Skip to content

Commit 5e32fd5

Browse files
authored
Support GitHub dependabot_alert event (#164)
- [dependabot_alert event reference](https://docs.github.com/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#dependabot_alert) - [The alert used to generate test data](https://github.com/H1rono/todo-app-backend/security/dependabot/1)
1 parent 7647123 commit 5e32fd5

File tree

4 files changed

+472
-0
lines changed

4 files changed

+472
-0
lines changed

github/github.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ const (
3333
CommitCommentEvent Event = "commit_comment"
3434
CreateEvent Event = "create"
3535
DeleteEvent Event = "delete"
36+
DependabotAlertEvent Event = "dependabot_alert"
3637
DeployKeyEvent Event = "deploy_key"
3738
DeploymentEvent Event = "deployment"
3839
DeploymentStatusEvent Event = "deployment_status"
@@ -196,6 +197,10 @@ func (hook Webhook) Parse(r *http.Request, events ...Event) (interface{}, error)
196197
var pl DeletePayload
197198
err = json.Unmarshal([]byte(payload), &pl)
198199
return pl, err
200+
case DependabotAlertEvent:
201+
var pl DependabotAlertPayload
202+
err = json.Unmarshal([]byte(payload), &pl)
203+
return pl, err
199204
case DeploymentEvent:
200205
var pl DeploymentPayload
201206
err = json.Unmarshal([]byte(payload), &pl)

github/github_test.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -183,6 +183,16 @@ func TestWebhooks(t *testing.T) {
183183
"X-Hub-Signature": []string{"sha1=4ddef04fd05b504c7041e294fca3ad1804bc7be1"},
184184
},
185185
},
186+
{
187+
name: "DependabotAlertEvent",
188+
event: DependabotAlertEvent,
189+
typ: DependabotAlertPayload{},
190+
filename: "../testdata/github/dependabot_alert.json",
191+
headers: http.Header{
192+
"X-Github-Event": []string{"dependabot_alert"},
193+
"X-Hub-Signature": []string{"sha1=ce6a2bc876463a8b3b492399302bf316e1af7a21"},
194+
},
195+
},
186196
{
187197
name: "DeployKeyEvent",
188198
event: DeployKeyEvent,

github/payload.go

Lines changed: 207 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -769,6 +769,213 @@ type DeletePayload struct {
769769
} `json:"sender"`
770770
}
771771

