I’m looking to create a GitHub Action to open an issue when a vulnerability alert (dependency alert) is posted to the repository.
Is there a way to trigger a GitHub Action when a security alert is posted? I’ve reviewed the Events that Trigger Workflows and there doesn’t appear to be anything related to security events.
This is currently accessible via the GraphQL API. https://developer.github.com/v4/object/repository/#vulnerabilityalerts
So, the only option right now is to schedule the GitHub Action to run daily that would access the API to see if there are any open security alerts and open the issue if it hasn’t already been opened. Ideally, this would be kicked off as soon as there is a vulnerability posted.
Any help here would be appreciated. Thanks!