Skip to content

Update mappings to repair failing alert creation and matching dependancies #232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jul 21, 2024
Merged

Update mappings to repair failing alert creation and matching dependancies #232

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
ae2a681
Update dependencygraph.py
Killklli Jun 24, 2024
e438e19
add supporting requirements to pass dependabot locations via mappings
Killklli Jun 24, 2024
787a9bf
Merge branch 'main' into main
GeekMasher Jun 25, 2024
846fc69
Update dependencies.py
Killklli Jun 25, 2024
fe2ae67
Merge branch 'main' of https://github.com/Killklli/ghastoolkit
Killklli Jun 25, 2024
a13f330
Revert "Update dependencies.py"
Killklli Jun 25, 2024
594287d
Merge branch 'main' into main
GeekMasher Jul 21, 2024
93cccc4
fix: Revert getPurl change
GeekMasher Jul 21, 2024
4aa0c1b
Merge branch 'main' into main
GeekMasher Jul 21, 2024
864ac1a
style: Reformat using Black
GeekMasher Jul 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/ghastoolkit/octokit/dependabot.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ def getAlerts(
),
advisory=advisory,
purl=f"pkg:{package.get('ecosystem')}/{package.get('name')}".lower(),
manifest=alert.get("manifest_path"),
)
)

Expand Down
3 changes: 3 additions & 0 deletions src/ghastoolkit/octokit/dependencygraph.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,8 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies:

for alert in depdata.get("vulnerabilities", []):
dep_alert = DependencyAlert(
depdata.get("vulnerabilities").index(alert),
"open",
alert.get("severity"),
purl=dep.getPurl(False),
advisory=Advisory(
Expand All @@ -223,6 +225,7 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies:
summary=alert.get("advisory_summary"),
url=alert.get("advisory_ghsa_url"),
),
manifest=alert.get("manifest"),
)
dep.alerts.append(dep_alert)

Expand Down
3 changes: 3 additions & 0 deletions src/ghastoolkit/supplychain/dependencyalert.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ class DependencyAlert(OctoItem):
created_at: Optional[str] = None
"""Created Timestamp"""

manifest: Optional[str] = None
"""Manifest"""

def __init_post__(self):
if not self.created_at:
self.created_at = datetime.now().strftime("%Y-%m-%dT%XZ")
Expand Down