github.com/google/go-github/v69@v69.2.0/github/secret_scanning.go (about) 1 // Copyright 2022 The go-github AUTHORS. All rights reserved. 2 // 3 // Use of this source code is governed by a BSD-style 4 // license that can be found in the LICENSE file. 5 6 package github 7 8 import ( 9 "context" 10 "fmt" 11 ) 12 13 // SecretScanningService handles communication with the secret scanning related 14 // methods of the GitHub API. 15 type SecretScanningService service 16 17 // SecretScanningAlert represents a GitHub secret scanning alert. 18 type SecretScanningAlert struct { 19 Number *int `json:"number,omitempty"` 20 CreatedAt *Timestamp `json:"created_at,omitempty"` 21 URL *string `json:"url,omitempty"` 22 HTMLURL *string `json:"html_url,omitempty"` 23 LocationsURL *string `json:"locations_url,omitempty"` 24 State *string `json:"state,omitempty"` 25 Resolution *string `json:"resolution,omitempty"` 26 ResolvedAt *Timestamp `json:"resolved_at,omitempty"` 27 ResolvedBy *User `json:"resolved_by,omitempty"` 28 SecretType *string `json:"secret_type,omitempty"` 29 SecretTypeDisplayName *string `json:"secret_type_display_name,omitempty"` 30 Secret *string `json:"secret,omitempty"` 31 Repository *Repository `json:"repository,omitempty"` 32 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 33 PushProtectionBypassed *bool `json:"push_protection_bypassed,omitempty"` 34 PushProtectionBypassedBy *User `json:"push_protection_bypassed_by,omitempty"` 35 PushProtectionBypassedAt *Timestamp `json:"push_protection_bypassed_at,omitempty"` 36 ResolutionComment *string `json:"resolution_comment,omitempty"` 37 } 38 39 // SecretScanningAlertLocation represents the location for a secret scanning alert. 40 type SecretScanningAlertLocation struct { 41 Type *string `json:"type,omitempty"` 42 Details *SecretScanningAlertLocationDetails `json:"details,omitempty"` 43 } 44 45 // SecretScanningAlertLocationDetails represents the location details for a secret scanning alert. 46 type SecretScanningAlertLocationDetails struct { 47 Path *string `json:"path,omitempty"` 48 Startline *int `json:"start_line,omitempty"` 49 EndLine *int `json:"end_line,omitempty"` 50 StartColumn *int `json:"start_column,omitempty"` 51 EndColumn *int `json:"end_column,omitempty"` 52 BlobSHA *string `json:"blob_sha,omitempty"` 53 BlobURL *string `json:"blob_url,omitempty"` 54 CommitSHA *string `json:"commit_sha,omitempty"` 55 CommitURL *string `json:"commit_url,omitempty"` 56 PullRequestCommentURL *string `json:"pull_request_comment_url,omitempty"` 57 } 58 59 // SecretScanningAlertListOptions specifies optional parameters to the SecretScanningService.ListAlertsForEnterprise method. 60 type SecretScanningAlertListOptions struct { 61 // State of the secret scanning alerts to list. Set to open or resolved to only list secret scanning alerts in a specific state. 62 State string `url:"state,omitempty"` 63 64 // A comma-separated list of secret types to return. By default all secret types are returned. 65 SecretType string `url:"secret_type,omitempty"` 66 67 // A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. 68 // Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests. 69 Resolution string `url:"resolution,omitempty"` 70 71 // The direction to sort the results by. Possible values are: asc, desc. Default: desc. 72 Direction string `url:"direction,omitempty"` 73 74 // The property by which to sort the results. Possible values are: created, updated. Default: created. 75 Sort string `url:"sort,omitempty"` 76 77 ListCursorOptions 78 79 // List options can vary on the Enterprise type. 80 // On Enterprise Cloud, Secret Scan alerts support requesting by page number 81 // along with providing a cursor for an "after" param. 82 // See: https://docs.github.com/enterprise-cloud@latest/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization 83 // Whereas on Enterprise Server, pagination is by index. 84 // See: https://docs.github.com/enterprise-server@3.6/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization 85 ListOptions 86 } 87 88 // SecretScanningAlertUpdateOptions specifies optional parameters to the SecretScanningService.UpdateAlert method. 89 type SecretScanningAlertUpdateOptions struct { 90 // State is required and sets the state of the secret scanning alert. 91 // Can be either "open" or "resolved". 92 // You must provide resolution when you set the state to "resolved". 93 State string `json:"state"` 94 95 // Required when the state is "resolved" and represents the reason for resolving the alert. 96 // Can be one of: "false_positive", "wont_fix", "revoked", or "used_in_tests". 97 Resolution *string `json:"resolution,omitempty"` 98 99 // An optional comment when closing an alert. 100 ResolutionComment *string `json:"resolution_comment,omitempty"` 101 } 102 103 // ListAlertsForEnterprise lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest. 104 // 105 // To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or 106 // security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. 