diff --git a/src/ghastoolkit/octokit/dependabot.py b/src/ghastoolkit/octokit/dependabot.py index da50ba4..0e896aa 100644 --- a/src/ghastoolkit/octokit/dependabot.py +++ b/src/ghastoolkit/octokit/dependabot.py @@ -95,6 +95,7 @@ def getAlerts( ), advisory=advisory, purl=f"pkg:{package.get('ecosystem')}/{package.get('name')}".lower(), + manifest=alert.get("manifest_path"), ) ) diff --git a/src/ghastoolkit/octokit/dependencygraph.py b/src/ghastoolkit/octokit/dependencygraph.py index dd1dcff..6aad489 100644 --- a/src/ghastoolkit/octokit/dependencygraph.py +++ b/src/ghastoolkit/octokit/dependencygraph.py @@ -215,6 +215,8 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies: for alert in depdata.get("vulnerabilities", []): dep_alert = DependencyAlert( + depdata.get("vulnerabilities").index(alert), + "open", alert.get("severity"), purl=dep.getPurl(False), advisory=Advisory( @@ -223,6 +225,7 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies: summary=alert.get("advisory_summary"), url=alert.get("advisory_ghsa_url"), ), + manifest=alert.get("manifest"), ) dep.alerts.append(dep_alert) diff --git a/src/ghastoolkit/supplychain/dependencyalert.py b/src/ghastoolkit/supplychain/dependencyalert.py index f99381a..cc8bfd6 100644 --- a/src/ghastoolkit/supplychain/dependencyalert.py +++ b/src/ghastoolkit/supplychain/dependencyalert.py @@ -23,6 +23,9 @@ class DependencyAlert(OctoItem): created_at: Optional[str] = None """Created Timestamp""" + manifest: Optional[str] = None + """Manifest""" + def __init_post__(self): if not self.created_at: self.created_at = datetime.now().strftime("%Y-%m-%dT%XZ")