772+
// DependabotAlertPayload contains the information for GitHub's dependabot_alert hook event
773+
type DependabotAlertPayload struct {
774+
Action string `json:"action"` // "created", "dissmissed", "fixed", "reintroduced", "reopened"
775+
Alert struct {
776+
Number uint32 `json:"number"`
777+
State string `json:"state"` // "dissmissed", "fixed", "open"
778+
Dependency struct {
779+
Package struct {
780+
Ecosystem string `json:"ecosystem"`
781+
Name string `json:"name"`
782+
} `json:"package"`
783+
ManifestPath string `json:"manifest_path"`
784+
Scope string `json:"scope"` // "development", "runtime", null
785+
} `json:"dependency"`
786+
SecurityAdvisory struct {
787+
GHSAID string `json:"ghsa_id"`
788+
CVEID string `json:"cve_id"`
789+
Summary string `json:"summary"`
790+
Description string `json:"description"`
791+
Vulnerabilities []struct {
792+
Package struct {
793+
Ecosystem string `json:"ecosystem"`
794+
Name string `json:"name"`
795+
} `json:"package"`
796+
Severity string `json:"severity"` // "low", "midium", "high", "critical"
797+
VulnerableVersionRange string `json:"vulnerable_version_range"`
798+
FirstPatchedVersion struct {
799+
Identifier string `json:"identifier"`
800+
} `json:"first_patched_version"`
801+
} `json:"vulnerabilities"`
802+
Severity string `json:"severity"` // "low", "medium", "high", "critical"
803+
CVSS struct {
804+
Score float64 `json:"score"`
805+
VectorString string `json:"vector_string"`
806+
} `json:"cvss"`
807+
CWEs []struct {
808+
CWEID string `json:"cwe_id"`
809+
Name string `json:"name"`
810+
} `json:"cwes"`
811+
Identifiers []struct {
812+
Type string `json:"type"` // "CVE", "GHSA"
813+
Value string `json:"value"`
814+
} `json:"identifiers"`
815+
References []struct {
816+
URL string `json:"url"`
817+
} `json:"references"`
818+
PublishedAt string `json:"published_at"` // "YYYY-MM-DDTHH:MM:SSZ"
819+
UpdatedAt string `json:"updated_at"` // "YYYY-MM-DDTHH:MM:SSZ"
820+
WithdrawnAt string `json:"withdrawn_at"` // "YYYY-MM-DDTHH:MM:SSZ"
821+
} `json:"security_advisory"`
822+
SecurityVulnerability struct {
823+
Package struct {
824+
Ecosystem string `json:"ecosystem"`
825+
Name string `json:"name"`
826+
} `json:"package"`
827+
Severity string `json:"severity"` // "low", "medium", "high", "critical"
828+
VulnerableVersionRange string `json:"vulnerable_version_range"`
829+
FirstPatchedVersion struct {
830+
Identifier string `json:"identifier"`
831+
} `json:"first_patched_version"`
832+
} `json:"secirty_vulnerability"`
833+
URL string `json:"url"`
834+
HTMLURL string `json:"html_url"`
835+
CreatedAt string `json:"created_at"` // "YYYY-MM-DDTHH:MM:SSZ"
836+
UpdatedAt string `json:"updated_at"` // "YYYY-MM-DDTHH:MM:SSZ"
837+
DissmissedAt string `json:"dissmissed_at"` // "YYYY-MM-DDTHH:MM:SSZ"
838+
DissmissedBy struct {
839+
Name string `json:"name"`
840+
Email string `json:"email"`
841+
Login string `json:"login"`
842+
ID uint64 `json:"id"`
843+
NodeID string `json:"node_id"`
844+
AvatarURL string `json:"avatar_url"`
845+
GravatarID string `json:"gravatar_id"`
846+
URL string `json:"url"`
847+
HTMLURL string `json:"html_url"`
848+
FollowersURL string `json:"followers_url"`
849+
GistsURL string `json:"gists_url"`
850+
StarredURL string `json:"starred_url"`
851+
SubscriptionsURL string `json:"subscriptions_url"`
852+
OrganizationsURL string `json:"organizations_url"`
853+
ReposURL string `json:"repos_url"`
854+
EventsURL string `json:"events_url"`
855+
ReceivedEventsURL string `json:"received_events_url"`
856+
Type string `json:"type"`
857+
SiteAdmin bool `json:"site_admin"`
858+
StarredAt string `json:"starred_at"`
859+
} `json:"dissmissed_by"`
860+
DissmissedReason string `json:"dissmissed_reason"` // "fix_started", "inaccurate", "no_bandwidth", "not_used", "tolerable_risk", null
861+
DissmissedComment string `json:"dissmissed_comment"`
862+
FixedAt string `json:"fixed_at"` // "YYYY-MM-DDTHH:MM:SSZ"
863+
} `json:"alert"`
864+
Repository struct {
865+
ID int `json:"id"`
866+
NodeID string `json:"node_id"`
867+
Name string `json:"name"`
868+
FullName string `json:"full_name"`
869+
Owner struct {
870+
Login string `json:"login"`
871+
ID int `json:"id"`
872+
NodeID string `json:"node_id"`
873+
AvatarURL string `json:"avatar_url"`
874+
GravatarID string `json:"gravatar_id"`
875+
URL string `json:"url"`
876+
HTMLURL string `json:"html_url"`
877+
FollowersURL string `json:"followers_url"`
878+
