Clone or update all repositories listed in a Security Insights file. Reads project.repositories from a local file, URL, or GitHub repo, then runs git clone or git pull for each repo.
go install github.com/revanite-io/project-puller@latestRequires Go 1.25+ and a working git on your PATH.
The source type is auto-detected from the argument:
# From a GitHub repo (looks for security-insights.yml)
project-puller org/repo
# From a GitHub repo with a custom path
project-puller org/repo/dir/security-insights.yml
# From a URL
project-puller https://raw.githubusercontent.com/org/repo/main/security-insights.yml
# From a local file
project-puller ./security-insights.ymlRepos are cloned into a directory named after the GitHub org (derived from the first repository URL). Override it with --output:
project-puller org/repo --output ./my-repos| Flag | Description |
|---|---|
--output |
Directory for cloned repos (default: org name from first repo URL) |
--username |
Your fork username: clone with remote upstream, add your fork as origin |
--ssh |
Use SSH URLs for clone and remotes (default: HTTPS) |
--quiet |
Suppress git command output |
Clone all project repos via HTTPS into ./my-project:
project-puller org/project --output my-projectSame, but use SSH and set up your fork as origin with the upstream project as upstream:
project-puller org/project --output my-project --username yourname --sshAfter that, each repo has upstream (the project) and origin (your fork); clone and pull use upstream.
See CONTRIBUTING.md for build instructions, troubleshooting, and contribution guidelines.