github.com/google/go-github/v74@v74.0.0/github/dependabot_alerts.go (about) 1 // Copyright 2022 The go-github AUTHORS. All rights reserved. 2 // 3 // Use of this source code is governed by a BSD-style 4 // license that can be found in the LICENSE file. 5 6 package github 7 8 import ( 9 "context" 10 "fmt" 11 ) 12 13 // Dependency represents the vulnerable dependency. 14 type Dependency struct { 15 Package *VulnerabilityPackage `json:"package,omitempty"` 16 ManifestPath *string `json:"manifest_path,omitempty"` 17 Scope *string `json:"scope,omitempty"` 18 } 19 20 // AdvisoryCVSS represents the advisory pertaining to the Common Vulnerability Scoring System. 21 type AdvisoryCVSS struct { 22 Score *float64 `json:"score,omitempty"` 23 VectorString *string `json:"vector_string,omitempty"` 24 } 25 26 // AdvisoryCWEs represent the advisory pertaining to Common Weakness Enumeration. 27 type AdvisoryCWEs struct { 28 CWEID *string `json:"cwe_id,omitempty"` 29 Name *string `json:"name,omitempty"` 30 } 31 32 // AdvisoryEPSS represents the advisory pertaining to the Exploit Prediction Scoring System. 33 // 34 // For more information, see: 35 // https://github.blog/changelog/2024-10-10-epss-scores-in-the-github-advisory-database/ 36 type AdvisoryEPSS struct { 37 Percentage float64 `json:"percentage"` 38 Percentile float64 `json:"percentile"` 39 } 40 41 // DependabotSecurityAdvisory represents the GitHub Security Advisory. 42 type DependabotSecurityAdvisory struct { 43 GHSAID *string `json:"ghsa_id,omitempty"` 44 CVEID *string `json:"cve_id,omitempty"` 45 Summary *string `json:"summary,omitempty"` 46 Description *string `json:"description,omitempty"` 47 Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"` 48 Severity *string `json:"severity,omitempty"` 49 CVSS *AdvisoryCVSS `json:"cvss,omitempty"` 50 CWEs []*AdvisoryCWEs `json:"cwes,omitempty"` 51 EPSS *AdvisoryEPSS `json:"epss,omitempty"` 52 Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"` 53 References []*AdvisoryReference `json:"references,omitempty"` 54 PublishedAt *Timestamp `json:"published_at,omitempty"` 55 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 56 WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"` 57 } 58 59 // DependabotAlert represents a Dependabot alert. 60 type DependabotAlert struct { 61 Number *int `json:"number,omitempty"` 62 State *string `json:"state,omitempty"` 63 Dependency *Dependency `json:"dependency,omitempty"` 64 SecurityAdvisory *DependabotSecurityAdvisory `json:"security_advisory,omitempty"` 65 SecurityVulnerability *AdvisoryVulnerability `json:"security_vulnerability,omitempty"` 66 URL *string `json:"url,omitempty"` 67 HTMLURL *string `json:"html_url,omitempty"` 68 CreatedAt *Timestamp `json:"created_at,omitempty"` 69 UpdatedAt *Timestamp `json:"updated_at,omitempty"` 70 DismissedAt *Timestamp `json:"dismissed_at,omitempty"` 71 DismissedBy *User `json:"dismissed_by,omitempty"` 72 DismissedReason *string `json:"dismissed_reason,omitempty"` 73 DismissedComment *string `json:"dismissed_comment,omitempty"` 74 FixedAt *Timestamp `json:"fixed_at,omitempty"` 75 AutoDismissedAt *Timestamp `json:"auto_dismissed_at,omitempty"` 76 // The repository is always empty for events 77 Repository *Repository `json:"repository,omitempty"` 78 } 79 80 // DependabotAlertState represents the state of a Dependabot alert to update. 81 type DependabotAlertState struct { 82 // The state of the Dependabot alert. A dismissed_reason must be provided when setting the state to dismissed. 83 State string `json:"state"` 84 // Required when state is dismissed. A reason for dismissing the alert. 85 // Can be one of: fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk 86 DismissedReason *string `json:"dismissed_reason,omitempty"` 87 // An optional comment associated with dismissing the alert. 