search

turbot / steampipe-plugin-github

Use SQL to instantly query repositories, users, gists and more from GitHub. Open source CLI. No DB required.
https://hub.steampipe.io/plugins/turbot/github
Apache License 2.0
74 stars 30 forks source link

Add table github_repository_vulnerability_alert #310

Closed graza-io closed 1 year ago

graza-io commented 1 year ago

References This is a child nestable object on repository. GraphQL Docs

Once in place, this can be used to extend the security reports in the GitHub mods.

Quick Example

Note: Not all available fields are included in the below example but it's designed to give a reference point.

query { 
  repository(owner:"turbot", name:"steampipe") {
    nameWithOwner,
    hasVulnerabilityAlertsEnabled,
    vulnerabilityAlerts(first:100) {
      pageInfo {hasNextPage,endCursor}
      totalCount
      nodes{
        id,
        fixedAt,
        vulnerableManifestPath,
        securityAdvisory {
          cvss {
            vectorString, 
            score
          },
          classification,
          description
        },
        securityVulnerability {
          package { 
            name, 
            ecosystem 
          }
        }
      }
    }
  }
}