github.com/google/go-github/v68@v68.0.0/github/secret_scanning.go (about) 1 // Copyright 2022 The go-github AUTHORS. All rights reserved. 2 // 3 // Use of this source code is governed by a BSD-style 4 // license that can be found in the LICENSE file. 5 6 package github 7 8 import ( 9 "context" 10 "fmt" 11 ) 12 13 // SecretScanningService handles communication with the secret scanning related 14 // methods of the GitHub API. 15 type SecretScanningService service 16 17 // SecretScanningAlert represents a GitHub secret scanning alert. 18 type SecretScanningAlert struct { 19 Number *int `json:"number,omitempty"` 20 CreatedAt *Timestamp `json:"created_at,omitempty"` 21 URL *string `json:"url,omitempty"` 22 HTMLURL *string `json:"html_url,omitempty"` 23 LocationsURL *string `json:"locations_url,omitempty"` 24 State *string `json:"state,omitempty"` 25 Resolution *string `json:"resolution,omitempty"` 26 ResolvedAt *Timestamp `json:"resolved_at,omitempty"` 27 ResolvedBy *User `json:"resolved_by,omitempty"` 28 SecretType *string `json:"secret_type,omitempty"` 29 SecretTypeDisplayName *string `json:"secret_type_display_name,omitempty"` 30 Secret *string `json:"secret,omitempty"` 31 Repository *Repository `json:"repository,omitempty"` 32 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 33 PushProtectionBypassed *bool `json:"push_protection_bypassed,omitempty"` 34 PushProtectionBypassedBy *User `json:"push_protection_bypassed_by,omitempty"` 35 PushProtectionBypassedAt *Timestamp `json:"push_protection_bypassed_at,omitempty"` 36 ResolutionComment *string `json:"resolution_comment,omitempty"` 37 } 38 39 // SecretScanningAlertLocation represents the location for a secret scanning alert. 40 type SecretScanningAlertLocation struct { 41 Type *string `json:"type,omitempty"` 42 Details *SecretScanningAlertLocationDetails `json:"details,omitempty"` 43 } 44 45 // SecretScanningAlertLocationDetails represents the location details for a secret scanning alert. 46 type SecretScanningAlertLocationDetails struct { 47 Path *string `json:"path,omitempty"` 48 Startline *int `json:"start_line,omitempty"` 49 EndLine *int `json:"end_line,omitempty"` 50 StartColumn *int `json:"start_column,omitempty"` 51 EndColumn *int `json:"end_column,omitempty"` 52 BlobSHA *string `json:"blob_sha,omitempty"` 53 BlobURL *string `json:"blob_url,omitempty"` 54 CommitSHA *string `json:"commit_sha,omitempty"` 55 CommitURL *string `json:"commit_url,omitempty"` 56 PullRequestCommentURL *string `json:"pull_request_comment_url,omitempty"` 57 } 58 59 // SecretScanningAlertListOptions specifies optional parameters to the SecretScanningService.ListAlertsForEnterprise method. 60 type SecretScanningAlertListOptions struct { 61 // State of the secret scanning alerts to list. Set to open or resolved to only list secret scanning alerts in a specific state. 62 State string `url:"state,omitempty"` 63 64 // A comma-separated list of secret types to return. By default all secret types are returned. 65 SecretType string `url:"secret_type,omitempty"` 66 67 // A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. 68 // Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests. 69 Resolution string `url:"resolution,omitempty"` 70 71 ListCursorOptions 72 73 // List options can vary on the Enterprise type. 74 // On Enterprise Cloud, Secret Scan alerts support requesting by page number 75 // along with providing a cursor for an "after" param. 76 // See: https://docs.github.com/enterprise-cloud@latest/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization 77 // Whereas on Enterprise Server, pagination is by index. 78 // See: https://docs.github.com/enterprise-server@3.6/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization 79 ListOptions 80 } 81 82 // SecretScanningAlertUpdateOptions specifies optional parameters to the SecretScanningService.UpdateAlert method. 83 type SecretScanningAlertUpdateOptions struct { 84 // State is required and sets the state of the secret scanning alert. 85 // Can be either "open" or "resolved". 86 // You must provide resolution when you set the state to "resolved". 87 State string `json:"state"` 88 89 // Required when the state is "resolved" and represents the reason for resolving the alert. 90 // Can be one of: "false_positive", "wont_fix", "revoked", or "used_in_tests". 91 Resolution *string `json:"resolution,omitempty"` 92 93 // An optional comment when closing an alert. 94 ResolutionComment *string `json:"resolution_comment,omitempty"` 95 } 96 97 // ListAlertsForEnterprise lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest. 98 // 99 // To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or 100 // security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. 