github.com/google/go-github/v60@v60.0.0/github/secret_scanning.go (about) 1 // Copyright 2022 The go-github AUTHORS. All rights reserved. 2 // 3 // Use of this source code is governed by a BSD-style 4 // license that can be found in the LICENSE file. 5 6 package github 7 8 import ( 9 "context" 10 "fmt" 11 ) 12 13 // SecretScanningService handles communication with the secret scanning related 14 // methods of the GitHub API. 15 type SecretScanningService service 16 17 // SecretScanningAlert represents a GitHub secret scanning alert. 18 type SecretScanningAlert struct { 19 Number *int `json:"number,omitempty"` 20 CreatedAt *Timestamp `json:"created_at,omitempty"` 21 URL *string `json:"url,omitempty"` 22 HTMLURL *string `json:"html_url,omitempty"` 23 LocationsURL *string `json:"locations_url,omitempty"` 24 State *string `json:"state,omitempty"` 25 Resolution *string `json:"resolution,omitempty"` 26 ResolvedAt *Timestamp `json:"resolved_at,omitempty"` 27 ResolvedBy *User `json:"resolved_by,omitempty"` 28 SecretType *string `json:"secret_type,omitempty"` 29 SecretTypeDisplayName *string `json:"secret_type_display_name,omitempty"` 30 Secret *string `json:"secret,omitempty"` 31 Repository *Repository `json:"repository,omitempty"` 32 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 33 PushProtectionBypassed *bool `json:"push_protection_bypassed,omitempty"` 34 PushProtectionBypassedBy *User `json:"push_protection_bypassed_by,omitempty"` 35 PushProtectionBypassedAt *Timestamp `json:"push_protection_bypassed_at,omitempty"` 36 ResolutionComment *string `json:"resolution_comment,omitempty"` 37 } 38 39 // SecretScanningAlertLocation represents the location for a secret scanning alert. 40 type SecretScanningAlertLocation struct { 41 Type *string `json:"type,omitempty"` 42 Details *SecretScanningAlertLocationDetails `json:"details,omitempty"` 43 } 44 45 // SecretScanningAlertLocationDetails represents the location details for a secret scanning alert. 46 type SecretScanningAlertLocationDetails struct { 47 Path *string `json:"path,omitempty"` 48 Startline *int `json:"start_line,omitempty"` 49 EndLine *int `json:"end_line,omitempty"` 50 StartColumn *int `json:"start_column,omitempty"` 51 EndColumn *int `json:"end_column,omitempty"` 52 BlobSHA *string `json:"blob_sha,omitempty"` 53 BlobURL *string `json:"blob_url,omitempty"` 54 CommitSHA *string `json:"commit_sha,omitempty"` 55 CommitURL *string `json:"commit_url,omitempty"` 56 } 57 58 // SecretScanningAlertListOptions specifies optional parameters to the SecretScanningService.ListAlertsForEnterprise method. 59 type SecretScanningAlertListOptions struct { 60 // State of the secret scanning alerts to list. Set to open or resolved to only list secret scanning alerts in a specific state. 61 State string `url:"state,omitempty"` 62 63 // A comma-separated list of secret types to return. By default all secret types are returned. 64 SecretType string `url:"secret_type,omitempty"` 65 66 // A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. 67 // Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests. 68 Resolution string `url:"resolution,omitempty"` 69 70 ListCursorOptions 71 72 // List options can vary on the Enterprise type. 73 // On Enterprise Cloud, Secret Scan alerts support requesting by page number 74 // along with providing a cursor for an "after" param. 75 // See: https://docs.github.com/enterprise-cloud@latest/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization 76 // Whereas on Enterprise Server, pagination is by index. 77 // See: https://docs.github.com/enterprise-server@3.6/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization 78 ListOptions 79 } 80 81 // SecretScanningAlertUpdateOptions specifies optional parameters to the SecretScanningService.UpdateAlert method. 82 type SecretScanningAlertUpdateOptions struct { 83 // State is required and sets the state of the secret scanning alert. 84 // Can be either "open" or "resolved". 85 // You must provide resolution when you set the state to "resolved". 86 State string `json:"state"` 87 88 // Required when the state is "resolved" and represents the reason for resolving the alert. 89 // Can be one of: "false_positive", "wont_fix", "revoked", or "used_in_tests". 90 Resolution *string `json:"resolution,omitempty"` 91 } 92 93 // ListAlertsForEnterprise lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest. 94 // 95 // To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or 96 // security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. 97 // 98 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-enterprise 99 // 100 //meta:operation GET /enterprises/{enterprise}/secret-scanning/alerts 101 func (s *SecretScanningService) ListAlertsForEnterprise(ctx context.Context, enterprise string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 102 u := fmt.Sprintf("enterprises/%v/secret-scanning/alerts", enterprise) 103 u, err := addOptions(u, opts) 104 if err != nil { 105 return nil, nil, err 106 } 107 108 req, err := s.client.NewRequest("GET", u, nil) 109 if err != nil { 110 return nil, nil, err 111 } 112 113 var alerts []*SecretScanningAlert 114 resp, err := s.client.Do(ctx, req, &alerts) 115 if err != nil { 116 return nil, resp, err 117 } 118 119 return alerts, resp, nil 120 } 121 122 // ListAlertsForOrg lists secret scanning alerts for eligible repositories in an organization, from newest to oldest. 