go-playground · deankarn · May 21, 2023 · Feb 14, 2023
diff --git a/github/github.go b/github/github.go
@@ -33,6 +33,7 @@ const (
 	CommitCommentEvent                       Event = "commit_comment"
 	CreateEvent                              Event = "create"
 	DeleteEvent                              Event = "delete"
+	DependabotAlertEvent                     Event = "dependabot_alert"
 	DeployKeyEvent                           Event = "deploy_key"
 	DeploymentEvent                          Event = "deployment"
 	DeploymentStatusEvent                    Event = "deployment_status"
@@ -196,6 +197,10 @@ func (hook Webhook) Parse(r *http.Request, events ...Event) (interface{}, error)
 		var pl DeletePayload
 		err = json.Unmarshal([]byte(payload), &pl)
 		return pl, err
+	case DependabotAlertEvent:
+		var pl DependabotAlertPayload
+		err = json.Unmarshal([]byte(payload), &pl)
+		return pl, err
 	case DeploymentEvent:
 		var pl DeploymentPayload
 		err = json.Unmarshal([]byte(payload), &pl)

diff --git a/github/github_test.go b/github/github_test.go
@@ -183,6 +183,16 @@ func TestWebhooks(t *testing.T) {
 				"X-Hub-Signature": []string{"sha1=4ddef04fd05b504c7041e294fca3ad1804bc7be1"},
 			},
 		},
+		{
+			name:     "DependabotAlertEvent",
+			event:    DependabotAlertEvent,
+			typ:      DependabotAlertPayload{},
+			filename: "../testdata/github/dependabot_alert.json",
+			headers: http.Header{
+				"X-Github-Event":  []string{"dependabot_alert"},
+				"X-Hub-Signature": []string{"sha1=ce6a2bc876463a8b3b492399302bf316e1af7a21"},
+			},
+		},
 		{
 			name:     "DeployKeyEvent",
 			event:    DeployKeyEvent,

diff --git a/github/payload.go b/github/payload.go
@@ -769,6 +769,213 @@ type DeletePayload struct {
 	} `json:"sender"`
 }
 
+// DependabotAlertPayload contains the information for GitHub's dependabot_alert hook event
+type DependabotAlertPayload struct {
+	Action string `json:"action"` // "created", "dissmissed", "fixed", "reintroduced", "reopened"
+	Alert  struct {
+		Number     uint32 `json:"number"`
+		State      string `json:"state"` // "dissmissed", "fixed", "open"
+		Dependency struct {
+			Package struct {
+				Ecosystem string `json:"ecosystem"`
+				Name      string `json:"name"`
+			} `json:"package"`
+			ManifestPath string `json:"manifest_path"`
+			Scope        string `json:"scope"` // "development", "runtime", null
+		} `json:"dependency"`
+		SecurityAdvisory struct {
+			GHSAID          string `json:"ghsa_id"`
+			CVEID           string `json:"cve_id"`
+			Summary         string `json:"summary"`
+			Description     string `json:"description"`
+			Vulnerabilities []struct {
+				Package struct {
+					Ecosystem string `json:"ecosystem"`
+					Name      string `json:"name"`
+				} `json:"package"`
+				Severity               string `json:"severity"` // "low", "midium", "high", "critical"
+				VulnerableVersionRange string `json:"vulnerable_version_range"`
+				FirstPatchedVersion    struct {
+					Identifier string `json:"identifier"`
+				} `json:"first_patched_version"`
+			} `json:"vulnerabilities"`
+			Severity string `json:"severity"` // "low", "medium", "high", "critical"
+			CVSS     struct {
+				Score        float64 `json:"score"`
+				VectorString string  `json:"vector_string"`
+			} `json:"cvss"`
+			CWEs []struct {
+				CWEID string `json:"cwe_id"`
+				Name  string `json:"name"`
+			} `json:"cwes"`
+			Identifiers []struct {
+				Type  string `json:"type"` // "CVE", "GHSA"
+				Value string `json:"value"`
+			} `json:"identifiers"`
+			References []struct {
+				URL string `json:"url"`
+			} `json:"references"`
+			PublishedAt string `json:"published_at"` // "YYYY-MM-DDTHH:MM:SSZ"
+			UpdatedAt   string `json:"updated_at"`   // "YYYY-MM-DDTHH:MM:SSZ"
+			WithdrawnAt string `json:"withdrawn_at"` // "YYYY-MM-DDTHH:MM:SSZ"
+		} `json:"security_advisory"`
