A python library to query and manage github's dependabot alerts
Project description
pyDependabot
The unofficial but well maintained python library to interact with github's Dependabot api. pydependabot allows developers to work with github's vulnerablity alerts without handling graphql or rest api, just by using python.
installation
Pip is the easiest way to install pydependabot.
python -m pip install pydependabot
after a short installation process the package will be avaiable for usage. if you encounter any problem during installation, please open an issue and we will help.
Usage examples
Please note that in order to use the package the token you authenticate with must have security alerts permissions.
To simply query your current Dependabot alerts list -
import Dependabot from pydependabot
d = Dependabot(graphql_endpoint="https://api.github.com/graphql", auth_token="TOKEN")
dependabot_alerts = d.get_security_alerts(repository_owner='or-elias',repository_name='pyDependabot')
print(dependabot_alerts)
If you need to query different fields you can specify that on the get_security_alerts function call. All of the possible fields are listed on the repository_vulnerablity_alert_query.py file
import Dependabot from pydependabot
from pydependabot.repository_vulnerablity_alert_query import RepositoryVulnerablityAlertQuery
d = Dependabot(graphql_endpoint="https://api.github.com/graphql", auth_token="TOKEN")
dependabot_alerts = d.get_security_alerts(repository_owner='or-elias',repository_name='pyDependabot', fields=[RepositoryVulnerablityAlertQuery.dismissCommentField])
print(dependabot_alerts)
pydependabot uses a gql client to ineract with the graphql endpoint and it automatically selects RequestsHTTPTransport as the client's transport method. if needed, you can manully overwrite that and provide your own gql client for the library to use, you can do that by using the options argument.
import Dependabot from pydependabot
client = ADifferentGQLClient()
dependabot_alerts = Dependabot("https://api.github.com/graphql", "TOKEN", options={'client': client}).get_security_alerts('fake-org', 'fake-repo')
print(dependabot_alerts)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pydependabot-0.8.tar.gz.
File metadata
- Download URL: pydependabot-0.8.tar.gz
- Upload date:
- Size: 6.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
812fc6aa961b549defe55f10ce8395ccacefdc491f1015fa75fd1b59746d3409
|
|
| MD5 |
718a4fe9f0bec4eeb594c3df1db476ff
|
|
| BLAKE2b-256 |
37e11d7c7180664e074dd8f480c944f4bfef2532e81e94c604983d20a5b8446a
|
File details
Details for the file pydependabot-0.8-py3-none-any.whl.
File metadata
- Download URL: pydependabot-0.8-py3-none-any.whl
- Upload date:
- Size: 7.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7e942f902e79eacc0fe630ec5362d275b5d246e30cc2cbe4595a1385e346e883
|
|
| MD5 |
8af3d4bc4a07d1be7a495125d90dbcd4
|
|
| BLAKE2b-256 |
d05be9b6914b57bc32b329d8e24bcae30ff8753b8999d25e4e22c8c442d5cbd3
|