123 // 124 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 125 // the repo scope or security_events scope. 126 // 127 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-organization 128 // 129 //meta:operation GET /orgs/{org}/secret-scanning/alerts 130 func (s *SecretScanningService) ListAlertsForOrg(ctx context.Context, org string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 131 u := fmt.Sprintf("orgs/%v/secret-scanning/alerts", org) 132 u, err := addOptions(u, opts) 133 if err != nil { 134 return nil, nil, err 135 } 136 137 req, err := s.client.NewRequest("GET", u, nil) 138 if err != nil { 139 return nil, nil, err 140 } 141 142 var alerts []*SecretScanningAlert 143 resp, err := s.client.Do(ctx, req, &alerts) 144 if err != nil { 145 return nil, resp, err 146 } 147 148 return alerts, resp, nil 149 } 150 151 // ListAlertsForRepo lists secret scanning alerts for a private repository, from newest to oldest. 152 // 153 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 154 // the repo scope or security_events scope. 155 // 156 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-a-repository 157 // 158 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts 159 func (s *SecretScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 160 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts", owner, repo) 161 u, err := addOptions(u, opts) 162 if err != nil { 163 return nil, nil, err 164 } 165 166 req, err := s.client.NewRequest("GET", u, nil) 167 if err != nil { 168 return nil, nil, err 169 } 170 171 var alerts []*SecretScanningAlert 172 resp, err := s.client.Do(ctx, req, &alerts) 173 if err != nil { 174 return nil, resp, err 175 } 176 177 return alerts, resp, nil 178 } 179 180 // GetAlert gets a single secret scanning alert detected in a private repository. 181 // 182 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 183 // the repo scope or security_events scope. 184 // 185 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#get-a-secret-scanning-alert 186 // 187 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number} 188 func (s *SecretScanningService) GetAlert(ctx context.Context, owner, repo string, number int64) (*SecretScanningAlert, *Response, error) { 189 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number) 190 191 req, err := s.client.NewRequest("GET", u, nil) 192 if err != nil { 193 return nil, nil, err 194 } 195 196 var alert *SecretScanningAlert 197 resp, err := s.client.Do(ctx, req, &alert) 198 if err != nil { 199 return nil, resp, err 200 } 201 202 return alert, resp, nil 203 } 204 205 // UpdateAlert updates the status of a secret scanning alert in a private repository. 206 // 207 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 208 // the repo scope or security_events scope. 209 // 210 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#update-a-secret-scanning-alert 211 // 212 //meta:operation PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number} 213 func (s *SecretScanningService) UpdateAlert(ctx context.Context, owner, repo string, number int64, opts *SecretScanningAlertUpdateOptions) (*SecretScanningAlert, *Response, error) { 214 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number) 215 216 req, err := s.client.NewRequest("PATCH", u, opts) 217 if err != nil { 218 return nil, nil, err 219 } 220 221 var alert *SecretScanningAlert 222 resp, err := s.client.Do(ctx, req, &alert) 223 if err != nil { 224 return nil, resp, err 225 } 226 227 return alert, resp, nil 228 } 229 230 // ListLocationsForAlert lists all locations for a given secret scanning alert for a private repository. 231 // 232 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 233 // the repo scope or security_events scope. 234 // 235 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-locations-for-a-secret-scanning-alert 236 // 237 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations 238 func (s *SecretScanningService) ListLocationsForAlert(ctx context.Context, owner, repo string, number int64, opts *ListOptions) ([]*SecretScanningAlertLocation, *Response, error) { 239 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v/locations", owner, repo, number) 240 u, err := addOptions(u, opts) 241 if err != nil { 242 return nil, nil, err 243 } 244 245 req, err := s.client.NewRequest("GET", u, nil) 246 if err != nil { 247 return nil, nil, err 248 } 249 250 var locations []*SecretScanningAlertLocation 251 resp, err := s.client.Do(ctx, req, &locations) 252 if err != nil { 253 return nil, resp, err 254 } 255 256 return locations, resp, nil 257 }