github.com/google/go-github/v71@v71.0.0/github/dependabot_alerts.go (about) 1 // Copyright 2022 The go-github AUTHORS. All rights reserved. 2 // 3 // Use of this source code is governed by a BSD-style 4 // license that can be found in the LICENSE file. 5 6 package github 7 8 import ( 9 "context" 10 "fmt" 11 ) 12 13 // Dependency represents the vulnerable dependency. 14 type Dependency struct { 15 Package *VulnerabilityPackage `json:"package,omitempty"` 16 ManifestPath *string `json:"manifest_path,omitempty"` 17 Scope *string `json:"scope,omitempty"` 18 } 19 20 // AdvisoryCVSS represents the advisory pertaining to the Common Vulnerability Scoring System. 21 type AdvisoryCVSS struct { 22 Score *float64 `json:"score,omitempty"` 23 VectorString *string `json:"vector_string,omitempty"` 24 } 25 26 // AdvisoryCWEs represent the advisory pertaining to Common Weakness Enumeration. 27 type AdvisoryCWEs struct { 28 CWEID *string `json:"cwe_id,omitempty"` 29 Name *string `json:"name,omitempty"` 30 } 31 32 // DependabotSecurityAdvisory represents the GitHub Security Advisory. 33 type DependabotSecurityAdvisory struct { 34 GHSAID *string `json:"ghsa_id,omitempty"` 35 CVEID *string `json:"cve_id,omitempty"` 36 Summary *string `json:"summary,omitempty"` 37 Description *string `json:"description,omitempty"` 38 Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"` 39 Severity *string `json:"severity,omitempty"` 40 CVSS *AdvisoryCVSS `json:"cvss,omitempty"` 41 CWEs []*AdvisoryCWEs `json:"cwes,omitempty"` 42 Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"` 43 References []*AdvisoryReference `json:"references,omitempty"` 44 PublishedAt *Timestamp `json:"published_at,omitempty"` 45 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 46 WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"` 47 } 48 49 // DependabotAlert represents a Dependabot alert. 50 type DependabotAlert struct { 51 Number *int `json:"number,omitempty"` 52 State *string `json:"state,omitempty"` 53 Dependency *Dependency `json:"dependency,omitempty"` 54 SecurityAdvisory *DependabotSecurityAdvisory `json:"security_advisory,omitempty"` 55 SecurityVulnerability *AdvisoryVulnerability `json:"security_vulnerability,omitempty"` 56 URL *string `json:"url,omitempty"` 57 HTMLURL *string `json:"html_url,omitempty"` 58 CreatedAt *Timestamp `json:"created_at,omitempty"` 59 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 60 DismissedAt *Timestamp `json:"dismissed_at,omitempty"` 61 DismissedBy *User `json:"dismissed_by,omitempty"` 62 DismissedReason *string `json:"dismissed_reason,omitempty"` 63 DismissedComment *string `json:"dismissed_comment,omitempty"` 64 FixedAt *Timestamp `json:"fixed_at,omitempty"` 65 AutoDismissedAt *Timestamp `json:"auto_dismissed_at,omitempty"` 66 // The repository is always empty for events 67 Repository *Repository `json:"repository,omitempty"` 68 } 69 70 // DependabotAlertState represents the state of a Dependabot alert to update. 71 type DependabotAlertState struct { 72 // The state of the Dependabot alert. A dismissed_reason must be provided when setting the state to dismissed. 73 State string `json:"state"` 74 // Required when state is dismissed. A reason for dismissing the alert. 75 // Can be one of: fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk 76 DismissedReason *string `json:"dismissed_reason,omitempty"` 77 // An optional comment associated with dismissing the alert. 78 DismissedComment *string `json:"dismissed_comment,omitempty"` 79 } 80 81 // ListAlertsOptions specifies the optional parameters to the DependabotService.ListRepoAlerts 82 // and DependabotService.ListOrgAlerts methods. 