VulnerabilityAlerts
Lists Dependabot vulnerability alerts for the repository.
Table-Specific Information
Select
The connector uses the GitHub API to process WHERE clause conditions that are built with the following columns and operators:
- Number supports the '=,IN' comparison operators.
- DependencyScope supports the '=,IN' comparison operators.
- State supports the '=,IN' comparison operators.
For example, the following queries are processed server-side:
SELECT * FROM [VulnerabilityAlerts]
SELECT * FROM [VulnerabilityAlerts] WHERE [Number] = 123
SELECT * FROM [VulnerabilityAlerts] WHERE [DependencyScope] = 'DEVELOPMENT'
SELECT * FROM [VulnerabilityAlerts] WHERE [State] = 'AUTO_DISMISSED'
The connector processes other filters client-side within the connector.
Update
You can use the following column to update a record: DismissReason
UPDATE [VulnerabilityAlerts] SET [DismissReason] = 'TOLERABLE_RISK' WHERE [Id] = 'RVA_000O00'
Columns
| Name | Type | ReadOnly | References | Description |
| Id [KEY] | String | True |
The Node ID of the RepositoryVulnerabilityAlert object. | |
| Number | Int | True |
Identifies the alert number. | |
| DependencyScope | String | True |
The scope of the alert's dependency. | |
| DependencyRelationship | String | True |
The relationship of the alert's dependency. | |
| VulnerableManifestFilename | String | True |
The vulnerable manifest filename. | |
| VulnerableManifestPath | String | True |
The vulnerable manifest path. | |
| VulnerableRequirements | String | True |
The vulnerable requirements. | |
| GhsaId | String | True |
The GitHub Security Advisory ID. | |
| SecurityAdvisoryId | String | True |
The Node ID of the associated SecurityAdvisory object. | |
| SecurityAdvisoryDatabaseId | Int | True |
Identifies the primary key from the database. | |
| SecurityAdvisorySummary | String | True |
A short plaintext summary of the advisory. | |
| SecurityAdvisoryDescription | String | True |
A long-form Markdown-supported description of the advisory. | |
| SecurityAdvisoryOrigin | String | True |
The organization that originated the advisory. | |
| SecurityAdvisoryClassification | String | True |
The classification of the advisory. | |
| SecurityAdvisoryIdentifiers | String | True |
A list of identifiers for this advisory. | |
| SecurityAdvisoryReferences | String | True |
A list of references for this advisory. | |
| SecurityAdvisoryPermalink | String | True |
The permalink for the advisory. | |
| SecurityAdvisoryNotificationsPermalink | String | True |
The permalink for the advisory's dependabot alerts page. | |
| SecurityAdvisorySeverity | String | True |
The severity of the advisory. | |
| SecurityAdvisoryEpssPercentage | Double | True |
The EPSS percentage represents the likelihood of a CVE being exploited. | |
| SecurityAdvisoryEpssPercentile | Double | True |
The EPSS percentile represents the relative rank of the CVE's likelihood of being exploited compared to other CVEs. | |
| SecurityAdvisoryCvssV3Score | Double | True |
The CVSS v3 score associated with this advisory. | |
| SecurityAdvisoryCvssV3VectorString | String | True |
The CVSS v3 vector string associated with this advisory. | |
| SecurityAdvisoryCvssV4Score | Double | True |
The CVSS v4 score associated with this advisory. | |
| SecurityAdvisoryCvssV4VectorString | String | True |
The CVSS v4 vector string associated with this advisory. | |
| SecurityAdvisoryPublishedAt | Datetime | True |
When the advisory was published. | |
| SecurityAdvisoryUpdatedAt | Datetime | True |
When the advisory was last updated. | |
| SecurityAdvisoryWithdrawnAt | Datetime | True |
When the advisory was withdrawn, if it has been withdrawn. | |
| SecurityVulnerabilityPackageName | String | True |
The package name affected by the vulnerability. | |
| SecurityVulnerabilityPackageEcosystem | String | True |
The ecosystem the package belongs to. | |
| SecurityVulnerabilityVulnerableVersionRange | String | True |
A string that describes the vulnerable package versions. | |
| SecurityVulnerabilityFirstPatchedVersion | String | True |
The first version containing a fix for the vulnerability. | |
| SecurityVulnerabilitySeverity | String | True |
The severity of the vulnerability within this package. | |
| SecurityVulnerabilityUpdatedAt | Datetime | True |
When the vulnerabillity was last updated. | |
| DependabotPullRequestId | String | True |
The Node ID of the PullRequest object. | |
| DependabotPullRequestNumber | Int | True |
Identifies the pull request number. | |
| DependabotUpdateError | String | True |
The title of the error from the Dependabot update. | |
| State | String | True |
Identifies the state of the alert. | |
| DismissReason | String | False |
The reason the alert was dismissed. | |
| DismissComment | String | True |
Comment explaining the reason the alert was dismissed. | |
| DismisserLogin | String | True |
The username of the user who dismissed the alert. | |
| CreatedAt | Datetime | True |
When was the alert created. | |
| DismissedAt | Datetime | True |
When was the alert dismissed. | |
| AutoDismissedAt | Datetime | True |
When was the alert auto-dismissed. | |
| FixedAt | Datetime | True |
When was the alert fixed. |