private_vulnerability_reports
Creates, updates, deletes, gets or lists a private_vulnerability_reports resource.
Overview
| Name | private_vulnerability_reports |
| Type | Resource |
| Id | github.security_advisories.private_vulnerability_reports |
Fields
The following fields are returned by SELECT queries:
SELECT not supported for this resource, use SHOW METHODS to view available operations for the resource.
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
create_private_vulnerability_report | insert | owner, repo, summary, description | Report a security vulnerability to the maintainers of the repository. See "Privately reporting a security vulnerability" for more information about private vulnerability reporting. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
owner | string | The account owner of the repository. The name is not case sensitive. |
repo | string | The name of the repository without the .git extension. The name is not case sensitive. |
INSERT examples
- create_private_vulnerability_report
- Manifest
Report a security vulnerability to the maintainers of the repository.
See "Privately reporting a security vulnerability" for more information about private vulnerability reporting.
INSERT INTO github.security_advisories.private_vulnerability_reports (
summary,
description,
vulnerabilities,
cwe_ids,
severity,
cvss_vector_string,
start_private_fork,
owner,
repo
)
SELECT
'{{ summary }}' /* required */,
'{{ description }}' /* required */,
'{{ vulnerabilities }}',
'{{ cwe_ids }}',
'{{ severity }}',
'{{ cvss_vector_string }}',
{{ start_private_fork }},
'{{ owner }}',
'{{ repo }}'
RETURNING
cve_id,
ghsa_id,
author,
closed_at,
collaborating_teams,
collaborating_users,
created_at,
credits,
credits_detailed,
cvss,
cvss_severities,
cwe_ids,
cwes,
description,
html_url,
identifiers,
private_fork,
published_at,
publisher,
severity,
state,
submission,
summary,
updated_at,
url,
vulnerabilities,
withdrawn_at
;
# Description fields are for documentation purposes
- name: private_vulnerability_reports
props:
- name: owner
value: "{{ owner }}"
description: Required parameter for the private_vulnerability_reports resource.
- name: repo
value: "{{ repo }}"
description: Required parameter for the private_vulnerability_reports resource.
- name: summary
value: "{{ summary }}"
description: |
A short summary of the advisory.
- name: description
value: "{{ description }}"
description: |
A detailed description of what the advisory impacts.
- name: vulnerabilities
description: |
An array of products affected by the vulnerability detailed in a repository security advisory.
value:
- package:
ecosystem: "{{ ecosystem }}"
name: "{{ name }}"
vulnerable_version_range: "{{ vulnerable_version_range }}"
patched_versions: "{{ patched_versions }}"
vulnerable_functions: "{{ vulnerable_functions }}"
- name: cwe_ids
value:
- "{{ cwe_ids }}"
description: |
A list of Common Weakness Enumeration (CWE) IDs.
- name: severity
value: "{{ severity }}"
description: |
The severity of the advisory. You must choose between setting this field or `cvss_vector_string`.
valid_values: ['critical', 'high', 'medium', 'low']
- name: cvss_vector_string
value: "{{ cvss_vector_string }}"
description: |
The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or `severity`.
- name: start_private_fork
value: {{ start_private_fork }}
description: |
Whether to create a temporary private fork of the repository to collaborate on a fix.
default: false