github.com/google/go-github/v70@v70.0.0/github/secret_scanning.go (about) 1 // Copyright 2022 The go-github AUTHORS. All rights reserved. 2 // 3 // Use of this source code is governed by a BSD-style 4 // license that can be found in the LICENSE file. 5 6 package github 7 8 import ( 9 "context" 10 "fmt" 11 ) 12 13 // SecretScanningService handles communication with the secret scanning related 14 // methods of the GitHub API. 15 type SecretScanningService service 16 17 // SecretScanningAlert represents a GitHub secret scanning alert. 18 type SecretScanningAlert struct { 19 Number *int `json:"number,omitempty"` 20 CreatedAt *Timestamp `json:"created_at,omitempty"` 21 URL *string `json:"url,omitempty"` 22 HTMLURL *string `json:"html_url,omitempty"` 23 LocationsURL *string `json:"locations_url,omitempty"` 24 State *string `json:"state,omitempty"` 25 Resolution *string `json:"resolution,omitempty"` 26 ResolvedAt *Timestamp `json:"resolved_at,omitempty"` 27 ResolvedBy *User `json:"resolved_by,omitempty"` 28 SecretType *string `json:"secret_type,omitempty"` 29 SecretTypeDisplayName *string `json:"secret_type_display_name,omitempty"` 30 Secret *string `json:"secret,omitempty"` 31 Repository *Repository `json:"repository,omitempty"` 32 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 33 PushProtectionBypassed *bool `json:"push_protection_bypassed,omitempty"` 34 PushProtectionBypassedBy *User `json:"push_protection_bypassed_by,omitempty"` 35 PushProtectionBypassedAt *Timestamp `json:"push_protection_bypassed_at,omitempty"` 36 ResolutionComment *string `json:"resolution_comment,omitempty"` 37 } 38 39 // SecretScanningAlertLocation represents the location for a secret scanning alert. 40 type SecretScanningAlertLocation struct { 41 Type *string `json:"type,omitempty"` 42 Details *SecretScanningAlertLocationDetails `json:"details,omitempty"` 43 } 44 45 // SecretScanningAlertLocationDetails represents the location details for a secret scanning alert. 46 type SecretScanningAlertLocationDetails struct { 47 Path *string `json:"path,omitempty"` 48 Startline *int `json:"start_line,omitempty"` 49 EndLine *int `json:"end_line,omitempty"` 50 StartColumn *int `json:"start_column,omitempty"` 51 EndColumn *int `json:"end_column,omitempty"` 52 BlobSHA *string `json:"blob_sha,omitempty"` 53 BlobURL *string `json:"blob_url,omitempty"` 54 CommitSHA *string `json:"commit_sha,omitempty"` 55 CommitURL *string `json:"commit_url,omitempty"` 56 PullRequestCommentURL *string `json:"pull_request_comment_url,omitempty"` 57 } 58 59 // SecretScanningAlertListOptions specifies optional parameters to the SecretScanningService.ListAlertsForEnterprise method. 60 type SecretScanningAlertListOptions struct { 61 // State of the secret scanning alerts to list. Set to open or resolved to only list secret scanning alerts in a specific state. 62 State string `url:"state,omitempty"` 63 64 // A comma-separated list of secret types to return. By default all secret types are returned. 65 SecretType string `url:"secret_type,omitempty"` 66 67 // A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. 68 // Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests. 69 Resolution string `url:"resolution,omitempty"` 70 71 // A comma-separated list of validities that, when present, will return alerts that match the validities in this list. 72 // Valid options are active, inactive, and unknown. 73 Validity string `url:"validity,omitempty"` 74 75 // The direction to sort the results by. Possible values are: asc, desc. Default: desc. 76 Direction string `url:"direction,omitempty"` 77 78 // The property by which to sort the results. Possible values are: created, updated. Default: created. 79 Sort string `url:"sort,omitempty"` 80 81 ListCursorOptions 82 83 // List options can vary on the Enterprise type. 84 // On Enterprise Cloud, Secret Scan alerts support requesting by page number 85 // along with providing a cursor for an "after" param. 86 // See: https://docs.github.com/enterprise-cloud@latest/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization 87 // Whereas on Enterprise Server, pagination is by index. 88 // See: https://docs.github.com/enterprise-server@3.6/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization 89 ListOptions 90 } 91 92 // SecretScanningAlertUpdateOptions specifies optional parameters to the SecretScanningService.UpdateAlert method. 93 type SecretScanningAlertUpdateOptions struct { 94 // State is required and sets the state of the secret scanning alert. 95 // Can be either "open" or "resolved". 96 // You must provide resolution when you set the state to "resolved". 97 State string `json:"state"` 98 99 // Required when the state is "resolved" and represents the reason for resolving the alert. 100 // Can be one of: "false_positive", "wont_fix", "revoked", or "used_in_tests". 101 Resolution *string `json:"resolution,omitempty"` 102 103 // An optional comment when closing an alert. 104 ResolutionComment *string `json:"resolution_comment,omitempty"` 105 } 106 107 // ListAlertsForEnterprise lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest. 108 // 109 // To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or 110 // security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. 