101 // 102 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-enterprise 103 // 104 //meta:operation GET /enterprises/{enterprise}/secret-scanning/alerts 105 func (s *SecretScanningService) ListAlertsForEnterprise(ctx context.Context, enterprise string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 106 u := fmt.Sprintf("enterprises/%v/secret-scanning/alerts", enterprise) 107 u, err := addOptions(u, opts) 108 if err != nil { 109 return nil, nil, err 110 } 111 112 req, err := s.client.NewRequest("GET", u, nil) 113 if err != nil { 114 return nil, nil, err 115 } 116 117 var alerts []*SecretScanningAlert 118 resp, err := s.client.Do(ctx, req, &alerts) 119 if err != nil { 120 return nil, resp, err 121 } 122 123 return alerts, resp, nil 124 } 125 126 // ListAlertsForOrg lists secret scanning alerts for eligible repositories in an organization, from newest to oldest. 127 // 128 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 129 // the repo scope or security_events scope. 130 // 131 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-organization 132 // 133 //meta:operation GET /orgs/{org}/secret-scanning/alerts 134 func (s *SecretScanningService) ListAlertsForOrg(ctx context.Context, org string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 135 u := fmt.Sprintf("orgs/%v/secret-scanning/alerts", org) 136 u, err := addOptions(u, opts) 137 if err != nil { 138 return nil, nil, err 139 } 140 141 req, err := s.client.NewRequest("GET", u, nil) 142 if err != nil { 143 return nil, nil, err 144 } 145 146 var alerts []*SecretScanningAlert 147 resp, err := s.client.Do(ctx, req, &alerts) 148 if err != nil { 149 return nil, resp, err 150 } 151 152 return alerts, resp, nil 153 } 154 155 // ListAlertsForRepo lists secret scanning alerts for a private repository, from newest to oldest. 156 // 157 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 158 // the repo scope or security_events scope. 159 // 160 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-a-repository 161 // 162 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts 163 func (s *SecretScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 164 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts", owner, repo) 165 u, err := addOptions(u, opts) 166 if err != nil { 167 return nil, nil, err 168 } 169 170 req, err := s.client.NewRequest("GET", u, nil) 171 if err != nil { 172 return nil, nil, err 173 } 174 175 var alerts []*SecretScanningAlert 176 resp, err := s.client.Do(ctx, req, &alerts) 177 if err != nil { 178 return nil, resp, err 179 } 180 181 return alerts, resp, nil 182 } 183 184 // GetAlert gets a single secret scanning alert detected in a private repository. 185 // 186 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 187 // the repo scope or security_events scope. 188 // 189 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#get-a-secret-scanning-alert 190 // 191 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number} 192 func (s *SecretScanningService) GetAlert(ctx context.Context, owner, repo string, number int64) (*SecretScanningAlert, *Response, error) { 193 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number) 194 195 req, err := s.client.NewRequest("GET", u, nil) 196 if err != nil { 197 return nil, nil, err 198 } 199 200 var alert *SecretScanningAlert 201 resp, err := s.client.Do(ctx, req, &alert) 202 if err != nil { 203 return nil, resp, err 204 } 205 206 return alert, resp, nil 207 } 208 209 // UpdateAlert updates the status of a secret scanning alert in a private repository. 210 // 211 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 212 // the repo scope or security_events scope. 213 // 214 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#update-a-secret-scanning-alert 215 // 216 //meta:operation PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number} 217 func (s *SecretScanningService) UpdateAlert(ctx context.Context, owner, repo string, number int64, opts *SecretScanningAlertUpdateOptions) (*SecretScanningAlert, *Response, error) { 218 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number) 219 220 req, err := s.client.NewRequest("PATCH", u, opts) 221 if err != nil { 222 return nil, nil, err 223 } 224 225 var alert *SecretScanningAlert 226 resp, err := s.client.Do(ctx, req, &alert) 227 if err != nil { 228 return nil, resp, err 229 } 230 231 return alert, resp, nil 232 } 233 234 // ListLocationsForAlert lists all locations for a given secret scanning alert for a private repository. 235 // 236 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 237 // the repo scope or security_events scope. 238 // 239 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-locations-for-a-secret-scanning-alert 240 // 241 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations 242 func (s *SecretScanningService) ListLocationsForAlert(ctx context.Context, owner, repo string, number int64, opts *ListOptions) ([]*SecretScanningAlertLocation, *Response, error) { 243 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v/locations", owner, repo, number) 244 u, err := addOptions(u, opts) 245 if err != nil { 246 return nil, nil, err 247 } 248 249 req, err := s.client.NewRequest("GET", u, nil) 250 if err != nil { 251 return nil, nil, err 252 } 253 254 var locations []*SecretScanningAlertLocation 255 resp, err := s.client.Do(ctx, req, &locations) 256 if err != nil { 257 return nil, resp, err 258 } 259 260 return locations, resp, nil 261 }