GraphQL API v4 - Accessing RepositoryVulnerabilityAlert #24413
-
So I’m trying to access the GraphQL API v4 as such:
And I keep receiving:
What am I doing wrong? |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
Hey @sgript! I see a few mistakes in your script, both in the GraphQL query you’re running, as well as in how you’re running it. The GraphQL Query that you want in order to list repository vulnerability alerts off of a single repo should look something like this:
In addition, it looks like you’re passing the wrong data in with
You’ll have to change the owner and the name to the Repository owner and name that you’re trying to look up, but I think this should work! Let me know! |
Beta Was this translation helpful? Give feedback.
-
Hi @nickvanw ! Thanks for your prompt response, I appreciate it. I’ve used the code suggested and added in the variables assigned to
It’s worth stating that the repository I’m trying to target is apart of a team and hence I’ve passed the team’s name as the value assigned to the And I’ve simply assigned We’ve checked and we definitely have vulnerability alerts listed. Any ideas as to why it may be returning blank would be very welcome! |
Beta Was this translation helpful? Give feedback.
-
An update on this @nickvanw It seems to have been a permissions issue - in order to run this particular call, I needed to be listed as the owner of the repository. After having a colleague try to run the script (who happened to be the owner of the repository), with their bearer token, some results were returned. Thank you for your help! |
Beta Was this translation helpful? Give feedback.
-
This is a helpful thread, but I’m wondering how to use the id returned. The suggested code returns a list of nodes with base64 enconded ids like this: {“data”:{“repository”:{“vulnerabilityAlerts”: {“edges”:[ {“node”:{“id”:"<redacted base64 string here>"}}, {“node”:{“id”:"<redacted base64 string here>"}}, {“node”:{“id”:"<redacted base64 string here>"}} ]} }}} How can I use that to get the information from the alert such as the severity, desciption, summary, and other fields listed https://developer.github.com/v4/object/securityadvisory/#connections? I’m new to graphQL so thanks for bearing with! |
Beta Was this translation helpful? Give feedback.
Hey @sgript!
I see a few mistakes in your script, both in the GraphQL query you’re running, as well as in how you’re running it.
The GraphQL Query that you want in order to list repository vulnerability alerts off of a single repo should look something like this:
In addition, it looks like you’re passing the wrong data in with
data=json.dumps(payload)
, which seems to be a variable that only has some headers in it. I went ahead and made the changes, and I think this shoud work: