vuls: github.com/future-architect/vuls/github Index | Files

package github

import "github.com/future-architect/vuls/github"

Index

Package Files

github.go

func FillGitHubSecurityAlerts Uses

func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (nCVEs int, err error)

FillGitHubSecurityAlerts access to owner/repo on GitHub and fetch scurity alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult. https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/

type SecurityAlerts Uses

type SecurityAlerts struct {
    Data struct {
        Repository struct {
            URL                 string `json:"url"`
            VulnerabilityAlerts struct {
                PageInfo struct {
                    EndCursor   string `json:"endCursor"`
                    HasNextPage bool   `json:"hasNextPage"`
                    StartCursor string `json:"startCursor"`
                }   `json:"pageInfo"`
                Edges []struct {
                    Node struct {
                        ID                    string    `json:"id"`
                        DismissReason         string    `json:"dismissReason"`
                        DismissedAt           time.Time `json:"dismissedAt"`
                        SecurityVulnerability struct {
                            Package struct {
                                Name      string `json:"name"`
                                Ecosystem string `json:"ecosystem"`
                            }   `json:"package"`
                            Severity               string `json:"severity"`
                            VulnerableVersionRange string `json:"vulnerableVersionRange"`
                            FirstPatchedVersion    struct {
                                Identifier string `json:"identifier"`
                            }   `json:"firstPatchedVersion"`
                        }   `json:"securityVulnerability"`
                        SecurityAdvisory struct {
                            Description string    `json:"description"`
                            GhsaID      string    `json:"ghsaId"`
                            Permalink   string    `json:"permalink"`
                            PublishedAt time.Time `json:"publishedAt"`
                            Summary     string    `json:"summary"`
                            UpdatedAt   time.Time `json:"updatedAt"`
                            WithdrawnAt time.Time `json:"withdrawnAt"`
                            Origin      string    `json:"origin"`
                            Severity    string    `json:"severity"`
                            References  []struct {
                                URL string `json:"url"`
                            }   `json:"references"`
                            Identifiers []struct {
                                Type  string `json:"type"`
                                Value string `json:"value"`
                            }   `json:"identifiers"`
                        }   `json:"securityAdvisory"`
                    } `json:"node"`
                }   `json:"edges"`
            }   `json:"vulnerabilityAlerts"`
        } `json:"repository"`
    } `json:"data"`
}

SecurityAlerts has detected CVE-IDs, PackageNames, Refs

Package github imports 11 packages (graph) and is imported by 2 packages. Updated 2020-07-03. Refresh now. Tools for package owners.