github-dependabot-alerts
Get dependabot alerts from GitHub service.
github-dependabot-alerts [profile=PROFILE]
- profile=PROFILE
- GitHub connect profile code
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Connect profile | GitHub connect profile code. |
| id | Long | Alert ID | |
| severity | String | Severity | e.g. low, medium, high, critical |
| repo_name | String | Repository name | e.g. octocat/Hello-World |
| summary | String | Summary | A short, plain text summary of the advisory. |
| state | String | State | e.g. open, fixed, dismissed, auto_dismissed |
| scope | String | Scope | e.g. development, runtime |
| package_ecosystem | String | Package ecosystem | e.g. maven, npm, pip, rubygems |
| package_name | String | Package name | e.g. log4j:log4j |
| manifest_path | String | Manifest path | e.g. pom.xml |
| cve_id | String | CVE ID | e.g. CVE-2021-4104 |
| cvss_v3_score | Double | CVSS v3 score | e.g. 7.5 |
| cvss_v3_vector | String | CVSS v3 vector | e.g. CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| ghsa_id | String | GHSA ID | e.g. GHSA-269g-pwp5-87pp |
| description | String | Description | |
| is_private_repo | Bool | Is private repository | |
| published_at | Date | Published time | e.g. 2021-12-15 04:49:31+0900 |
| created_at | Date | Created time | e.g. 2023-04-17 13:21:47+0900 |
| updated_at | Date | Updated time | e.g. 2023-04-17 13:21:47+0900 |
| fixed_at | Date | Fixed time | 2023-05-01 15:22:23+0900 |
| dismissed_by | String | Dismissed by | e.g. octocat |
| dismissed_reason | String | Dismissed reason | e.g. fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk |
| dismissed_at | Date | Dismissed time | |
| dismissed_comment | String | Dismissed comment | |
| auto_dismissed_at | Date | Auto dismissed time |