111 // 112 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-enterprise 113 // 114 //meta:operation GET /enterprises/{enterprise}/secret-scanning/alerts 115 func (s *SecretScanningService) ListAlertsForEnterprise(ctx context.Context, enterprise string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 116 u := fmt.Sprintf("enterprises/%v/secret-scanning/alerts", enterprise) 117 u, err := addOptions(u, opts) 118 if err != nil { 119 return nil, nil, err 120 } 121 122 req, err := s.client.NewRequest("GET", u, nil) 123 if err != nil { 124 return nil, nil, err 125 } 126 127 var alerts []*SecretScanningAlert 128 resp, err := s.client.Do(ctx, req, &alerts) 129 if err != nil { 130 return nil, resp, err 131 } 132 133 return alerts, resp, nil 134 } 135 136 // ListAlertsForOrg lists secret scanning alerts for eligible repositories in an organization, from newest to oldest. 137 // 138 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 139 // the repo scope or security_events scope. 140 // 141 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-an-organization 142 // 143 //meta:operation GET /orgs/{org}/secret-scanning/alerts 144 func (s *SecretScanningService) ListAlertsForOrg(ctx context.Context, org string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 145 u := fmt.Sprintf("orgs/%v/secret-scanning/alerts", org) 146 u, err := addOptions(u, opts) 147 if err != nil { 148 return nil, nil, err 149 } 150 151 req, err := s.client.NewRequest("GET", u, nil) 152 if err != nil { 153 return nil, nil, err 154 } 155 156 var alerts []*SecretScanningAlert 157 resp, err := s.client.Do(ctx, req, &alerts) 158 if err != nil { 159 return nil, resp, err 160 } 161 162 return alerts, resp, nil 163 } 164 165 // ListAlertsForRepo lists secret scanning alerts for a private repository, from newest to oldest. 166 // 167 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 168 // the repo scope or security_events scope. 169 // 170 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-secret-scanning-alerts-for-a-repository 171 // 172 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts 173 func (s *SecretScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) { 174 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts", owner, repo) 175 u, err := addOptions(u, opts) 176 if err != nil { 177 return nil, nil, err 178 } 179 180 req, err := s.client.NewRequest("GET", u, nil) 181 if err != nil { 182 return nil, nil, err 183 } 184 185 var alerts []*SecretScanningAlert 186 resp, err := s.client.Do(ctx, req, &alerts) 187 if err != nil { 188 return nil, resp, err 189 } 190 191 return alerts, resp, nil 192 } 193 194 // GetAlert gets a single secret scanning alert detected in a private repository. 195 // 196 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 197 // the repo scope or security_events scope. 198 // 199 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#get-a-secret-scanning-alert 200 // 201 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number} 202 func (s *SecretScanningService) GetAlert(ctx context.Context, owner, repo string, number int64) (*SecretScanningAlert, *Response, error) { 203 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number) 204 205 req, err := s.client.NewRequest("GET", u, nil) 206 if err != nil { 207 return nil, nil, err 208 } 209 210 var alert *SecretScanningAlert 211 resp, err := s.client.Do(ctx, req, &alert) 212 if err != nil { 213 return nil, resp, err 214 } 215 216 return alert, resp, nil 217 } 218 219 // UpdateAlert updates the status of a secret scanning alert in a private repository. 220 // 221 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 222 // the repo scope or security_events scope. 223 // 224 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#update-a-secret-scanning-alert 225 // 226 //meta:operation PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number} 227 func (s *SecretScanningService) UpdateAlert(ctx context.Context, owner, repo string, number int64, opts *SecretScanningAlertUpdateOptions) (*SecretScanningAlert, *Response, error) { 228 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number) 229 230 req, err := s.client.NewRequest("PATCH", u, opts) 231 if err != nil { 232 return nil, nil, err 233 } 234 235 var alert *SecretScanningAlert 236 resp, err := s.client.Do(ctx, req, &alert) 237 if err != nil { 238 return nil, resp, err 239 } 240 241 return alert, resp, nil 242 } 243 244 // ListLocationsForAlert lists all locations for a given secret scanning alert for a private repository. 245 // 246 // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with 247 // the repo scope or security_events scope. 248 // 249 // GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#list-locations-for-a-secret-scanning-alert 250 // 251 //meta:operation GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations 252 func (s *SecretScanningService) ListLocationsForAlert(ctx context.Context, owner, repo string, number int64, opts *ListOptions) ([]*SecretScanningAlertLocation, *Response, error) { 253 u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v/locations", owner, repo, number) 254 u, err := addOptions(u, opts) 255 if err != nil { 256 return nil, nil, err 257 } 258 259 req, err := s.client.NewRequest("GET", u, nil) 260 if err != nil { 261 return nil, nil, err 262 } 263 264 var locations []*SecretScanningAlertLocation 265 resp, err := s.client.Do(ctx, req, &locations) 266 if err != nil { 267 return nil, resp, err 268 } 269 270 return locations, resp, nil 271 }