Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

figure out how to get vulnerability alerts (dependabot) from github graphQL API (https://docs.github.com/en/graphql/reference/objects#repositoryvulnerabilityalert) #4

Open
mimoo opened this issue Jan 26, 2021 · 1 comment
Open

figure out how to get vulnerability alerts (dependabot) from github graphQL API (https://docs.github.com/en/graphql/reference/objects#repositoryvulnerabilityalert) #4

mimoo opened this issue Jan 26, 2021 · 1 comment
Projects
whackadep

Comments

@mimoo
Copy link
Contributor

mimoo commented Jan 26, 2021

I don't think it's possible actually... They have this permission when you install an app, but I couldn't find the API.

Another way to obtain dep info could be to simply run dependabot ourselves (it's ruby though)
@mimoo mimoo created this issue from a note in whackadep (To do) Jan 26, 2021
@mimoo mimoo moved this from To do to risk engine in whackadep Feb 2, 2021
@nasifimtiazohi
Copy link
Contributor

It's available through GraphQL API, here's a script for that, however Dependabot only used to send alerts on direct dependency when I checked last time - here's an issue in their repository on that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
whackadep
risk engine
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mimoo @nasifimtiazohi