-
Notifications
You must be signed in to change notification settings - Fork 0
59 lines (52 loc) · 1.79 KB
/
example-github-security.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
---
on: workflow_call
jobs:
metric:
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v7
id: script
with:
script: |
const query = `
query($cursor: String, $owner: String!, $repo: String!) {
repository(owner: $owner, name: $repo) {
vulnerabilityAlerts(states: OPEN, first: 100, after: $cursor) {
pageInfo {
endCursor
}
nodes {
securityVulnerability {
severity
}
}
}
}
}
`;
let cursor = null;
const countBySeverity = {CRITICAL: 0, HIGH: 0, MODERATE: 0, LOW: 0};
do {
const result = await github.graphql(
query,
{
owner: context.repo.owner,
repo: context.repo.repo,
cursor: cursor,
}
);
for(const alert of result.repository.vulnerabilityAlerts.nodes) {
if (!countBySeverity[alert.securityVulnerability.severity]) {
countBySeverity[alert.securityVulnerability.severity] = 0;
}
countBySeverity[alert.securityVulnerability.severity]++;
}
cursor = result.repository.vulnerabilityAlerts.pageInfo.endCursor;
} while(null !== cursor)
return countBySeverity;
- uses: actions/checkout@v4
- uses: KnpLabs/[email protected]
with:
report: github-security
command: compile
values: ${{ steps.script.outputs.result }}