Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 2
Message 1 of 11

Security vulnerability alerts

Solved! Go to Solution.

Hi,

I need to update my organization repositories and I have like 130 repos.

I need each of them(the repos) to alert his owners about vulnerability alerts.

There is a way to do this by script? automatically? or the only way is to do this manually?

 

10 Replies
Solution
Community Manager
Message 2 of 11

Re: Security vulnerability alerts

Hi @sapirshloush

 

There isn't currently an endpoint for switching on Vulnerability Alerts but it is something we're looking into implementing.

 

For the moment, enabling Vulnerability Alerts is only available via the UI at the repository level.

 

We'll pass your feedback onto the team to make sure they're aware of your use case. I can't promise if or when we'll add an API endpoint for enabling alerts but we'll make sure the request is in the right hands.

 

Cheers!

Thanks for being here, sharing, and keeping our community awesome!
Best,
AndreaG

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!

Copilot Lvl 2
Message 3 of 11

Re: Security vulnerability alerts

Yehaa that's great, I was also looking for this! Thanks

Ground Controller Lvl 2
Message 4 of 11

Re: Security vulnerability alerts

Dependency Graph API in GraphQL enables you to retrieve information about a repository's dependency graph. But that's not all; GH has added a lightweight Repository Vulnerability Alerts API in GraphQL so you can get your security alerts through the API. You can stay up-to-date with the most recent changes using a webhooks that trigger when alerts are created, dismissed, or resolved.

Repository Vulnerability Alerts Webhooks

introduced a new webhook event for repositories called repository_vulnerability_alert. You can get webhooks for create, dismiss, and resolve actions.

Thanks
WordPress Security Advisor
wp hacked help
Ground Controller Lvl 1
Message 5 of 11

Re: Security vulnerability alerts

Yes very interested in this too, to add some automation into our pipeline and this is much quicker as the scan is already done on commit. Our current process of scanning these in our build pipeline make it quite slow

Ground Controller Lvl 1
Message 6 of 11

Re: Security vulnerability alerts

+1, would also really like to be able to turn on Vulnerability Alerts via the API.

Ground Controller Lvl 1
Message 7 of 11

Re: Security vulnerability alerts

Is there any way I can just delete all changed in my device to be normal again... It's been a nightmare
Copilot Lvl 2
Message 8 of 11

Re: Security vulnerability alerts

First, it's surprising that GitHub, an API-first company has this in the UI but not the API.

Secondly, it's surprising that you have fleshed out, to a great extent, the various advanced APIs around the vulnerabilites but not a single API to simply just enable them?

 

This feature came out almost a year ago. Many of us need things like this as APIs  in order to automate them. Especially those of us larger clients with 1000+ repos. We can't turn this feature on manually each time.

 

Can we get this fix bumped up in the roadmap?

Community Manager
Message 9 of 11

Re: Security vulnerability alerts

Hi @iDVB,

 

The endpoint to enable or disable security vulnerabilities was recently released on GitHub.com. It should also make it into GitHub Enterprise in one of the next feature releases.

 

Hope that helps!

Ground Controller Lvl 1
Message 10 of 11

Re: Security vulnerability alerts

Is there any way I can simply erase all changed in my gadget to be typical once more... It's been a bad dream. Our present procedure of checking these in our fabricate pipeline make it very moderate