Add Secret Scanning Alerts and Improve Code Scan Alerts#3307
Merged
EnricoMi merged 23 commits intoPyGithub:mainfrom Jan 6, 2026
Merged
Add Secret Scanning Alerts and Improve Code Scan Alerts#3307EnricoMi merged 23 commits intoPyGithub:mainfrom
EnricoMi merged 23 commits intoPyGithub:mainfrom
Conversation
c315c38 to
fc9e10d
Compare
matt-davis27
commented
Jun 24, 2025
github/Repository.py
Outdated
| self._score = self._makeFloatAttribute(attributes["score"]) | ||
| if "text_matches" in attributes: # pragma no branch | ||
| self._text_matches = self._makeDictAttribute(attributes["text_matches"]) | ||
| self._text_matches = self._makeDictAttribute(attributes["text_matches"]) No newline at end of file |
Contributor
Author
There was a problem hiding this comment.
Formatting change from space indent to tab indent
EnricoMi
requested changes
Aug 13, 2025
Collaborator
EnricoMi
left a comment
There was a problem hiding this comment.
Great work! Can you add tests please?
1ac76c0 to
ef193de
Compare
Contributor
Author
|
I messed up my fork copy doing too many force pushes... going to recommit the original changes and cleanup with the latest 2.7.0 merged. Sorry for all the confusion above! |
… Code Scan Alerts Also add new function for loading single Code Scan Alert in Repository.py
Collaborator
|
You can run the |
Collaborator
|
Please add the suggested schemas: |
Updated CodeScanAlertInstance.py and CodeScanRule.py to include latest attributes from OpenAPI schemas
Fixed assert statements in the get_secret_scanning_alerts function of the Repository.py file
Contributor
Author
|
Okay I added tests for Code Scanning Alerts and Secret Scanning Alerts at the Repository level. Do you want me to add tests for the Organization level as well (i.e. OrganizationCodeScanAlert.py)? If so, should I include them in the same tests files (as the other test case that I just added) or in separate files? I don't see any for the existing Dependabot Alerts at that level. |
Collaborator
|
Yes, please add tests on Org level as well. Please use |
EnricoMi
requested changes
Aug 27, 2025
Collaborator
EnricoMi
left a comment
There was a problem hiding this comment.
Great work. Minor changes requested.
| @@ -4314,17 +4316,496 @@ def get_secret_scanning_alerts( | |||
| :rtype: :class:`PaginatedList` of :class:`github.SecretScanAlert.SecretScanAlert` | |||
| """ | |||
| allowed_states = ["open", "resolved"] | |||
Collaborator
There was a problem hiding this comment.
I am not sold these allowed checks are useful. The Github API will tell us if a value is not supported. Mabye the response even tells us which values are allowed. Github API docs should be consulted in doubt. These will run out-of-date very quickly, especially allowed_secret_types.
Contributor
Author
There was a problem hiding this comment.
I agree, but in my limited testing if you enter a value that is not supported then the REST API still returns a 200, just no values are returned. For now should we just remove the assertion check?
Collaborator
There was a problem hiding this comment.
That is annoying. But yeah, users should read the Github docs to pick the right values.
…rganization.py Also added missing attribute dismissal_approved_by in CodeScanAlert.py
Add `security_and_analysis` argument in `edit()` function of Repository.py and update test cases
|
@EnricoMi -- checking in -- is this waiting on you for merging? pretty-please :) |
EnricoMi
reviewed
Jan 6, 2026
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3307 +/- ##
==========================================
+ Coverage 97.00% 97.04% +0.04%
==========================================
Files 172 176 +4
Lines 18934 19749 +815
==========================================
+ Hits 18366 19166 +800
- Misses 568 583 +15 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Technically, any `Attribute[T]` allows for `None`, so this is fine.
EnricoMi
approved these changes
Jan 6, 2026
Collaborator
EnricoMi
left a comment
There was a problem hiding this comment.
