search

splunk / github_app_for_splunk

A collection of dashboards and knowledge objects for Github data
MIT License
32 stars 25 forks source link

Repository Vulnerability Alert webhook is Deprecated and being Removed #68

Open mhamill2 opened 11 months ago

mhamill2 commented 11 months ago

Describe the bug The Repository Vulnerability Webhook is deprecated. Although it doesn't seem to have happened yet, the webhook was/is planned to be removed in 2023: https://github.blog/changelog/2022-10-06-new-dependabot-alerts-webhook

There is a new "Dependabot Alert" webhook that replaces the old Repository Vulnerability Alert hook. The app should be updated to support this new webhook. Currently, the data doesn't show up in the dashboards. The records that come into Splunk get tagged with CodeScanning as the eventtype and there are new actions that should be supported as well with this new hook:

Screenshot 2023-12-11 at 8 43 09 AM

To Reproduce Steps to reproduce the behavior:

  1. Configure GitHub to send Dependabot Alert webhooks to Splunk
  2. See that they are not shown in the dependabot dashboards

Expected behavior The app should support the Dependabot alert webhook in place of the repository vulnerability alerts hook.

Screenshots N/A

Desktop (please complete the following information):

Additional context N/A

leftrightleft commented 11 months ago

Thanks for brining this up, @mhamill2 ! I'll get on a fix early in the new year.