83 type ListAlertsOptions struct { 84 State *string `url:"state,omitempty"` 85 Severity *string `url:"severity,omitempty"` 86 Ecosystem *string `url:"ecosystem,omitempty"` 87 Package *string `url:"package,omitempty"` 88 Scope *string `url:"scope,omitempty"` 89 Sort *string `url:"sort,omitempty"` 90 Direction *string `url:"direction,omitempty"` 91 92 ListOptions 93 ListCursorOptions 94 } 95 96 func (s *DependabotService) listAlerts(ctx context.Context, url string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) { 97 u, err := addOptions(url, opts) 98 if err != nil { 99 return nil, nil, err 100 } 101 102 req, err := s.client.NewRequest("GET", u, nil) 103 if err != nil { 104 return nil, nil, err 105 } 106 107 var alerts []*DependabotAlert 108 resp, err := s.client.Do(ctx, req, &alerts) 109 if err != nil { 110 return nil, resp, err 111 } 112 113 return alerts, resp, nil 114 } 115 116 // ListRepoAlerts lists all Dependabot alerts of a repository. 117 // 118 // GitHub API docs: https://docs.github.com/rest/dependabot/alerts#list-dependabot-alerts-for-a-repository 119 // 120 //meta:operation GET /repos/{owner}/{repo}/dependabot/alerts 121 func (s *DependabotService) ListRepoAlerts(ctx context.Context, owner, repo string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) { 122 url := fmt.Sprintf("repos/%v/%v/dependabot/alerts", owner, repo) 123 return s.listAlerts(ctx, url, opts) 124 } 125 126 // ListOrgAlerts lists all Dependabot alerts of an organization. 127 // 128 // GitHub API docs: https://docs.github.com/rest/dependabot/alerts#list-dependabot-alerts-for-an-organization 129 // 130 //meta:operation GET /orgs/{org}/dependabot/alerts 131 func (s *DependabotService) ListOrgAlerts(ctx context.Context, org string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) { 132 url := fmt.Sprintf("orgs/%v/dependabot/alerts", org) 133 return s.listAlerts(ctx, url, opts) 134 } 135 136 // GetRepoAlert gets a single repository Dependabot alert. 137 // 138 // GitHub API docs: https://docs.github.com/rest/dependabot/alerts#get-a-dependabot-alert 139 // 140 //meta:operation GET /repos/{owner}/{repo}/dependabot/alerts/{alert_number} 141 func (s *DependabotService) GetRepoAlert(ctx context.Context, owner, repo string, number int) (*DependabotAlert, *Response, error) { 142 url := fmt.Sprintf("repos/%v/%v/dependabot/alerts/%v", owner, repo, number) 143 req, err := s.client.NewRequest("GET", url, nil) 144 if err != nil { 145 return nil, nil, err 146 } 147 148 alert := new(DependabotAlert) 149 resp, err := s.client.Do(ctx, req, alert) 150 if err != nil { 151 return nil, resp, err 152 } 153 154 return alert, resp, nil 155 } 156 157 // UpdateAlert updates a Dependabot alert. 158 // 159 // GitHub API docs: https://docs.github.com/rest/dependabot/alerts#update-a-dependabot-alert 160 // 161 //meta:operation PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number} 162 func (s *DependabotService) UpdateAlert(ctx context.Context, owner, repo string, number int, stateInfo *DependabotAlertState) (*DependabotAlert, *Response, error) { 163 url := fmt.Sprintf("repos/%v/%v/dependabot/alerts/%v", owner, repo, number) 164 req, err := s.client.NewRequest("PATCH", url, stateInfo) 165 if err != nil { 166 return nil, nil, err 167 } 168 169 alert := new(DependabotAlert) 170 resp, err := s.client.Do(ctx, req, alert) 171 if err != nil { 172 return nil, resp, err 173 } 174 175 return alert, resp, nil 176 }