FollowingURL string `json:"following_url"`
879+
GistsURL string `json:"gists_url"`
880+
StarredURL string `json:"starred_url"`
881+
SubscriptionsURL string `json:"subscriptions_url"`
882+
OrganizationsURL string `json:"organizations_url"`
883+
ReposURL string `json:"repos_url"`
884+
EventsURL string `json:"events_url"`
885+
ReceivedEventsURL string `json:"received_events_url"`
886+
Type string `json:"type"`
887+
SiteAdmin bool `json:"site_admin"`
888+
} `json:"owner"`
889+
Private bool `json:"private"`
890+
HTMLURL string `json:"html_url"`
891+
Description interface{} `json:"description"`
892+
Fork bool `json:"fork"`
893+
URL string `json:"url"`
894+
ForksURL string `json:"forks_url"`
895+
KeysURL string `json:"keys_url"`
896+
CollaboratorsURL string `json:"collaborators_url"`
897+
TeamsURL string `json:"teams_url"`
898+
HooksURL string `json:"hooks_url"`
899+
IssueEventsURL string `json:"issue_events_url"`
900+
EventsURL string `json:"events_url"`
901+
AssigneesURL string `json:"assignees_url"`
902+
BranchesURL string `json:"branches_url"`
903+
TagsURL string `json:"tags_url"`
904+
BlobsURL string `json:"blobs_url"`
905+
GitTagsURL string `json:"git_tags_url"`
906+
GitRefsURL string `json:"git_refs_url"`
907+
TreesURL string `json:"trees_url"`
908+
StatusesURL string `json:"statuses_url"`
909+
LanguagesURL string `json:"languages_url"`
910+
StargazersURL string `json:"stargazers_url"`
911+
ContributorsURL string `json:"contributors_url"`
912+
SubscribersURL string `json:"subscribers_url"`
913+
SubscriptionURL string `json:"subscription_url"`
914+
CommitsURL string `json:"commits_url"`
915+
GitCommitsURL string `json:"git_commits_url"`
916+
CommentsURL string `json:"comments_url"`
917+
IssueCommentURL string `json:"issue_comment_url"`
918+
ContentsURL string `json:"contents_url"`
919+
CompareURL string `json:"compare_url"`
920+
MergesURL string `json:"merges_url"`
921+
ArchiveURL string `json:"archive_url"`
922+
DownloadsURL string `json:"downloads_url"`
923+
IssuesURL string `json:"issues_url"`
924+
PullsURL string `json:"pulls_url"`
925+
MilestonesURL string `json:"milestones_url"`
926+
NotificationsURL string `json:"notifications_url"`
927+
LabelsURL string `json:"labels_url"`
928+
ReleasesURL string `json:"releases_url"`
929+
DeploymentsURL string `json:"deployments_url"`
930+
CreatedAt time.Time `json:"created_at"`
931+
UpdatedAt time.Time `json:"updated_at"`
932+
PushedAt time.Time `json:"pushed_at"`
933+
GitURL string `json:"git_url"`
934+
SSHURL string `json:"ssh_url"`
935+
CloneURL string `json:"clone_url"`
936+
SvnURL string `json:"svn_url"`
937+
Homepage interface{} `json:"homepage"`
938+
Size int `json:"size"`
939+
StargazersCount int `json:"stargazers_count"`
940+
WatchersCount int `json:"watchers_count"`
941+
Language interface{} `json:"language"`
942+
HasIssues bool `json:"has_issues"`
943+
HasProjects bool `json:"has_projects"`
944+
HasDownloads bool `json:"has_downloads"`
945+
HasWiki bool `json:"has_wiki"`
946+
HasPages bool `json:"has_pages"`
947+
ForksCount int `json:"forks_count"`
948+
MirrorURL interface{} `json:"mirror_url"`
949+
Archived bool `json:"archived"`
950+
OpenIssuesCount int `json:"open_issues_count"`
951+
License interface{} `json:"license"`
952+
Forks int `json:"forks"`
953+
OpenIssues int `json:"open_issues"`
954+
Watchers int `json:"watchers"`
955+
DefaultBranch string `json:"default_branch"`
956+
} `json:"repository"`
957+
Sender struct {
958+
Login string `json:"login"`
959+
ID int `json:"id"`
960+
NodeID string `json:"node_id"`
961+
AvatarURL string `json:"avatar_url"`
962+
GravatarID string `json:"gravatar_id"`
963+
URL string `json:"url"`
964+
HTMLURL string `json:"html_url"`
965+
FollowersURL string `json:"followers_url"`
966+
FollowingURL string `json:"following_url"`
967+
GistsURL string `json:"gists_url"`
968+
StarredURL string `json:"starred_url"`
969+
SubscriptionsURL string `json:"subscriptions_url"`
970+
OrganizationsURL string `json:"organizations_url"`
971+
ReposURL string `json:"repos_url"`
972+
EventsURL string `json:"events_url"`
973+
ReceivedEventsURL string `json:"received_events_url"`
974+
Type string `json:"type"`
975+
SiteAdmin bool `json:"site_admin"`
976+
} `json:"sender"`
977+
}
978+
772979
// DeployKeyPayload contains the information for GitHub's deploy_key hook
773980
type DeployKeyPayload struct {
774981
Action string `json:"action"`

0 commit comments

Comments
 (0)