问题描述
如何通过 GitHub API 获取 https://github.com/{user}/{repo}/security/dependabot?page=1&q=is%3Aopen 上可用的依赖机器人警报列表?
我搜索了 the documentation,但没有找到任何内容。
谢谢!
解决方法
此 RepositoryVulnerabilityAlert 对象可用于 Graphql API。
例如,对于特定存储库,您可以通过以下查询获取所有警报(在 the explorer 中查看):
{
repository(name: "repo-name",owner: "repo-owner") {
vulnerabilityAlerts(first: 100) {
nodes {
createdAt
dismissedAt
securityVulnerability {
package {
name
}
advisory {
description
}
}
}
}
}
}
它还返回可以使用 dismissedAt 字段发现的已解除警报。但似乎没有办法只过滤“活动”警报
示例输出:
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"createdAt": "2018-03-05T19:13:26Z","dismissedAt": null,"securityVulnerability": {
"package": {
"name": "moment"
},"advisory": {
"description": "Affected versions of `moment` are vulnerable to a low severity regular expression denial of service when parsing dates as strings.\n\n\n## Recommendation\n\nUpdate to version 2.19.3 or later."
}
}
},....
]
}
}
}
}