I need to update my organization repositories and I have like 130 repos.
I need each of them(the repos) to alert his owners about vulnerability alerts.
There is a way to do this by script? automatically? or the only way is to do this manually?
Solved! Solved! Go to Solution.
There isn't currently an endpoint for switching on Vulnerability Alerts but it is something we're looking into implementing.
For the moment, enabling Vulnerability Alerts is only available via the UI at the repository level.
We'll pass your feedback onto the team to make sure they're aware of your use case. I can't promise if or when we'll add an API endpoint for enabling alerts but we'll make sure the request is in the right hands.
Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!
Dependency Graph API in GraphQL enables you to retrieve information about a repository's dependency graph. But that's not all; GH has added a lightweight Repository Vulnerability Alerts API in GraphQL so you can get your security alerts through the API. You can stay up-to-date with the most recent changes using a webhooks that trigger when alerts are created, dismissed, or resolved.
Repository Vulnerability Alerts Webhooks
introduced a new webhook event for repositories called repository_vulnerability_alert. You can get webhooks for create, dismiss, and resolve actions.
Yes very interested in this too, to add some automation into our pipeline and this is much quicker as the scan is already done on commit. Our current process of scanning these in our build pipeline make it quite slow
First, it's surprising that GitHub, an API-first company has this in the UI but not the API.
Secondly, it's surprising that you have fleshed out, to a great extent, the various advanced APIs around the vulnerabilites but not a single API to simply just enable them?
This feature came out almost a year ago. Many of us need things like this as APIs in order to automate them. Especially those of us larger clients with 1000+ repos. We can't turn this feature on manually each time.
Can we get this fix bumped up in the roadmap?
The endpoint to enable or disable security vulnerabilities was recently released on GitHub.com. It should also make it into GitHub Enterprise in one of the next feature releases.
Hope that helps!
Is there any way I can simply erase all changed in my gadget to be typical once more... It's been a bad dream. Our present procedure of checking these in our fabricate pipeline make it very moderate