+		SecurityVulnerability struct {
+			Package struct {
+				Ecosystem string `json:"ecosystem"`
+				Name      string `json:"name"`
+			} `json:"package"`
+			Severity               string `json:"severity"` // "low", "medium", "high", "critical"
+			VulnerableVersionRange string `json:"vulnerable_version_range"`
+			FirstPatchedVersion    struct {
+				Identifier string `json:"identifier"`
+			} `json:"first_patched_version"`
+		} `json:"secirty_vulnerability"`
+		URL          string `json:"url"`
+		HTMLURL      string `json:"html_url"`
+		CreatedAt    string `json:"created_at"`    // "YYYY-MM-DDTHH:MM:SSZ"
+		UpdatedAt    string `json:"updated_at"`    // "YYYY-MM-DDTHH:MM:SSZ"
+		DissmissedAt string `json:"dissmissed_at"` // "YYYY-MM-DDTHH:MM:SSZ"
+		DissmissedBy struct {
+			Name              string `json:"name"`
+			Email             string `json:"email"`
+			Login             string `json:"login"`
+			ID                uint64 `json:"id"`
+			NodeID            string `json:"node_id"`
+			AvatarURL         string `json:"avatar_url"`
+			GravatarID        string `json:"gravatar_id"`
+			URL               string `json:"url"`
+			HTMLURL           string `json:"html_url"`
+			FollowersURL      string `json:"followers_url"`
+			GistsURL          string `json:"gists_url"`
+			StarredURL        string `json:"starred_url"`
+			SubscriptionsURL  string `json:"subscriptions_url"`
+			OrganizationsURL  string `json:"organizations_url"`
+			ReposURL          string `json:"repos_url"`
+			EventsURL         string `json:"events_url"`
+			ReceivedEventsURL string `json:"received_events_url"`
+			Type              string `json:"type"`
+			SiteAdmin         bool   `json:"site_admin"`
+			StarredAt         string `json:"starred_at"`
+		} `json:"dissmissed_by"`
+		DissmissedReason  string `json:"dissmissed_reason"` // "fix_started", "inaccurate", "no_bandwidth", "not_used", "tolerable_risk", null
+		DissmissedComment string `json:"dissmissed_comment"`
+		FixedAt           string `json:"fixed_at"` // "YYYY-MM-DDTHH:MM:SSZ"
+	} `json:"alert"`
+	Repository struct {
+		ID       int    `json:"id"`
+		NodeID   string `json:"node_id"`
+		Name     string `json:"name"`
+		FullName string `json:"full_name"`
+		Owner    struct {
+			Login             string `json:"login"`
+			ID                int    `json:"id"`
+			NodeID            string `json:"node_id"`
+			AvatarURL         string `json:"avatar_url"`
+			GravatarID        string `json:"gravatar_id"`
+			URL               string `json:"url"`
+			HTMLURL           string `json:"html_url"`
+			FollowersURL      string `json:"followers_url"`
+			FollowingURL      string `json:"following_url"`
+			GistsURL          string `json:"gists_url"`
+			StarredURL        string `json:"starred_url"`
+			SubscriptionsURL  string `json:"subscriptions_url"`
+			OrganizationsURL  string `json:"organizations_url"`
+			ReposURL          string `json:"repos_url"`
+			EventsURL         string `json:"events_url"`
+			ReceivedEventsURL string `json:"received_events_url"`
+			Type              string `json:"type"`
+			SiteAdmin         bool   `json:"site_admin"`
+		} `json:"owner"`
+		Private          bool        `json:"private"`
+		HTMLURL          string      `json:"html_url"`
+		Description      interface{} `json:"description"`
+		Fork             bool        `json:"fork"`
+		URL              string      `json:"url"`
+		ForksURL         string      `json:"forks_url"`
+		KeysURL          string      `json:"keys_url"`
+		CollaboratorsURL string      `json:"collaborators_url"`
+		TeamsURL         string      `json:"teams_url"`
+		HooksURL         string      `json:"hooks_url"`
+		IssueEventsURL   string      `json:"issue_events_url"`
+		EventsURL        string      `json:"events_url"`
+		AssigneesURL     string      `json:"assignees_url"`
+		BranchesURL      string      `json:"branches_url"`
