From 1c04f14a25db5b20b88b623498411b8b3fd92e93 Mon Sep 17 00:00:00 2001 From: felickz <1760475+felickz@users.noreply.github.com> Date: Fri, 5 Jul 2024 13:30:15 -0400 Subject: [PATCH] Handle scenario where dependabot alert exists with no CVE --- action.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/action.ps1 b/action.ps1 index 8d6df8d..53869fb 100644 --- a/action.ps1 +++ b/action.ps1 @@ -9,7 +9,7 @@ Requirements: # PS>Write-Host "initializing local run! Ensure you provide a valid GITHUB_TOKEN otherwise you will get a 401!!! " # $VerbosePreference = 'SilentlyContinue' # $env:GITHUB_TOKEN = gh auth token -# $env:GITHUB_REPOSITORY = 'vulna-felickz/log4shell-vulnerable-app' +# $env:GITHUB_REPOSITORY = 'vulna-felickz/python-dependabot-no-cve' # CLEAR GLOBAL VARIABLES! # Remove-Variable * -ErrorAction SilentlyContinue; # PS> action.ps1 @@ -104,11 +104,11 @@ $RepositoryName = $actionRepo.Repo #https://docs.github.com/en/rest/dependabot/alerts?apiVersion=2022-11-28#list-dependabot-alerts-for-a-repository $perPage = 100 $Dependabot_Alerts = Invoke-GHRestMethod -Method GET -Uri "https://api.github.com/repos/$OrganizationName/$RepositoryName/dependabot/alerts?state=open&per_page=$perPage" -ExtendedResult $true -$Dependabot_Alerts_CVEs = $Dependabot_Alerts.result | % { $_.security_advisory.cve_id } +$Dependabot_Alerts_CVEs = $Dependabot_Alerts.result | Where-Object { $_.security_advisory.cve_id -ne $null } | ForEach-Object { $_.security_advisory.cve_id } #Get next page of dependabot alerts if there is one while ($null -ne $Dependabot_Alerts.nextLink) { $Dependabot_Alerts = Invoke-GHRestMethod -Method GET -Uri $Dependabot_Alerts.nextLink -ExtendedResult $true - $Dependabot_Alerts_CVEs += $Dependabot_Alerts.result | % { $_.security_advisory.cve_id } + $Dependabot_Alerts_CVEs += $Dependabot_Alerts.result | Where-Object { $_.security_advisory.cve_id -ne $null } | ForEach-Object { $_.security_advisory.cve_id } } Write-ActionInfo "$OrganizationName/$RepositoryName Dependabot CVEs Count: $($Dependabot_Alerts_CVEs.Count)"