fetch-metadata icon indicating copy to clipboard operation
fetch-metadata copied to clipboard
verified publisher icon dependabot

fetch all vulnerability alerts

Open robrat opened this issue 5 months ago • 0 comments

Fetch all security alerts of a repository. Fixes dependabot/fetch-metadata#542

Also slightly adjusted the find check for the security nodes because I had e.g. something like this in the result list (note the missing = in front of the version of vulnerableRequirements):

{
  "vulnerableManifestFilename": "yarn.lock",
  "vulnerableManifestPath": "cypress/yarn.lock",
  "vulnerableRequirements": "4.4.0",
  "state": "OPEN",
  "securityVulnerability": {
    "package": {
      "name": "terser"
    }
  },
  "securityAdvisory": {
    "cvss": {
      "score": 7.5
    },
    "ghsaId": "GHSA-4wf5-vphf-c2xc"
  }
}

robrat avatar Jul 16 '25 10:07 robrat