GeekMasher · GeekMasher · Jul 21, 2024 · Jun 24, 2024 · Jun 24, 2024 · Jun 25, 2024
diff --git a/src/ghastoolkit/octokit/dependabot.py b/src/ghastoolkit/octokit/dependabot.py
@@ -95,6 +95,7 @@ def getAlerts(
                         ),
                         advisory=advisory,
                         purl=f"pkg:{package.get('ecosystem')}/{package.get('name')}".lower(),
+                        manifest=alert.get("manifest_path"),
                     )
                 )
 
@@ -148,4 +149,4 @@ def getAlertsGraphQL(self) -> list[DependencyAlert]:
             self.graphql.cursor = alerts.get("pageInfo", {}).get("endCursor", "")
 
         logger.debug(f"Number of Dependabot Alerts :: {len(results)}")
-        return results
+        return results
diff --git a/src/ghastoolkit/octokit/dependencygraph.py b/src/ghastoolkit/octokit/dependencygraph.py
@@ -215,6 +215,8 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies:
 
             for alert in depdata.get("vulnerabilities", []):
                 dep_alert = DependencyAlert(
+                    depdata.get("vulnerabilities").index(alert),
+                    "open",
                     alert.get("severity"),
                     purl=dep.getPurl(False),
                     advisory=Advisory(
@@ -223,6 +225,7 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies:
                         summary=alert.get("advisory_summary"),
                         url=alert.get("advisory_ghsa_url"),
                     ),
+                    manifest=alert.get("manifest"),
                 )
                 dep.alerts.append(dep_alert)
 
@@ -260,4 +263,4 @@ def submitSbom(self, sbom: dict[Any, Any]):
             "/repos/{owner}/{repo}/dependency-graph/snapshots",
             sbom,
             expected=201,
-        )
+        )
diff --git a/src/ghastoolkit/supplychain/dependencies.py b/src/ghastoolkit/supplychain/dependencies.py
@@ -51,7 +51,7 @@ def getPurl(self, version: bool = True) -> str:
         if self.manager:
             result += f"{self.manager.lower()}/"
         if self.namespace:
-            result += f"{self.namespace}/"
+            result += f"{self.namespace}:"
         result += f"{self.name}"
         if version and self.version:
             result += f"@{self.version}"
@@ -231,4 +231,4 @@ def updateDependency(self, dependency: Dependency):
     def updateDependencies(self, dependencies: "Dependencies"):
         """Update a list of dependencies."""
         for dep in dependencies:
-            self.updateDependency(dep)
+            self.updateDependency(dep)
diff --git a/src/ghastoolkit/supplychain/dependencyalert.py b/src/ghastoolkit/supplychain/dependencyalert.py
@@ -23,6 +23,9 @@ class DependencyAlert(OctoItem):
     created_at: Optional[str] = None
     """Created Timestamp"""
 
+    manifest: Optional[str] = None
+    """Manifest"""
+
     def __init_post__(self):
         if not self.created_at:
             self.created_at = datetime.now().strftime("%Y-%m-%dT%XZ")
@@ -36,4 +39,4 @@ def createdAt(self) -> Optional[datetime]:
             return datetime.strptime(self.created_at, "%Y-%m-%dT%XZ")
 
     def __str__(self) -> str:
-        return f"DependencyAlert({self.advisory.ghsa_id}, {self.severity})"
+        return f"DependencyAlert({self.advisory.ghsa_id}, {self.severity})"