos`: A list of github repository ids you want to ignore
+For type GitHub you can use the following options:
+- `--organization`: The name of the GitHub organization you want to scan.
+- `--url`: The url of the api for a GitHub enterprise server. Skip this option for repos on <https://github.com>.
+- `--access-token`: Your personal GitHub access token.
+- `--ignore-repos`: A list of GitHub repository ids you want to ignore
+- `--obey-rate-limit`: True to obey the rate limit of the GitHub server (default), otherwise False
+- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
+                               with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with
+                               optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
 
 For now only organizations are supported so the option is mandatory. We **strongly recommend** providing an access token
 for authentication. If not provided the rate limiting will kick in after about 30 repositories scanned.
 
 #### GitLab
-For type gitlab you can use the following options:
-- `--url`: The url of the gitlab server.
-- `--access-token`: Your personal gitlab access token.
-- `--group`: A specific gitlab group id you want to san, including subgroups.
-- `--ignore-groups`: A list of gitlab group ids you want to ignore
-- `--ignore-repos`: A list of gitlab project ids you want to ignore
+For type GitLab you can use the following options:
+- `--url`: The url of the GitLab server.
+- `--access-token`: Your personal GitLab access token.
+- `--group`: A specific GitLab group id you want to san, including subgroups.
+- `--ignore-groups`: A list of GitLab group ids you want to ignore
+- `--ignore-repos`: A list of GitLab project ids you want to ignore
+- `--obey-rate-limit`: True to obey the rate limit of the GitLab server (default), otherwise False
+- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
+                               with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with
+                               optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
 
 For gitlab the url and the access token is mandatory. If you don't provide a specific group id all projects
 on the gitlab server are going to be discovered.

diff --git a/scanners/git-repo-scanner/README.md.gotmpl b/scanners/git-repo-scanner/README.md.gotmpl
@@ -32,22 +32,33 @@ or
 ```
 
 #### GitHub
-For type github you can use the following options:
-- `--organization`: The name of the github organization you want to scan.
-- `--url`: The url of the api for a github enterprise server. Skip this option for repos on <https://github.com>. 
-- `--access-token`: Your personal github access token.
-- `--ignore-repos`: A list of github repository ids you want to ignore
+For type GitHub you can use the following options:
+- `--organization`: The name of the GitHub organization you want to scan.
+- `--url`: The url of the api for a GitHub enterprise server. Skip this option for repos on <https://github.com>. 
+- `--access-token`: Your personal GitHub access token.
+- `--ignore-repos`: A list of GitHub repository ids you want to ignore
+- `--obey-rate-limit`: True to obey the rate limit of the GitHub server (default), otherwise False
+- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
+                               with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with
+                               optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
 
 For now only organizations are supported so the option is mandatory. We **strongly recommend** providing an access token 
 for authentication. If not provided the rate limiting will kick in after about 30 repositories scanned.
 
 #### GitLab
-For type gitlab you can use the following options:
-- `--url`: The url of the gitlab server. 
-- `--access-token`: Your personal gitlab access token.
-- `--group`: A specific gitlab group id you want to san, including subgroups.
-- `--ignore-groups`: A list of gitlab group ids you want to ignore
-- `--ignore-repos`: A list of gitlab project ids you want to ignore
+For type GitLab you can use the following options:
+- `--url`: The url of the GitLab server. 
+- `--access-token`: Your personal GitLab access token.
+- `--group`: A specific GitLab group id you want to san, including subgroups.
+- `--ignore-groups`: A list of GitLab group ids you want to ignore
+- `--ignore-repos`: A list of GitLab project ids you want to ignore
+- `--obey-rate-limit`: True to obey the rate limit of the GitLab server (default), otherwise False
+- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
+                               with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with
+                               optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+
 
 For gitlab the url and the access token is mandatory. If you don't provide a specific group id all projects 
 on the gitlab server are going to be discovered.

diff --git a/scanners/git-repo-scanner/scanner/.dockerignore b/scanners/git-repo-scanner/scanner/.dockerignore
@@ -0,0 +1,3 @@
+__pytest_cache
+.pytest_cache
+*_test.py
diff --git a/scanners/git-repo-scanner/scanner/Dockerfile b/scanners/git-repo-scanner/scanner/Dockerfile
@@ -1,5 +1,5 @@
 FROM python:3.9.0-alpine
-COPY git_repo_scanner.py /scripts/git_repo_scanner.py
-RUN pip install PyGithub python-gitlab
+COPY . /scripts/
+RUN pip install -r /scripts/requirements.txt
 CMD ["/bin/sh"]
 ENTRYPOINT ["python","/scripts/git_repo_scanner.py"]