Skip to content

Commit

Permalink
do not report fixed alerts
Browse files Browse the repository at this point in the history
  • Loading branch information
Nancy Habecker committed Mar 7, 2022
1 parent c0d9ff7 commit 3af6523
Show file tree
Hide file tree
Showing 2 changed files with 1,456 additions and 6 deletions.
12 changes: 8 additions & 4 deletions dependabotAlerts.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,18 @@ function getAlerts(repos) {
const summary = {};
const alerts = await getVulnerabilities(org, name);
const criticalAlerts = alerts.filter(
(alert) => alert.severity === "critical" && !alert.dismissed
(alert) =>
alert.severity === "critical" && !alert.dismissed && !alert.fixed
);
const highAlerts = alerts.filter(
(alert) => alert.severity === "high" && !alert.dismissed
(alert) => alert.severity === "high" && !alert.dismissed && !alert.fixed
);
const mediumAlerts = alerts.filter(
(alert) => alert.severity === "moderate" && !alert.dismissed
(alert) =>
alert.severity === "moderate" && !alert.dismissed && !alert.fixed
);
const lowAlerts = alerts.filter(
(alert) => alert.severity === "low" && !alert.dismissed
(alert) => alert.severity === "low" && !alert.dismissed && !alert.fixed
);

// Dependabot calls these "moderate", but SparkPost categorizes these as "medium"
Expand Down Expand Up @@ -70,6 +72,7 @@ const getVulnerabilities = async (owner, repo) => {
description: alert.securityAdvisory.description,
packageName: alert.securityVulnerability.package.name,
dismissed: !!alert.dismissReason,
fixed: !!alert.fixReason,
};
});
};
Expand All @@ -85,6 +88,7 @@ const getVulnerabilityAlertQuery = (owner, repo, limit = 50) => {
vulnerableRequirements
vulnerableManifestFilename
dismissReason
fixReason
securityAdvisory {
description
ghsaId
Expand Down
Loading

0 comments on commit 3af6523

Please sign in to comment.