Merge pull request #232 from Killklli/main

Update mappings to repair failing alert creation and matching dependancies

Author: GeekMasher

src/ghastoolkit/octokit/dependabot.py

@@ -95,6 +95,7 @@ def getAlerts(
                         ),
                         advisory=advisory,
                         purl=f"pkg:{package.get('ecosystem')}/{package.get('name')}".lower(),
+                        manifest=alert.get("manifest_path"),
                     )
                 )
 

src/ghastoolkit/octokit/dependencygraph.py

@@ -215,6 +215,8 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies:
 
             for alert in depdata.get("vulnerabilities", []):
                 dep_alert = DependencyAlert(
+                    depdata.get("vulnerabilities").index(alert),
+                    "open",
                     alert.get("severity"),
                     purl=dep.getPurl(False),
                     advisory=Advisory(
@@ -223,6 +225,7 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies:
                         summary=alert.get("advisory_summary"),
                         url=alert.get("advisory_ghsa_url"),
                     ),
+                    manifest=alert.get("manifest"),
                 )
                 dep.alerts.append(dep_alert)
 

src/ghastoolkit/supplychain/dependencyalert.py

@@ -23,6 +23,9 @@ class DependencyAlert(OctoItem):
     created_at: Optional[str] = None
     """Created Timestamp"""
 
+    manifest: Optional[str] = None
+    """Manifest"""
+
     def __init_post__(self):
         if not self.created_at:
             self.created_at = datetime.now().strftime("%Y-%m-%dT%XZ")