-
Notifications
You must be signed in to change notification settings - Fork 600
49 lines (42 loc) · 1.34 KB
/
_security-alerts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
name: Send dependabot new vulnerability alerts
on:
schedule:
- cron: '0 2 * * *'
workflow_dispatch:
jobs:
fetch:
runs-on: ubuntu-latest
name: Fetch analysis
outputs:
alerts: ${{ steps.fetch.outputs.ALERTS }}
steps:
- id: fetch
name: Get Latest Analysis info
run: |
RESPONSE=$(curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.TOKEN }}" \
https://api.github.com/repos/${{ github.repository }}/dependabot/alerts?state=open)
echo 'ALERTS<<EOF' >> $GITHUB_OUTPUT
echo $RESPONSE >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
notify:
runs-on: ubuntu-latest
name: Send notifications
needs: [ fetch ]
steps:
- uses: dawidd6/action-download-artifact@v2
with:
name: dependabot_alerts.json
if_no_artifact_found: warn
- name: Teams Notification
uses: DevExpress/github-actions/send-teams-notification@main
with:
hook_url: ${{ secrets.TEAMS_SECURITY_ALERTS }}
alerts: ${{ needs.fetch.outputs.alerts }}
alert_type: Dependabot
alerts_cache_file: dependabot_alerts.json
- uses: actions/upload-artifact@v3
with:
name: dependabot_alerts.json
path: dependabot_alerts.json