-
Notifications
You must be signed in to change notification settings - Fork 1
/
get-dependabot-alerts.js
113 lines (97 loc) · 3.02 KB
/
get-dependabot-alerts.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/env node
require('dotenv').config()
const pReduce = require('./lib/p-reduce');
const delay = require('delay');
const {Octokit} = require('@octokit/rest')
const { graphql } = require("@octokit/graphql");
var buffer = ""
const [, , ...args] = process.argv
const org = args[0]
var graphqlWithAuth;
var octokit;
var base_url = ''
if (args.length > 0)
base_url = args[1]
if (base_url.length > 0)
{
graphqlWithAuth = graphql.defaults({
baseUrl: base_url + "/api",
headers: {
authorization: 'token ' + process.env.GH_AUTH_TOKEN,
},
});
octokit = new Octokit({
auth: process.env.GH_AUTH_TOKEN,
previews: ['dorian-preview'],
baseUrl: base_url + '/api/v3'
});
}
else
{
graphqlWithAuth = graphql.defaults({
headers: {
authorization: 'token ' + process.env.GH_AUTH_TOKEN,
},
});
octokit = new Octokit({
auth: process.env.GH_AUTH_TOKEN,
previews: ['dorian-preview']
});
}
console.log("org, repo, created at, dismissed at, package name, vulnerable version, severity, vulnerability id")
octokit
.paginate(octokit.repos.listForOrg, {
org: org,
})
.then(repositories =>
pReduce(repositories, (repository) => {
if (repository.archived) {
return Promise.resolve();
}
const repo = repository.name
const query = `
{
repository(name: "${repo}", owner: "${org}") {
vulnerabilityAlerts(first: 100) {
nodes {
createdAt
dismissedAt
securityVulnerability {
package {
name
}
severity
vulnerableVersionRange
advisory {
ghsaId
publishedAt
identifiers{
type
value
}
}
}
}
}
}
}`;
try {
graphqlWithAuth(query,
).then(alerts =>{
alerts.repository.vulnerabilityAlerts.nodes.forEach( (node)=>
{console.log(`${org},${repo}, ${node.createdAt,node.createdAt}, ${node.createdAt,node.dismissedAt}, ${node.securityVulnerability.package.name}, ` +
`${node.securityVulnerability.vulnerableVersionRange}, ${node.securityVulnerability.severity},` +
`${node.securityVulnerability.advisory.ghsaId}`)})
});
} catch (error) {
console.log("Request failed:", error.request);
console.log(error.message);
console.log(error.data);
}
})
)
.catch(error => {
console.error(`Getting repositories for organization ${org} failed.
${error.message} (${error.status})
${error.documentation_url}`)
})