GraphQL API v4 - Checking whether VulnerabilityAlerts are enabled

I cannot seem to detemine whether a repository truly has no security velnerabilities or whether security alerts are disabled for the reposistory as both seem to return empty vulnerabilityAlerts.

Is there a way I can determine the difference between having no vulnerabilityAlerts vs having security alerts disabled?

query:

{
  repository(name: "example-repo", owner: "example-owner") {
    vulnerabilityAlerts(first: 10) {
      nodes {
        id
      }
    }
  }
}

response:

{
  "data": {
    "repository": {
      "vulnerabilityAlerts": {
        "nodes": []
      }
    }
  }
}
1 Like

I found this response:

https://github.community/t5/GitHub-API-Development-and/Security-vulnerability-alerts/m-p/23416/highlight/true#M1660

which led me to the endpoint in the V3 api

/repos/:owner/:repo/vulnerability-alerts

which can be used to enable and disable vulnerability-alerts. It appears a GET request will return a 204 if enabled and a 404 if not.

1 Like