vuls: Index | Files

package github

import ""


Package Files


func DetectGitHubSecurityAlerts Uses

func DetectGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (nCVEs int, err error)

DetectGitHubSecurityAlerts access to owner/repo on GitHub and fetch security alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult. TODO move to report

type SecurityAlerts Uses

type SecurityAlerts struct {
    Data struct {
        Repository struct {
            URL                 string `json:"url"`
            VulnerabilityAlerts struct {
                PageInfo struct {
                    EndCursor   string `json:"endCursor"`
                    HasNextPage bool   `json:"hasNextPage"`
                    StartCursor string `json:"startCursor"`
                }   `json:"pageInfo"`
                Edges []struct {
                    Node struct {
                        ID                    string    `json:"id"`
                        DismissReason         string    `json:"dismissReason"`
                        DismissedAt           time.Time `json:"dismissedAt"`
                        SecurityVulnerability struct {
                            Package struct {
                                Name      string `json:"name"`
                                Ecosystem string `json:"ecosystem"`
                            }   `json:"package"`
                            Severity               string `json:"severity"`
                            VulnerableVersionRange string `json:"vulnerableVersionRange"`
                            FirstPatchedVersion    struct {
                                Identifier string `json:"identifier"`
                            }   `json:"firstPatchedVersion"`
                        }   `json:"securityVulnerability"`
                        SecurityAdvisory struct {
                            Description string    `json:"description"`
                            GhsaID      string    `json:"ghsaId"`
                            Permalink   string    `json:"permalink"`
                            PublishedAt time.Time `json:"publishedAt"`
                            Summary     string    `json:"summary"`
                            UpdatedAt   time.Time `json:"updatedAt"`
                            WithdrawnAt time.Time `json:"withdrawnAt"`
                            Origin      string    `json:"origin"`
                            Severity    string    `json:"severity"`
                            References  []struct {
                                URL string `json:"url"`
                            }   `json:"references"`
                            Identifiers []struct {
                                Type  string `json:"type"`
                                Value string `json:"value"`
                            }   `json:"identifiers"`
                        }   `json:"securityAdvisory"`
                    } `json:"node"`
                }   `json:"edges"`
            }   `json:"vulnerabilityAlerts"`
        } `json:"repository"`
    } `json:"data"`

SecurityAlerts has detected CVE-IDs, PackageNames, Refs

Package github imports 11 packages (graph) and is imported by 2 packages. Updated 2021-01-21. Refresh now. Tools for package owners.