+		TagsURL          string      `json:"tags_url"`
+		BlobsURL         string      `json:"blobs_url"`
+		GitTagsURL       string      `json:"git_tags_url"`
+		GitRefsURL       string      `json:"git_refs_url"`
+		TreesURL         string      `json:"trees_url"`
+		StatusesURL      string      `json:"statuses_url"`
+		LanguagesURL     string      `json:"languages_url"`
+		StargazersURL    string      `json:"stargazers_url"`
+		ContributorsURL  string      `json:"contributors_url"`
+		SubscribersURL   string      `json:"subscribers_url"`
+		SubscriptionURL  string      `json:"subscription_url"`
+		CommitsURL       string      `json:"commits_url"`
+		GitCommitsURL    string      `json:"git_commits_url"`
+		CommentsURL      string      `json:"comments_url"`
+		IssueCommentURL  string      `json:"issue_comment_url"`
+		ContentsURL      string      `json:"contents_url"`
+		CompareURL       string      `json:"compare_url"`
+		MergesURL        string      `json:"merges_url"`
+		ArchiveURL       string      `json:"archive_url"`
+		DownloadsURL     string      `json:"downloads_url"`
+		IssuesURL        string      `json:"issues_url"`
+		PullsURL         string      `json:"pulls_url"`
+		MilestonesURL    string      `json:"milestones_url"`
+		NotificationsURL string      `json:"notifications_url"`
+		LabelsURL        string      `json:"labels_url"`
+		ReleasesURL      string      `json:"releases_url"`
+		DeploymentsURL   string      `json:"deployments_url"`
+		CreatedAt        time.Time   `json:"created_at"`
+		UpdatedAt        time.Time   `json:"updated_at"`
+		PushedAt         time.Time   `json:"pushed_at"`
+		GitURL           string      `json:"git_url"`
+		SSHURL           string      `json:"ssh_url"`
+		CloneURL         string      `json:"clone_url"`
+		SvnURL           string      `json:"svn_url"`
+		Homepage         interface{} `json:"homepage"`
+		Size             int         `json:"size"`
+		StargazersCount  int         `json:"stargazers_count"`
+		WatchersCount    int         `json:"watchers_count"`
+		Language         interface{} `json:"language"`
+		HasIssues        bool        `json:"has_issues"`
+		HasProjects      bool        `json:"has_projects"`
+		HasDownloads     bool        `json:"has_downloads"`
+		HasWiki          bool        `json:"has_wiki"`
+		HasPages         bool        `json:"has_pages"`
+		ForksCount       int         `json:"forks_count"`
+		MirrorURL        interface{} `json:"mirror_url"`
+		Archived         bool        `json:"archived"`
+		OpenIssuesCount  int         `json:"open_issues_count"`
+		License          interface{} `json:"license"`
+		Forks            int         `json:"forks"`
+		OpenIssues       int         `json:"open_issues"`
+		Watchers         int         `json:"watchers"`
+		DefaultBranch    string      `json:"default_branch"`
+	} `json:"repository"`
+	Sender struct {
+		Login             string `json:"login"`
+		ID                int    `json:"id"`
+		NodeID            string `json:"node_id"`
+		AvatarURL         string `json:"avatar_url"`
+		GravatarID        string `json:"gravatar_id"`
+		URL               string `json:"url"`
+		HTMLURL           string `json:"html_url"`
+		FollowersURL      string `json:"followers_url"`
+		FollowingURL      string `json:"following_url"`
+		GistsURL          string `json:"gists_url"`
+		StarredURL        string `json:"starred_url"`
+		SubscriptionsURL  string `json:"subscriptions_url"`
+		OrganizationsURL  string `json:"organizations_url"`
+		ReposURL          string `json:"repos_url"`
+		EventsURL         string `json:"events_url"`
+		ReceivedEventsURL string `json:"received_events_url"`
+		Type              string `json:"type"`
+		SiteAdmin         bool   `json:"site_admin"`
+	} `json:"sender"`
+}
+
 // DeployKeyPayload contains the information for GitHub's deploy_key hook
 type DeployKeyPayload struct {
 	Action string `json:"action"`