Table: github_organization_dependabot_alert - Query GitHub Dependabot Alerts using SQL
GitHub Dependabot is a feature that helps you keep your dependencies up to date. It monitors your project's dependencies and sends you an alert when updates or security vulnerabilities are detected. Dependabot Alerts provide critical information about security vulnerabilities that can affect your project's dependencies.
Table Usage Guide
The github_organization_dependabot_alert table provides insights into Dependabot Alerts within GitHub. As a security analyst or a developer, explore alert-specific details through this table, including alert status, severity, and package name. Utilize it to uncover information about security vulnerabilities in your GitHub organization's dependencies, helping you to keep your projects safe and up to date.
Important Notes
- You must specify the
organizationcolumn inwhereorjoinclause to query the table.
Examples
List dependabot alerts
Analyze the status and ecosystem of dependency packages in a specific organization using this query. It is particularly useful for identifying potential security vulnerabilities or outdated dependencies within your organization's codebase.
select organization, state, dependency_package_ecosystem, dependency_package_namefrom github_organization_dependabot_alertwhere organization = 'my_org';select organization, state, dependency_package_ecosystem, dependency_package_namefrom github_organization_dependabot_alertwhere organization = 'my_org';List open dependabot alerts
Discover the segments that have open alerts related to software dependencies within a specific organization. This can be used to identify areas that may be vulnerable or in need of updates, improving security and efficiency.
select organization, state, dependency_package_ecosystem, dependency_package_namefrom github_organization_dependabot_alertwhere organization = 'my_org' and state = 'open';select organization, state, dependency_package_ecosystem, dependency_package_namefrom github_organization_dependabot_alertwhere organization = 'my_org' and state = 'open';List open critical dependabot alerts
Determine the areas in which critical security threats are open in your organization's dependabot alerts. This query is useful for prioritizing security issues that need immediate attention.
select organization, state, dependency_package_ecosystem, dependency_package_namefrom github_organization_dependabot_alertwhere organization = 'my_org' and state = 'open' and security_advisory_severity = 'critical';select organization, state, dependency_package_ecosystem, dependency_package_namefrom github_organization_dependabot_alertwhere organization = 'my_org' and state = 'open' and security_advisory_severity = 'critical';Query examples
Schema for github_organization_dependabot_alert
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| alert_number | bigint | The security alert number. | |
| created_at | timestamp with time zone | The time that the alert was created. | |
| dependency_manifest_path | text | The unique manifestation path within the ecosystem. | |
| dependency_package_ecosystem | text | = | The package's language or package management ecosystem. |
| dependency_package_name | text | = | The unique package name within its ecosystem. |
| dependency_scope | text | = | The execution scope of the vulnerable dependency. |
| dismissed_at | timestamp with time zone | The time that the alert was dismissed. | |
| dismissed_comment | text | An optional comment associated with the alert's dismissal. | |
| dismissed_reason | text | The reason that the alert was dismissed. | |
| fixed_at | timestamp with time zone | The time that the alert was no longer detected and was considered fixed. | |
| html_url | text | The GitHub URL of the alert resource. | |
| organization | text | = | The login name of the organization. |
| security_advisory_cve_id | text | The unique CVE ID assigned to the advisory. | |
| security_advisory_cvss_score | double precision | The overall CVSS score of the advisory. | |
| security_advisory_cvss_vector_string | text | The full CVSS vector string for the advisory. | |
| security_advisory_cwes | jsonb | The associated CWEs | |
| security_advisory_description | text | A long-form Markdown-supported description of the advisory. | |
| security_advisory_ghsa_id | text | The unique GitHub Security Advisory ID assigned to the advisory. | |
| security_advisory_published_at | timestamp with time zone | The time that the advisory was published. | |
| security_advisory_severity | text | = | The severity of the advisory. |
| security_advisory_summary | text | A short, plain text summary of the advisory. | |
| security_advisory_updated_at | timestamp with time zone | The time that the advisory was last modified. | |
| security_advisory_withdrawn_at | timestamp with time zone | The time that the advisory was withdrawn. | |
| state | text | = | The state of the Dependabot alert. |
| updated_at | timestamp with time zone | The time that the alert was last updated. | |
| url | text | The REST API URL of the alert resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- githubYou can pass the configuration to the command with the --config argument:
steampipe_export_github --config '<your_config>' github_organization_dependabot_alert