Add basic outline for security issues tool & action

.github/actions/security-issues/action.yml

@@ -0,0 +1,62 @@
+name: 'SIA'
+description: 'The Security Issues Action creates github issues for open security issues in the repository'
+
+# TODOs & Ideas
+# * Change format to official CVE schema
+# * Change action to support all kinds of formats
+# * Add custom/additional details on ticket creation (e.g. dependency tree)
+
+inputs:
+
+  scan-command:
+    description: 'Command which creates a security report for the repository'
+    required: true
+    default: "mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate -Dossindex.reportFile=security-issues.json"
+
+  scan-output:
+    description: 'Output file generated by the scan-command'
+    required: true
+    default: "security-issues.json"
+
+  input-converter:
+    description: 'Converter to apply on the scan-output before processing'
+    required: false
+    # passthrough in case of None
+    default: maven
+
+runs:
+
+  using: "composite"
+  steps:
+
+    - name: Setup Python (${{ inputs.python-version}})
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ inputs.python-version }}
+
+    # Pin this to specifically released verison
+    - name: Install Python Toolbox / Security tool
+      run: |
+        pip install 'git+https://github.com/exasol/python-toolbox.git@security-issues-action'
+
+    - name: Install Python Toolbox / Security Issues tool
+      run: |
+        scan-command > $scan-output
+
+    - name: Run scan-command
+      run: |
+        scan-command > $scan-output
+
+    - name: Run input-converter
+      run: |
+        security-issues convert maven < $scan-output > issues.json
+
+    - name: Filter Existing Issues (Open & Closed)
+      run: |
+        security-issues filter github < scan.json > issues.json
+      # This could be added in the future
+      # tbx security-issues filter exclusions < issues.json > filtered-pt2.json
+
+    - name: Create Issues for
+      run: |
+        security-issues create github < issues.json

exasol/toolbox/tools/security_issues.py

@@ -0,0 +1,49 @@
+import difflib
+import io
+from contextlib import ExitStack
+from pathlib import Path
+from typing import (
+    Any,
+    Mapping,
+    Union,
+)
+
+import importlib_resources as resources
+import typer
+from rich.columns import Columns
+from rich.console import Console
+from rich.syntax import Syntax
+
+stdout = Console()
+stderr = Console(stderr=True)
+
+CLI = typer.Typer()
+
+
+def _workflows() -> Mapping[str, Any]:
+    pkg = "exasol.toolbox.templates.github.workflows"
+
+    def _normalize(name: str) -> str:
+        name, ext = name.split(".")
+        return name
+
+    return {_normalize(w.name): w for w in resources.files(pkg).iterdir()}  # type: ignore
+
+
+@CLI.command(name="convert")
+def convert() -> None:
+    pass
+
+
+@CLI.command(name="filter")
+def filter() -> None:
+    pass
+
+
+@CLI.command(name="create")
+def create() -> None:
+    pass
+
+
+if __name__ == "__main__":
+    CLI()

pyproject.toml

@@ -102,3 +102,4 @@ ignore_errors = true
 
 [tool.poetry.scripts]
 tbx = 'exasol.toolbox.tools.tbx:CLI'
+security-issues = 'exasol.toolbox.tools.security_issues:CLI'