GraphQL permissions for applications - SecurityAlerts

Hi,

I have a Github app that queries:
organization → repositories → vulnerabilityAlerts.

query { 
  organization(login: "myOrg") { 
    repositories(first: 20, orderBy: {field:NAME, direction:ASC}, after:null) {
      nodes {
        name,
        vulnerabilityAlerts (first: 100, after:null, states:[OPEN]) {
          nodes {
            securityVulnerability {
            	severity
            }
            state
          }
          totalCount
        }
      },
      pageInfo {
        hasNextPage,
        endCursor
      },
      totalCount
    }
  }
}

This works fine with a personal access token (via explorer) but fails when authed as a Github application with very abstract “Resource not accessible by integration” error.

Is there a specific permission I can grant my application to have access to this resource, or does this endpoint not work for apps at all?

1 Like