steampipe plugin install github

Table: github_organization_dependabot_alert - Query GitHub Dependabot Alerts using SQL

GitHub Dependabot is a feature that helps you keep your dependencies up to date. It monitors your project's dependencies and sends you an alert when updates or security vulnerabilities are detected. Dependabot Alerts provide critical information about security vulnerabilities that can affect your project's dependencies.

Table Usage Guide

The github_organization_dependabot_alert table provides insights into Dependabot Alerts within GitHub. As a security analyst or a developer, explore alert-specific details through this table, including alert status, severity, and package name. Utilize it to uncover information about security vulnerabilities in your GitHub organization's dependencies, helping you to keep your projects safe and up to date.

Important Notes

  • You must specify the organization column in where or join clause to query the table.

Examples

List dependabot alerts

Analyze the status and ecosystem of dependency packages in a specific organization using this query. It is particularly useful for identifying potential security vulnerabilities or outdated dependencies within your organization's codebase.

select
organization,
state,
dependency_package_ecosystem,
dependency_package_name
from
github_organization_dependabot_alert
where
organization = 'my_org';
select
organization,
state,
dependency_package_ecosystem,
dependency_package_name
from
github_organization_dependabot_alert
where
organization = 'my_org';

List open dependabot alerts

Discover the segments that have open alerts related to software dependencies within a specific organization. This can be used to identify areas that may be vulnerable or in need of updates, improving security and efficiency.

select
organization,
state,
dependency_package_ecosystem,
dependency_package_name
from
github_organization_dependabot_alert
where
organization = 'my_org'
and state = 'open';
select
organization,
state,
dependency_package_ecosystem,
dependency_package_name
from
github_organization_dependabot_alert
where
organization = 'my_org'
and state = 'open';

List open critical dependabot alerts

Determine the areas in which critical security threats are open in your organization's dependabot alerts. This query is useful for prioritizing security issues that need immediate attention.

select
organization,
state,
dependency_package_ecosystem,
dependency_package_name
from
github_organization_dependabot_alert
where
organization = 'my_org'
and state = 'open'
and security_advisory_severity = 'critical';
select
organization,
state,
dependency_package_ecosystem,
dependency_package_name
from
github_organization_dependabot_alert
where
organization = 'my_org'
and state = 'open'
and security_advisory_severity = 'critical';

Schema for github_organization_dependabot_alert

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
alert_numberbigintThe security alert number.
created_attimestamp with time zoneThe time that the alert was created.
dependency_manifest_pathtextThe unique manifestation path within the ecosystem.
dependency_package_ecosystemtext=The package's language or package management ecosystem.
dependency_package_nametext=The unique package name within its ecosystem.
dependency_scopetext=The execution scope of the vulnerable dependency.
dismissed_attimestamp with time zoneThe time that the alert was dismissed.
dismissed_commenttextAn optional comment associated with the alert's dismissal.
dismissed_reasontextThe reason that the alert was dismissed.
fixed_attimestamp with time zoneThe time that the alert was no longer detected and was considered fixed.
html_urltextThe GitHub URL of the alert resource.
login_idtext=, !=, ~~, ~~*, !~~, !~~*Unique identifier for the user login.
organizationtext=The login name of the organization.
security_advisory_cve_idtextThe unique CVE ID assigned to the advisory.
security_advisory_cvss_scoredouble precisionThe overall CVSS score of the advisory.
security_advisory_cvss_vector_stringtextThe full CVSS vector string for the advisory.
security_advisory_cwesjsonbThe associated CWEs
security_advisory_descriptiontextA long-form Markdown-supported description of the advisory.
security_advisory_ghsa_idtextThe unique GitHub Security Advisory ID assigned to the advisory.
security_advisory_published_attimestamp with time zoneThe time that the advisory was published.
security_advisory_severitytext=The severity of the advisory.
security_advisory_summarytextA short, plain text summary of the advisory.
security_advisory_updated_attimestamp with time zoneThe time that the advisory was last modified.
security_advisory_withdrawn_attimestamp with time zoneThe time that the advisory was withdrawn.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statetext=The state of the Dependabot alert.
updated_attimestamp with time zoneThe time that the alert was last updated.
urltextThe REST API URL of the alert resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- github

You can pass the configuration to the command with the --config argument:

steampipe_export_github --config '<your_config>' github_organization_dependabot_alert