Uploaded image for project: 'Other'
  1. Other
  2. OTHER-421

Track dependabot auto-dismissing security alerts in SEC tickets

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Won't Do
    • Icon: Normal Normal
    • Jira
    • None

      SEC tickets are automatically opened/closed when security alerts are emitted by GitHub/dismissed by a maintainer in GitHub. However it seems that GitHub doesn't emit the same type of event when a security alert is auto-dismissed by dependabot itself. Currently maintainers are required to close the SEC tickets manually when this happens. Those other events should be handled too by a Jira automation rule to close the SEC tickets accordingly.

          [OTHER-421] Track dependabot auto-dismissing security alerts in SEC tickets

          yvanzo added a comment -

          Actually the dependabot alerts sent by GitHub do not contain the IDs for the corresponding vulnerability alerts they address. So there is no way to automatically close the corresponding SEC ticket. At least I’m now receiving email notifications for dependabot alerts, so I can manually close the corresponding SEC tickets if any.

          yvanzo added a comment - Actually the dependabot alerts sent by GitHub do not contain the IDs for the corresponding vulnerability alerts they address. So there is no way to automatically close the corresponding SEC ticket. At least I’m now receiving email notifications for dependabot alerts, so I can manually close the corresponding SEC tickets if any.

            yvanzo yvanzo
            yvanzo yvanzo
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Version Package