88 DismissedComment *string `json:"dismissed_comment,omitempty"` 89 } 90 91 // ListAlertsOptions specifies the optional parameters to the DependabotService.ListRepoAlerts 92 // and DependabotService.ListOrgAlerts methods. 93 type ListAlertsOptions struct { 94 State *string `url:"state,omitempty"` 95 Severity *string `url:"severity,omitempty"` 96 Ecosystem *string `url:"ecosystem,omitempty"` 97 Package *string `url:"package,omitempty"` 98 Scope *string `url:"scope,omitempty"` 99 Sort *string `url:"sort,omitempty"` 100 Direction *string `url:"direction,omitempty"` 101 102 ListOptions 103 ListCursorOptions 104 } 105 106 func (s *DependabotService) listAlerts(ctx context.Context, url string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) { 107 u, err := addOptions(url, opts) 108 if err != nil { 109 return nil, nil, err 110 } 111 112 req, err := s.client.NewRequest("GET", u, nil) 113 if err != nil { 114 return nil, nil, err 115 } 116 117 var alerts []*DependabotAlert 118 resp, err := s.client.Do(ctx, req, &alerts) 119 if err != nil { 120 return nil, resp, err 121 } 122 123 return alerts, resp, nil 124 } 125 126 // ListRepoAlerts lists all Dependabot alerts of a repository. 127 // 128 // GitHub API docs: https://docs.github.com/rest/dependabot/alerts#list-dependabot-alerts-for-a-repository 129 // 130 //meta:operation GET /repos/{owner}/{repo}/dependabot/alerts 131 func (s *DependabotService) ListRepoAlerts(ctx context.Context, owner, repo string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) { 132 url := fmt.Sprintf("repos/%v/%v/dependabot/alerts", owner, repo) 133 return s.listAlerts(ctx, url, opts) 134 } 135 136 // ListOrgAlerts lists all Dependabot alerts of an organization. 137 // 138 // GitHub API docs: https://docs.github.com/rest/dependabot/alerts#list-dependabot-alerts-for-an-organization 139 // 140 //meta:operation GET /orgs/{org}/dependabot/alerts 141 func (s *DependabotService) ListOrgAlerts(ctx context.Context, org string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) { 142 url := fmt.Sprintf("orgs/%v/dependabot/alerts", org) 143 return s.listAlerts(ctx, url, opts) 144 } 145 146 // GetRepoAlert gets a single repository Dependabot alert. 147 // 148 // GitHub API docs: https://docs.github.com/rest/dependabot/alerts#get-a-dependabot-alert 149 // 150 //meta:operation GET /repos/{owner}/{repo}/dependabot/alerts/{alert_number} 151 func (s *DependabotService) GetRepoAlert(ctx context.Context, owner, repo string, number int) (*DependabotAlert, *Response, error) { 152 url := fmt.Sprintf("repos/%v/%v/dependabot/alerts/%v", owner, repo, number) 153 req, err := s.client.NewRequest("GET", url, nil) 154 if err != nil { 155 return nil, nil, err 156 } 157 158 alert := new(DependabotAlert) 159 resp, err := s.client.Do(ctx, req, alert) 160 if err != nil { 161 return nil, resp, err 162 } 163 164 return alert, resp, nil 165 } 166 167 // UpdateAlert updates a Dependabot alert. 168 // 169 // GitHub API docs: https://docs.github.com/rest/dependabot/alerts#update-a-dependabot-alert 170 // 171 //meta:operation PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number} 172 func (s *DependabotService) UpdateAlert(ctx context.Context, owner, repo string, number int, stateInfo *DependabotAlertState) (*DependabotAlert, *Response, error) { 173 url := fmt.Sprintf("repos/%v/%v/dependabot/alerts/%v", owner, repo, number) 174 req, err := s.client.NewRequest("PATCH", url, stateInfo) 175 if err != nil { 176 return nil, nil, err 177 } 178 179 alert := new(DependabotAlert) 180 resp, err := s.client.Do(ctx, req, alert) 181 if err != nil { 182 return nil, resp, err 183 } 184 185 return alert, resp, nil 186 }