Merge branch 'main' of github.com:Killklli/ghastoolkit

GeekMasher · GeekMasher · commit e9eb2e6b0d6e · 2024-07-21T09:28:05.000+01:00
diff --git a/src/ghastoolkit/octokit/dependabot.py b/src/ghastoolkit/octokit/dependabot.py
@@ -95,6 +95,7 @@ def getAlerts(
                         ),
                         advisory=advisory,
                         purl=f"pkg:{package.get('ecosystem')}/{package.get('name')}".lower(),
+                        manifest=alert.get("manifest_path"),
                     )
                 )
 
@@ -148,4 +149,4 @@ def getAlertsGraphQL(self) -> list[DependencyAlert]:
             self.graphql.cursor = alerts.get("pageInfo", {}).get("endCursor", "")
 
         logger.debug(f"Number of Dependabot Alerts :: {len(results)}")
-        return results
+        return results
diff --git a/src/ghastoolkit/octokit/dependencygraph.py b/src/ghastoolkit/octokit/dependencygraph.py
@@ -215,6 +215,8 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies:
 
             for alert in depdata.get("vulnerabilities", []):
                 dep_alert = DependencyAlert(
+                    depdata.get("vulnerabilities").index(alert),
+                    "open",
                     alert.get("severity"),
                     purl=dep.getPurl(False),
                     advisory=Advisory(
@@ -223,6 +225,7 @@ def getDependenciesInPR(self, base: str, head: str) -> Dependencies:
                         summary=alert.get("advisory_summary"),
                         url=alert.get("advisory_ghsa_url"),
                     ),
+                    manifest=alert.get("manifest"),
                 )
                 dep.alerts.append(dep_alert)
 
@@ -260,4 +263,4 @@ def submitSbom(self, sbom: dict[Any, Any]):
             "/repos/{owner}/{repo}/dependency-graph/snapshots",
             sbom,
             expected=201,
-        )
+        )
diff --git a/src/ghastoolkit/supplychain/dependencyalert.py b/src/ghastoolkit/supplychain/dependencyalert.py
@@ -23,6 +23,9 @@ class DependencyAlert(OctoItem):
     created_at: Optional[str] = None
     """Created Timestamp"""
 
+    manifest: Optional[str] = None
+    """Manifest"""
+
     def __init_post__(self):
         if not self.created_at:
             self.created_at = datetime.now().strftime("%Y-%m-%dT%XZ")
@@ -36,4 +39,4 @@ def createdAt(self) -> Optional[datetime]:
             return datetime.strptime(self.created_at, "%Y-%m-%dT%XZ")
 
     def __str__(self) -> str:
-        return f"DependencyAlert({self.advisory.ghsa_id}, {self.severity})"
+        return f"DependencyAlert({self.advisory.ghsa_id}, {self.severity})"

Original file line number	Diff line number	Diff line change
`@@ -95,6 +95,7 @@ def getAlerts(`
`95`	`95`	`),`
`96`	`96`	`advisory=advisory,`
`97`	`97`	`purl=f"pkg:{package.get('ecosystem')}/{package.get('name')}".lower(),`
	`98`	`+ manifest=alert.get("manifest_path"),`
`98`	`99`	`)`
`99`	`100`	`)`
`100`	`101`
`@@ -148,4 +149,4 @@ def getAlertsGraphQL(self) -> list[DependencyAlert]:`
`148`	`149`	`self.graphql.cursor = alerts.get("pageInfo", {}).get("endCursor", "")`
`149`	`150`
`150`	`151`	`logger.debug(f"Number of Dependabot Alerts :: {len(results)}")`
`151`		`- return results`
	`152`	`+ return results`