LGTM! Thanks for your work!
lettuce-bot bot
added a commit
to lettuce-financial/github-bot-signed-commit
that referenced
this pull request
Mar 24, 2026
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [PyGithub](https://redirect.github.com/pygithub/pygithub) | `==2.8.1` → `==2.9.0` |  |  | | [pygithub](https://redirect.github.com/pygithub/pygithub) | `==2.8.1` → `==2.9.0` |  |  | --- ### Release Notes <details> <summary>pygithub/pygithub (PyGithub)</summary> ### [`v2.9.0`](https://redirect.github.com/PyGithub/PyGithub/releases/tag/v2.9.0) [Compare Source](https://redirect.github.com/pygithub/pygithub/compare/v2.8.1...v2.9.0) ##### Notable changes ##### Lazy PyGithub objects The notion of lazy objects has been added to some PyGithub classes in version 2.6.0. This release now makes all `CompletableGithubObject`s optionally lazy (if useful). See [PyGithub/PyGithub#3403](https://redirect.github.com/PyGithub/PyGithub/pull/3403) for a complete list. In lazy mode, getting a PyGithub object does not send a request to the GitHub API. Only accessing methods and properties sends the necessary requests to the GitHub API: ```python # Use lazy mode g = Github(auth=auth, lazy=True) # these method calls do not send requests to the GitHub API user = g.get_user("PyGithub") # get the user repo = user.get_repo("PyGithub") # get the user's repo pull = repo.get_pull(3403) # get a known pull request issue = pull.as_issue() # turn the pull request into an issue # these method and property calls send requests to Github API issue.create_reaction("rocket") # create a reaction created = repo.created_at # get property of lazy object repo # once a lazy object has been fetched, all properties are available (no more requests) licence = repo.license ``` All PyGithub classes that implement `CompletableGithubObject` support lazy mode (if useful). This is only useful for classes that have methods creating, changing, or getting objects. By default, PyGithub objects are not lazy. ##### PyGithub objects with a paginated property The GitHub API has the "feature" of paginated properties. Some objects returned by the API have a property that allows for pagination. Fetching subsequent pages of that property means fetching the entire object (with all other properties) and the specified page of the paginated property. Iterating over the paginated property means fetching all other properties multiple times. Fortunately, the allowed size of each page (`per_page` is usually 300, in contrast to the "usual" `per_page` maximum of 100). Objects with paginated properties: - Commit.files - Comparison.commits - EnterpriseConsumedLicenses.users This PR makes iterating those paginated properties use the configured `per_page` setting. It further allows to specify an individual `per_page` when either retrieving such objects, or fetching paginated properties. See [Classes with paginated properties](https://pygithub.readthedocs.io/en/stable/utilities.html#utilities-classes-with-paginated-properties) for details. ##### Drop Python 3.8 support due to End-of-Life Python 3.8 reached its end-of-life September 6, 2024. Support has been removed with this release. ##### Deprecations - Method `delete` of `Reaction` is deprecated, use `IssueComment.delete_reaction`, `PullRequestComment.delete_reaction`, `CommitComment.delete_reaction` or `Issue.delete_reaction` instead. - Method `Issue.assignee` and parameter `Issue.edit(assignee=…)` are deprecated, use `Issue.assignees` and `Issue.edit(assignees=…)` instead. - Method `Organization.edit_hook` is deprecated, use `Organization.get_hook(id).edit(…)` instead. If you need to avoid `Organization.get_hook(id)` to fetch the `Hook` object from Github API, use a lazy Github instance: ```python Github(…, lazy=True).get_organization(…).get_hook(id).edit(…) ``` - Methods `Team.add_to_members` and `Team.remove_from_members` are deprecated, use `Team.add_membership` or `Team.remove_membership` instead. ##### New Features - Consider per-page settings when iterating paginated properties by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3377](https://redirect.github.com/PyGithub/PyGithub/pull/3377) - Add Secret Scanning Alerts and Improve Code Scan Alerts by [@​matt-davis27](https://redirect.github.com/matt-davis27) in [PyGithub/PyGithub#3307](https://redirect.github.com/PyGithub/PyGithub/pull/3307) ##### Improvements - More lazy objects by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3403](https://redirect.github.com/PyGithub/PyGithub/pull/3403) - Allow for enterprise base url prefixed with `api.