107 // 108 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-enterprise 109 // 110 //meta:operation GET /enterprises/{enterprise}/secret-scanning/alerts 111 func (s *SecretScanningService) ListAlertsForEnterprise(ctx context.Context, enterprise string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 112 u := fmt.Sprintf("enterprises/%v/secret-scanning/alerts", enterprise) 113 u, err := addOptions(u, opts) 114 if err != nil { 115 return nil, nil, err 116 } 117 118 req, err := s.client.NewRequest("GET", u, nil) 119 if err != nil { 120 return nil, nil, err 121 } 122 123 var alerts []*SecretScanningAlert 124 resp, err := s.client.Do(ctx, req, &alerts) 125 if err != nil { 126 return nil, resp, err 127 } 128 129 return alerts, resp, nil 130 } 131 132 // ListAlertsForOrg lists secret scanning alerts for eligible repositories in an organization, from newest to oldest. 133 // 134 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 135 // the repo scope or security_events scope. 136 // 137 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-organization 138 // 139 //meta:operation GET /orgs/{org}/secret-scanning/alerts 140 func (s *SecretScanningService) ListAlertsForOrg(ctx context.Context, org string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 141 u := fmt.Sprintf("orgs/%v/secret-scanning/alerts", org) 142 u, err := addOptions(u, opts) 143 if err != nil { 144 return nil, nil, err 145 } 146 147 req, err := s.client.NewRequest("GET", u, nil) 148 if err != nil { 149 return nil, nil, err 150 } 151 152 var alerts []*SecretScanningAlert 153 resp, err := s.client.Do(ctx, req, &alerts) 154 if err != nil { 155 return nil, resp, err 156 } 157 158 return alerts, resp, nil 159 } 160 161 // ListAlertsForRepo lists secret scanning alerts for a private repository, from newest to oldest. 162 // 163 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 164 // the repo scope or security_events scope. 165 // 166 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-a-repository 167 // 168 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts 169 func (s *SecretScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 170 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts", owner, repo) 171 u, err := addOptions(u, opts) 172 if err != nil { 173 return nil, nil, err 174 } 175 176 req, err := s.client.NewRequest("GET", u, nil) 177 if err != nil { 178 return nil, nil, err 179 } 180 181 var alerts []*SecretScanningAlert 182 resp, err := s.client.Do(ctx, req, &alerts) 183 if err != nil { 184 return nil, resp, err 185 } 186 187 return alerts, resp, nil 188 } 189 190 // GetAlert gets a single secret scanning alert detected in a private repository. 191 // 192 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 193 // the repo scope or security_events scope. 194 // 195 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#get-a-secret-scanning-alert 196 // 197 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number} 198 func (s *SecretScanningService) GetAlert(ctx context.Context, owner, repo string, number int64) (*SecretScanningAlert, *Response, error) { 199 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number) 200 201 req, err := s.client.NewRequest("GET", u, nil) 202 if err != nil { 203 return nil, nil, err 204 } 205 206 var alert *SecretScanningAlert 207 resp, err := s.client.Do(ctx, req, &alert) 208 if err != nil { 209 return nil, resp, err 210 } 211 212 return alert, resp, nil 213 } 214 215 // UpdateAlert updates the status of a secret scanning alert in a private repository. 216 // 217 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 218 // the repo scope or security_events scope. 219 // 220 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#update-a-secret-scanning-alert 221 // 222 //meta:operation PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number} 223 func (s *SecretScanningService) UpdateAlert(ctx context.Context, owner, repo string, number int64, opts *SecretScanningAlertUpdateOptions) (*SecretScanningAlert, *Response, error) { 224 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number) 225 226 req, err := s.client.NewRequest("PATCH", u, opts) 227 if err != nil { 228 return nil, nil, err 229 } 230 231 var alert *SecretScanningAlert 232 resp, err := s.client.Do(ctx, req, &alert) 233 if err != nil { 234 return nil, resp, err 235 } 236 237 return alert, resp, nil 238 } 239 240 // ListLocationsForAlert lists all locations for a given secret scanning alert for a private repository. 241 // 242 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 243 // the repo scope or security_events scope. 244 // 245 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-locations-for-a-secret-scanning-alert 246 // 247 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations 248 func (s *SecretScanningService) ListLocationsForAlert(ctx context.Context, owner, repo string, number int64, opts *ListOptions) ([]*SecretScanningAlertLocation, *Response, error) { 249 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v/locations", owner, repo, number) 250 u, err := addOptions(u, opts) 251 if err != nil { 252 return nil, nil, err 253 } 254 255 req, err := s.client.NewRequest("GET", u, nil) 256 if err != nil { 257 return nil, nil, err 258 } 259 260 var locations []*SecretScanningAlertLocation 261 resp, err := s.client.Do(ctx, req, &locations) 262 if err != nil { 263 return nil, resp, err 264 } 265 266 return locations, resp, nil 267 }