Security vulnerability alerts #24766
-
Hi, I need to update my organization repositories and I have like 130 repos. I need each of them(the repos) to alert his owners about vulnerability alerts. There is a way to do this by script? automatically? or the only way is to do this manually? |
Beta Was this translation helpful? Give feedback.
Replies: 11 comments 1 reply
-
There isn’t currently an endpoint for switching on Vulnerability Alerts but it is something we’re looking into implementing. For the moment, enabling Vulnerability Alerts is only available via the UI at the repository level. We’ll pass your feedback onto the team to make sure they’re aware of your use case. I can’t promise if or when we’ll add an API endpoint for enabling alerts but we’ll make sure the request is in the right hands. Cheers! |
Beta Was this translation helpful? Give feedback.
-
Yes very interested in this too, to add some automation into our pipeline and this is much quicker as the scan is already done on commit. Our current process of scanning these in our build pipeline make it quite slow |
Beta Was this translation helpful? Give feedback.
-
+1, would also really like to be able to turn on Vulnerability Alerts via the API. |
Beta Was this translation helpful? Give feedback.
-
First, it’s surprising that GitHub, an API-first company has this in the UI but not the API. Secondly, it’s surprising that you have fleshed out, to a great extent, the various advanced APIs around the vulnerabilites but not a single API to simply just enable them? This feature came out almost a year ago. Many of us need things like this as APIs in order to automate them. Especially those of us larger clients with 1000+ repos. We can’t turn this feature on manually each time. Can we get this fix bumped up in the roadmap? |
Beta Was this translation helpful? Give feedback.
-
Hi @idvb, The endpoint to enable or disable security vulnerabilities was recently released on GitHub.com. It should also make it into GitHub Enterprise in one of the next feature releases. Hope that helps! |
Beta Was this translation helpful? Give feedback.
-
Dependency Graph API in GraphQL enables you to retrieve information about a repository’s dependency graph. But that’s not all; GH has added a lightweight Repository Vulnerability Alerts API in GraphQL so you can get your security alerts through the API. You can stay up-to-date with the most recent changes using a webhooks that trigger when alerts are created, dismissed, or resolved. Repository Vulnerability Alerts Webhooks introduced a new webhook event for repositories called repository_vulnerability_alert. You can get webhooks for create, dismiss, and resolve actions. |
Beta Was this translation helpful? Give feedback.
-
Is there any way I can simply erase all changed in my gadget to be typical once more… It’s been a bad dream. Our present procedure of checking these in our fabricate pipeline make it very moderate |
Beta Was this translation helpful? Give feedback.
-
Hi @ramotto, I’m sorry, I’m not exactly sure what you’re asking. Could you perhaps rephrase your question? Thanks! |
Beta Was this translation helpful? Give feedback.
-
Do I understand correctly that granting access to security alerts to teams on a repository level (i.e. that you can configure from the UI under repository settings/Security alerts) is not exposed in the API? I understand that enabling security alerts is, as well as you can get notified of alerts via the API but what if I’d like to grant access to the alerts for the team maintaining the repo? Thank you! |
Beta Was this translation helpful? Give feedback.
-
Hi Team, Does some one has the updated Graphql query to fetch the details regarding the vulnerabilities in the repository using graphql queries. |
Beta Was this translation helpful? Give feedback.
-
{ Alternatively, you can explore your options here: Explorer - GitHub Docs |
Beta Was this translation helpful? Give feedback.
Hi @sapirshloush
There isn’t currently an endpoint for switching on Vulnerability Alerts but it is something we’re looking into implementing.
For the moment, enabling Vulnerability Alerts is only available via the UI at the repository level.
We’ll pass your feedback onto the team to make sure they’re aware of your use case. I can’t promise if or when we’ll add an API endpoint for enabling alerts but we’ll make sure the request is in the right hands.
Cheers!