` by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3419](https://redirect.github.com/PyGithub/PyGithub/pull/3419) - Add `throw` option to `Workflow.create_dispatch` to raise exceptions by [@​dblanchette](https://redirect.github.com/dblanchette) in [PyGithub/PyGithub#2966](https://redirect.github.com/PyGithub/PyGithub/pull/2966) - Use `GET` url or `_links.self` as object url by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3421](https://redirect.github.com/PyGithub/PyGithub/pull/3421) - Add support for `type` parameter to get\_issues by [@​nrysk](https://redirect.github.com/nrysk) in [PyGithub/PyGithub#3381](https://redirect.github.com/PyGithub/PyGithub/pull/3381) - Align implemented paths with OpenAPI spec by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3413](https://redirect.github.com/PyGithub/PyGithub/pull/3413) - Add suggested OpenAPI schemas by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3411](https://redirect.github.com/PyGithub/PyGithub/pull/3411) - Apply OpenAPI schemas by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3412](https://redirect.github.com/PyGithub/PyGithub/pull/3412) ##### Bug Fixes - Fix `PaginatedList.totalCount` returning 0 with GitHub deprecation notices by [@​odedperezcodes](https://redirect.github.com/odedperezcodes) in [PyGithub/PyGithub#3382](https://redirect.github.com/PyGithub/PyGithub/pull/3382) - Use default type if known type is not supported by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3365](https://redirect.github.com/PyGithub/PyGithub/pull/3365) ##### Maintenance - Deprecate `Reaction.delete` by [@​iarspider](https://redirect.github.com/iarspider) in [PyGithub/PyGithub#3435](https://redirect.github.com/PyGithub/PyGithub/pull/3435) - Deprecate `Issue.assignee` by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3366](https://redirect.github.com/PyGithub/PyGithub/pull/3366) - Deprecate `Orginization.edit_hook` by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3404](https://redirect.github.com/PyGithub/PyGithub/pull/3404) - Deprecate `Team.add_to_members` and `Team.remove_from_members` by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3368](https://redirect.github.com/PyGithub/PyGithub/pull/3368) - Various minor OpenAPI fixes by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3375](https://redirect.github.com/PyGithub/PyGithub/pull/3375) - Update test key pair by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3453](https://redirect.github.com/PyGithub/PyGithub/pull/3453) - Pin CI lint Python version to 3.13 by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3406](https://redirect.github.com/PyGithub/PyGithub/pull/3406) - Improve error message on replay data mismatch by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3385](https://redirect.github.com/PyGithub/PyGithub/pull/3385) and [PyGithub/PyGithub#3386](https://redirect.github.com/PyGithub/PyGithub/pull/3386) - Disable sleeps in tests by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3383](https://redirect.github.com/PyGithub/PyGithub/pull/3383) - Update autodoc defaults by [@​Aidan-McNay](https://redirect.github.com/Aidan-McNay) in [PyGithub/PyGithub#3369](https://redirect.github.com/PyGithub/PyGithub/pull/3369) - Add Python 3.14 to CI and tox by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3429](https://redirect.github.com/PyGithub/PyGithub/pull/3429) - Restrict PyPi release workflow permissions by [@​JLLeitschuh](https://redirect.github.com/JLLeitschuh) in [PyGithub/PyGithub#3418](https://redirect.github.com/PyGithub/PyGithub/pull/3418) - Fix OpenApi workflow by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3389](https://redirect.github.com/PyGithub/PyGithub/pull/3389) - Bump codecov/codecov-action from 3 to 5 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [PyGithub/PyGithub#3284](https://redirect.github.com/PyGithub/PyGithub/pull/3284) - Bump actions/setup-python from 5 to 6 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [PyGithub/PyGithub#3370](https://redirect.github.com/PyGithub/PyGithub/pull/3370) - Bump dawidd6/action-download-artifact from 3.0.0 to 3.1.4 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [PyGithub/PyGithub#3282](https://redirect.github.com/PyGithub/PyGithub/pull/3282) - Bump github/codeql-action from 3 to 4 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [PyGithub/PyGithub#3391](https://redirect.github.com/PyGithub/PyGithub/pull/3391) - Bump