Add a filter by Advisory Severity

kunalnagarco / action-cve

A GitHub action that sends Dependabot Vulnerability Alerts to Slack, PagerDuty, Zenduty, Microsoft Teams.

https://github.com/marketplace/actions/check-cve

MIT License

20 stars 20 forks source link

Add a filter by Advisory Severity #144

Closed joris974 closed 5 months ago

joris974 commented 5 months ago

Could there be an optional parameter to notify only on a given set of Advisory Severity?

with:
    github-token: ...
    severities: |
      HIGH
      CRITICAL

Something like this

export const filterAlertsByAdvisorySeverity = (
  alerts: Alert[],
  severities: AdvisorySeverity[],
) => {
  if (severities.length === 0) {
    return alerts;
  }
  return alerts.filter((alert) =>
    alert.advisory !== undefined
      ? severities.includes(alert.advisory.severity)
      : true
  );
};

kunalnagar commented 5 months ago

@joris974 - this sounds great. I saw your PR and I think we can do better by switching to the REST API which allows us to filter by severity instead of client-side filtering.

I'm working on a PR for the same: https://github.com/kunalnagarco/action-cve/pull/151

kunalnagar commented 5 months ago

Resolved by #151

joris974 commented 5 months ago

Looks great. Thank you @kunalnagar