1

I'd like to get an overview, for example of all the critical vulnerabilities I have access to view in a GitHub organization.

This answer has allowed me to get a list for a specific repository:

{
    repository(name: "repo-name", owner: "repo-owner") {
        vulnerabilityAlerts(first: 100) {
            nodes {
                createdAt
                dismissedAt
                securityVulnerability {
                    package {
                        name
                    }
                    advisory {
                        description
                    }
                }
            }
        }
    }
}

However scanning a large organization manually is just as easy repo-by-repo through the GUI as it is through the API.

Is there a way, preferably in Insomnia, though if not then a CLI version is ok, to get such a list of critical vulnerabilities?

I suspect it can only be done by querying every repo by iterating through the list of all repositories, something like this query I had from something else I was playing with, though was curious if anyone had any other clever solutions to save writing that app:

query{
    organization(login: "repo-owner"){
        repositories(first: 100){
            nodes{
                name
            }
            pageInfo{
                hasNextPage
            }
        }
    }
}
pzrq
  • 1,626
  • 1
  • 18
  • 24

1 Answers1

2

I'm unaware of a way to filter for critical vulnerabilities using the GitHub graphql, but you can do something like this:

{
  organization(login: "repo-owner") {
    repositories(first: 100) {
      nodes {
        nameWithOwner
        vulnerabilityAlerts(first: 10) {
          nodes {
            securityAdvisory {
              severity
            }
          }
        }
      }
    }
  }
}

This will output the severity for every single repository in the repo-owner organization regardless if there is a severity for the repository. I believe with the gh cli tool, you can use Go templates to format the output. For more information on how to use the gh cli tool with Go templating, please refer to the following page.

GonzalezAndrew
  • 474
  • 4
  • 9