github.com/google/go-github/v49@v49.1.0/github/dependabot_alerts.go (about) 1 // Copyright 2022 The go-github AUTHORS. All rights reserved. 2 // 3 // Use of this source code is governed by a BSD-style 4 // license that can be found in the LICENSE file. 5 6 package github 7 8 import ( 9 "context" 10 "fmt" 11 ) 12 13 // Dependency reprensents the vulnerable dependency. 14 type Dependency struct { 15 Package *VulnerabilityPackage `json:"package,omitempty"` 16 ManifestPath *string `json:"manifest_path,omitempty"` 17 Scope *string `json:"scope,omitempty"` 18 } 19 20 // AdvisoryCVSs represents the advisory pertaining to the Common Vulnerability Scoring System. 21 type AdvisoryCVSs struct { 22 Score *float64 `json:"score,omitempty"` 23 VectorString *string `json:"vector_string,omitempty"` 24 } 25 26 // AdvisoryCWEs reprensent the advisory pertaining to Common Weakness Enumeration. 27 type AdvisoryCWEs struct { 28 CWEID *string `json:"cwe_id,omitempty"` 29 Name *string `json:"name,omitempty"` 30 } 31 32 // DependabotSecurityAdvisory represents the GitHub Security Advisory. 33 type DependabotSecurityAdvisory struct { 34 GHSAID *string `json:"ghsa_id,omitempty"` 35 CVEID *string `json:"cve_id,omitempty"` 36 Summary *string `json:"summary,omitempty"` 37 Description *string `json:"description,omitempty"` 38 Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"` 39 Severity *string `json:"severity,omitempty"` 40 CVSs *AdvisoryCVSs `json:"cvss,omitempty"` 41 CWEs []*AdvisoryCWEs `json:"cwes,omitempty"` 42 Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"` 43 References []*AdvisoryReference `json:"references,omitempty"` 44 PublishedAt *Timestamp `json:"published_at,omitempty"` 45 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 46 WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"` 47 } 48 49 // DependabotAlert represents a Dependabot alert. 50 type DependabotAlert struct { 51 Number *int `json:"number,omitempty"` 52 State *string `json:"state,omitempty"` 53 Dependency *Dependency `json:"dependency,omitempty"` 54 SecurityAdvisory *DependabotSecurityAdvisory `json:"security_advisory,omitempty"` 55 SecurityVulnerability *AdvisoryVulnerability `json:"security_vulnerability,omitempty"` 56 URL *string `json:"url,omitempty"` 57 HTMLURL *string `json:"html_url,omitempty"` 58 CreatedAt *Timestamp `json:"created_at,omitempty"` 59 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 60 DismissedAt *Timestamp `json:"dismissed_at,omitempty"` 61 DismissedBy *User `json:"dismissed_by,omitempty"` 62 DismissedReason *string `json:"dismissed_reason,omitempty"` 63 DismissedComment *string `json:"dismissed_comment,omitempty"` 64 FixedAt *Timestamp `json:"fixed_at,omitempty"` 65 } 66 67 // ListAlertsOptions specifies the optional parameters to the DependabotService.ListRepoAlerts 68 // and DependabotService.ListOrgAlerts methods. 69 type ListAlertsOptions struct { 70 State *string `url:"state,omitempty"` 71 Severity *string `url:"severity,omitempty"` 72 Ecosystem *string `url:"ecosystem,omitempty"` 73 Package *string `url:"package,omitempty"` 74 Scope *string `url:"scope,omitempty"` 75 Sort *string `url:"sort,omitempty"` 76 Direction *string `url:"direction,omitempty"` 77 78 ListCursorOptions 79 } 80 81 func (s *DependabotService) listAlerts(ctx context.Context, url string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) { 82 u, err := addOptions(url, opts) 83 if err != nil { 84 return nil, nil, err 85 } 86 87 req, err := s.client.NewRequest("GET", u, nil) 88 if err != nil { 89 return nil, nil, err 90 } 91 92 var alerts []*DependabotAlert 93 resp, err := s.client.Do(ctx, req, &alerts) 94 if err != nil { 95 return nil, resp, err 96 } 97 98 return alerts, resp, nil 99 } 100 101 // ListRepoAlerts lists all Dependabot alerts of a repository. 102 // 103 // GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#list-dependabot-alerts-for-a-repository 104 func (s *DependabotService) ListRepoAlerts(ctx context.Context, owner, repo string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) { 105 url := fmt.Sprintf("repos/%v/%v/dependabot/alerts", owner, repo) 106 return s.listAlerts(ctx, url, opts) 107 } 108 109 // ListOrgAlerts lists all Dependabot alerts of an organization. 110 // 111 // GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#list-dependabot-alerts-for-an-organization 112 func (s *DependabotService) ListOrgAlerts(ctx context.Context, org string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) { 113 url := fmt.Sprintf("orgs/%v/dependabot/alerts", org) 114 return s.listAlerts(ctx, url, opts) 115 } 116 117 // GetRepoAlert gets a single repository Dependabot alert. 118 // 119 // GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#get-a-dependabot-alert 120 func (s *DependabotService) GetRepoAlert(ctx context.Context, owner, repo string, number int) (*DependabotAlert, *Response, error) { 121 url := fmt.Sprintf("repos/%v/%v/dependabot/alerts/%v", owner, repo, number) 122 req, err := s.client.NewRequest("GET", url, nil) 123 if err != nil { 124 return nil, nil, err 125 } 126 127 alert := new(DependabotAlert) 128 resp, err := s.client.Do(ctx, req, alert) 129 if err != nil { 130 return nil, resp, err 131 } 132 133 return alert, resp, nil 134 }