steampipe plugin install github

Table: github_repository_dependabot_alert - Query GitHub Dependabot Alerts using SQL

GitHub Dependabot is a feature within the GitHub platform that monitors your project dependencies for known security vulnerabilities and automatically opens pull requests to update them to the minimum required version. It provides an automated way to keep your project dependencies up-to-date and secure. GitHub Dependabot helps you maintain the security and reliability of your projects by identifying and suggesting updates for vulnerable dependencies.

Table Usage Guide

The github_repository_dependabot_alert table provides insights into Dependabot alerts within GitHub repositories. As a project maintainer or security engineer, explore alert-specific details through this table, including the dependency name, version, and associated security vulnerabilities. Utilize it to uncover information about potentially insecure dependencies, helping you to maintain the security and integrity of your projects.

Important Notes

  • You must specify the repository_full_name (repository including org/user prefix) column in the where or join clause to query the table.

Examples

List dependabot alerts

Identify the status and type of dependabot alerts for a specific repository to maintain and upgrade dependencies efficiently.

select
state,
dependency_package_ecosystem,
dependency_package_name
from
github_repository_dependabot_alert
where
repository_full_name = 'turbot/steampipe';
select
state,
dependency_package_ecosystem,
dependency_package_name
from
github_repository_dependabot_alert
where
repository_full_name = 'turbot/steampipe';

List open dependabot alerts

Discover the segments that have active dependency alerts within a specific GitHub repository. This query is useful for maintaining security and up-to-date dependencies in your projects.

select
state,
dependency_package_ecosystem,
dependency_package_name
from
github_repository_dependabot_alert
where
repository_full_name = 'turbot/steampipe'
and state = 'open';
select
state,
dependency_package_ecosystem,
dependency_package_name
from
github_repository_dependabot_alert
where
repository_full_name = 'turbot/steampipe'
and state = 'open';

List open critical dependabot alerts

Explore critical alerts in your repository's dependencies that are currently open. This is useful for quickly identifying potential security risks within your project's ecosystem.

select
state,
dependency_package_ecosystem,
dependency_package_name
from
github_repository_dependabot_alert
where
repository_full_name = 'turbot/steampipe'
and state = 'open'
and security_advisory_severity = 'critical';
select
state,
dependency_package_ecosystem,
dependency_package_name
from
github_repository_dependabot_alert
where
repository_full_name = 'turbot/steampipe'
and state = 'open'
and security_advisory_severity = 'critical';

Schema for github_repository_dependabot_alert

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
alert_numberbigint=The security alert number.
created_attimestamp with time zoneThe time that the alert was created.
dependency_manifest_pathtextThe unique manifestation path within the ecosystem.
dependency_package_ecosystemtext=The package's language or package management ecosystem.
dependency_package_nametext=The unique package name within its ecosystem.
dependency_scopetext=The execution scope of the vulnerable dependency.
dismissed_attimestamp with time zoneThe time that the alert was dismissed.
dismissed_commenttextAn optional comment associated with the alert's dismissal.
dismissed_reasontextThe reason that the alert was dismissed.
fixed_attimestamp with time zoneThe time that the alert was no longer detected and was considered fixed.
html_urltextThe GitHub URL of the alert resource.
login_idtext=, !=, ~~, ~~*, !~~, !~~*Unique identifier for the user login.
repository_full_nametext=The full name of the repository (login/repo-name).
security_advisory_cve_idtextThe unique CVE ID assigned to the advisory.
security_advisory_cvss_scoredouble precisionThe overall CVSS score of the advisory.
security_advisory_cvss_vector_stringtextThe full CVSS vector string for the advisory.
security_advisory_cwesjsonbThe associated CWEs
security_advisory_descriptiontextA long-form Markdown-supported description of the advisory.
security_advisory_ghsa_idtextThe unique GitHub Security Advisory ID assigned to the advisory.
security_advisory_published_attimestamp with time zoneThe time that the advisory was published.
security_advisory_severitytext=The severity of the advisory.
security_advisory_summarytextA short, plain text summary of the advisory.
security_advisory_updated_attimestamp with time zoneThe time that the advisory was last modified.
security_advisory_withdrawn_attimestamp with time zoneThe time that the advisory was withdrawn.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statetext=The state of the Dependabot alert.
updated_attimestamp with time zoneThe time that the alert was last updated.
urltextThe REST API URL of the alert resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- github

You can pass the configuration to the command with the --config argument:

steampipe_export_github --config '<your_config>' github_repository_dependabot_alert