API To create security alert

I am running a tool similar to gitleaks and git secrets that finds secrets in our repositories. It would be great if i could create a security alert with the findings. However, upon searching the API docs i am unable to find the API documentation for creating these Security Alerts. Am I missing something?

Thanks

-winn

1 Like

There currently isn’t an API to create security advisories or alerts since the advisories are being brought in from specific sources. The best solution I can think of for what you’re describing is to open an issue on the repository to notify them of the problem. If you’re concerned about pointing nefarious individuals straight at the open hole, you could perhaps post a link to a website you control that only allows the owners of the repository to see the information?

Let us know if you have more questions.

I’m running into a variant of this same absence when it comes to the API.

For example, here is the documentation on manually creating a security advisory:

There is this note:

Note: If you are a security researcher, you should directly contact maintainers to ask them to create security advisories or issue CVEs on your behalf in repositories that you don’t administer.

I’d like to create tooling so that if someone submits an email or a form through a portal, that we can use the API to create the draft of a security advisory automatically. Is there a way to open a feature request on this, or see whether the GitHub API has a roadmap including managing security advisories?

@lee-dohm I’m wondering whether you have insight into progress on this since the initial post in 2019? And whether there is a way to open a feature request for opening a security advisory draft via the API to achieve the intended goal, or is there a way to see whether the GitHub API has a roadmap including managing security advisories?

I see some other items related to security advisories, but not any expansion related to the APIs, on the GitHub roadmap repo:

Is my best bet to use the following: