Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Ticketing systems (Github, Jira, etc.) are strongly integrated into our processes and everyone understands their necessity. As soon as a developer becomes a lead/technical manager, he or she faces a set of routine tasks that are related to ticketing work. On large projects this becomes a problem, more and more you spend time running around on dashboards and tickets, looking for incorrect deviations in tickets and performing routine tasks instead of solving technical problems.
The idea of automatic management is not new, but large companies/projects are not ready yet for such a decisive breakthrough and need step-by-step solutions such as lazylead. I think you remember how static code analysis treated at in the past; today we have a huge toolkit (pmd, checkstyle, qulice, rubocop, peon, etc) for each language that allows you to avoid routine issues and remove from the code reviewer the unnecessary load. The same logic we can apply to our day-to-day ticket management activities - let's reduce or even remove unnecessary routine actions.
Join our telegram chat lazylead for discussions.
Legend:
Daily annoying task | Jira | Github | Trello | SVN | Git |
---|---|---|---|---|---|
Notify ticket's assignee | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Notify ticket's reporter | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Notify ticket's manager | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Notify about illegal "Fix Version" modification | ✅ | ❌ | ❌ | ❌ | ❌ |
Expected comment in ticket is missing | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Propagate some fields from parent ticket into sub-tasks | ✅ | ❌ | ❌ | ❌ | ❌ |
Evaluate the ticket formatting accuracy | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Print the current capacity of team into newly created tasks | ⌛ | ⌛ | ⌛ | ❌ | ❌ |
Create/retrofit the defect automatically into latest release | ⌛ | ⌛ | ❌ | ❌ | ❌ |
Notify about expired(ing) due dates | ✅ | ❌ | ⌛ | ❌ | ❌ |
Notify about absent original estimations | ⌛ | ⌛ | ⌛ | ❌ | ❌ |
Notify about 'Hot potato' tickets | ⌛ | ⌛ | ⌛ | ❌ | ❌ |
Notify about long live tickets (aging) | ⌛ | ⌛ | ⌛ | ❌ | ❌ |
Create a meeting(s) automatically in case some tickets appeared (group by assignee/reporters/component/ticket type/etc) | ⌛ | ⌛ | ⌛ | ❌ | ❌ |
Propogate fields from parent tickets to sub-tasks | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Notify about tickets without comments with expected text | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Notify about team loading (no tasks on teammates) | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Notify about tickets matches predefined multiple conditions | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Link automatically the ticket and Confluence page if link found in ticket's comments/description | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Notify about tickets assigned to your team members not by effective managers | ✅ | ⌛ | ⌛ | ❌ | ❌ |
Notify about modifications of important files in VCS | ❌ | ⌛ | ❌ | ✅ | 🚴 |
Notify about diff changes for past X period in VCS | ❌ | ⌛ | ❌ | ✅ | 🚴 |
Notify about changes with some text for past X period in VCS | ❌ | ⌛ | ❌ | ✅ | 🚴 |
Notify when someone outside of your team changed the due date on tickets for your team | ✅ | ⌛ | ❌ | ❌ | ❌ |
Notify when someone outside of your team assigned a ticket directly to the developer | ✅ | ⌛ | ❌ | ❌ | ❌ |
Integration | Type | Status |
---|---|---|
Microsoft Exchange Server | Emails | ✅ |
Microsoft Exchange Server | Calendar | ⌛ |
mail.yandex.com | Emails | ✅ |
mail.google.com | Emails | 🌵 |
calendar.google.com | Calendar | ⌛ |
slack.com | Notifications | ⌛ |
GitHub | VCS + CI/CD | ⌛ |
GitLab | VCS + CI/CD | ⌛ |
BitBucket | VCS + CI/CD | ⌛ |
New ideas, bugs, suggestions or questions are welcome via GitHub issues!
⚠️ We're still in a very early alpha version, the API may change frequently until we release version 1.0
.
Let's assume that:
555
and it has JQL like
project=XXXX and type=Bug and status not in (Closed, Cancelled, "Ready For Testing", "On Hold)
and parent = YYYY and duedate < startOfDay()
MS Exchange
server for email notifications8am (UTC)
time about tickets where due dates are expiredFor simplicity, we are using docker-compose:
Define yml file with configuration tasks.yml
version: '2.3'
services:
lazylead:
image: dgroup/lazylead:latest
container_name: lazylead
mem_limit: 128m
environment:
# The jira server details.
# Please ensure that your jira filter(s) grants this user to see issues.
# Sometimes jira filter(s) may be created with restricted visibility, thus
# lazylead can't find the issues.
jira_url: https://your.jira.com
jira_user: theuser
jira_password: thepass
# The MS Exchange server details, please ensure that '/ews/Exchange.asm`
# will be after your server url. Just change the url to your server.
exchange_url: https://your.ms.exchange.server/ews/Exchange.asmx
exchange_user: theuser
exchange_password: the password
volumes:
- ./:/lazylead/db
# db/ll.db is sqlite file with jira related annoying tasks
entrypoint: bin/lazylead --sqlite db/ll.db --trace --verbose
or just download the project using git
git clone https://github.com/dgroup/lazylead.git ll && cd ll
Create a container, using docker-compose -f .github/tasks.yml up
The container will stop as there were no tasks provided:
ll > docker-compose -f .github/tasks.yml up
Creating lazylead ... done
Attaching to lazylead
lazylead | [2020-08-09T06:17:32] DEBUG [main] Version: 0.5.0
lazylead | [2020-08-09T06:17:32] DEBUG [main] Memory footprint at start is 52MB
lazylead | [2020-08-09T06:17:32] DEBUG [main] Database: '/lazylead/db/ll.db', sql migration dir: '/lazylead/upgrades/sqlite'
lazylead | [2020-08-09T06:17:32] DEBUG [main] Migration applied to /lazylead/db/ll.db from /lazylead/upgrades/sqlite
lazylead | [2020-08-09T06:17:32] DEBUG [main] Database connection established
lazylead | [2020-08-09T06:17:32] DEBUG [main] SMTP connection established with {host} as {user}.
lazylead | [2020-08-09T06:17:32] WARN [main] ll-001: No tasks found.
lazylead | [2020-08-09T06:17:32] DEBUG [main] Memory footprint at the end is 67MB
lazylead exited with code 0
ll >
Define your team and tasks in database.
Yes, there are no UI yet, but its planned. Pull requests are welcome!
The tables structure defined here.
Modify you sqlite file(ll.db
) using DB Browser or any similar tool.
Please change the <youremail.com>
to your email address in order to be in CC when developer get the notification:
insert into teams (id, name, properties)
values (1, 'Dream team with lazylead', '{}');
insert into systems(id, properties)
values (1,'{"type":"Lazylead::Jira", "username":"${jira_user}", "password":"${jira_password}", "site":"${jira_url}", "context_path":""}');
insert into tasks (name, schedule, enabled, id, system, team_id, action, properties)
values ('Expired due dates',
'cron:0 8 * * 1-5',
'true',
1, 1, 1,
'Lazylead::Task::AssigneeAlert',
'{"sql":"filter=555", "cc":"<youremail.com>", "subject":"[LL] Expired due dates", "template":"lib/messages/due_date_expired.erb", "postman":"Lazylead::Exchange"}');
Yes, for task scheduling we are using cron here, but you may use other scheduling types from rufus-scheduler.
Once you changed ./ll.db
, please restart the container using docker-compose -f .github/tasks.yml restart
ll > docker-compose -f .github/tasks.yml restart
Restarting lazylead ... done
check the logs and stop container if needed
ll > docker logs lazylead
lazylead | [2020-08-09T06:17:32] DEBUG [main] Version: 0.5.0
lazylead | [2020-08-09T06:17:32] DEBUG [main] Memory footprint at start is 52MB
lazylead | [2020-08-09T06:17:32] DEBUG [main] Database: '/lazylead/db/ll.db', sql migration dir: '/lazylead/upgrades/sqlite'
lazylead | [2020-08-09T06:17:32] DEBUG [main] Migration applied to /lazylead/db/ll.db from /lazylead/upgrades/sqlite
lazylead | [2020-08-09T06:17:32] DEBUG [main] Database connection established
lazylead | [2020-08-09T06:17:32] DEBUG [main] SMTP connection established with {host} as {user}.
lazylead | [2020-08-09T06:17:32] DEBUG [main] Task scheduled: id='1', name='Expired due dates', cron='0 8 * * 1-5', system='1', action='Lazylead::Task::AssigneeAlert', team_id='1', description='', enabled='true', properties='{"sql":"filter=555", "cc":"my.email@google.com", "subject":"[LL] Expired due dates", "template":"lib/messages/due_date_expired.erb", "postman":"Lazylead::Exchange"}'
...
Pull requests are welcome! Don't forget to add your name to contribution section and run this, beforehand:
rake -A
Everyone interacting in this project’s codebases, issue trackers, chat rooms is expected to follow the code of conduct.
FAQs
Unknown package
We found that lazylead demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.