actions/upload-artifact from 4 to 5 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [PyGithub/PyGithub#3394](https://redirect.github.com/PyGithub/PyGithub/pull/3394) - Bump actions/download-artifact from 5 to 6 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [PyGithub/PyGithub#3393](https://redirect.github.com/PyGithub/PyGithub/pull/3393) - Drop Python 3.8 support due to EOL by [@​hugovk](https://redirect.github.com/hugovk) in [PyGithub/PyGithub#3191](https://redirect.github.com/PyGithub/PyGithub/pull/3191) - Merge changelog updates from v2.8 release branch by [@​EnricoMi](https://redirect.github.com/EnricoMi) in [PyGithub/PyGithub#3367](https://redirect.github.com/PyGithub/PyGithub/pull/3367) #### New Contributors - [@​odedperezcodes](https://redirect.github.com/odedperezcodes) made their first contribution in [PyGithub/PyGithub#3382](https://redirect.github.com/PyGithub/PyGithub/pull/3382) - [@​Aidan-McNay](https://redirect.github.com/Aidan-McNay) made their first contribution in [PyGithub/PyGithub#3369](https://redirect.github.com/PyGithub/PyGithub/pull/3369) - [@​nrysk](https://redirect.github.com/nrysk) made their first contribution in [PyGithub/PyGithub#3381](https://redirect.github.com/PyGithub/PyGithub/pull/3381) - [@​matt-davis27](https://redirect.github.com/matt-davis27) made their first contribution in [PyGithub/PyGithub#3307](https://redirect.github.com/PyGithub/PyGithub/pull/3307) **Full Changelog**: <PyGithub/PyGithub@v2.8.0...v2.9.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/lettuce-financial/github-bot-signed-commit). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Copilot AI
pushed a commit
that referenced
this pull request
Mar 26, 2026
Fixes #2070 by adding the `security_and_analysis` _query parameters_ argument to [PATCH Repository](https://docs.github.com/en/rest/repos/repos#update-a-repository), which will allow programmatic enable/disable functionality for Secret Scanning, Code Scanning, and Dependabot Alerts. Adds functionality to [GET Secret Scanning Alerts](https://docs.github.com/en/rest/secret-scanning/secret-scanning) at the Organization and Repository levels. Also, updates _query parameters_ arguments for [GET Code Scan Alerts](https://docs.github.com/en/rest/code-scanning/code-scanning) and adds a new function at the Organization level to retrieve these alerts. Key Changes: - Adds `security_and_analysis` query parameter to the `edit()` function in **Repository.py** - Adds new functions `get_secret_scanning_alerts()` and `get_codescan_alerts()` in **Organization.py** - Adds new functions `get_secret_scanning_alerts()`, `get_secret_scanning_alert()`, and `get_codescan_alert()` in **Repository.py** - Updated function `get_codescan_alerts()` in **Repository.py** to include query parameters - Created new class objects `SecretScanAlert`, `SecretScanAlertInstance`, `OrganizationSecretScanAlert`, and `OrganizationCodeScanAlert` to support the above functions - Created tests `CodeScanAlert`, `SecretScanAlert`, `OrganizationCodeScanAlert`, `OrganizationSecretScanAlert`, `OrganizationDependabotAlert` to support the above functions - Updated tests `Repository` for the newest query parameter --------- Co-authored-by: matt-davis27 <github-action-matt-davis27@users.noreply.github.com> Co-authored-by: Enrico Minack <github@enrico.minack.dev> Co-authored-by: EnricoMi <44700269+EnricoMi@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #2070 by adding the
security_and_analysisquery parameters argument to PATCH Repository, which will allow programmatic enable/disable functionality for Secret Scanning, Code Scanning, and Dependabot Alerts.Adds functionality to GET Secret Scanning Alerts at the Organization and Repository levels.
Also, updates query parameters arguments for GET Code Scan Alerts and adds a new function at the Organization level to retrieve these alerts.
Key Changes:
security_and_analysisquery parameter to theedit()function in Repository.pyget_secret_scanning_alerts()andget_codescan_alerts()in Organization.pyget_secret_scanning_alerts(),get_secret_scanning_alert(), andget_codescan_alert()in Repository.pyget_codescan_alerts()in Repository.py to include query parametersSecretScanAlert,SecretScanAlertInstance,OrganizationSecretScanAlert, andOrganizationCodeScanAlertto support the above functionsCodeScanAlert,SecretScanAlert,OrganizationCodeScanAlert,OrganizationSecretScanAlert,OrganizationDependabotAlertto support the above functionsRepositoryfor the newest query parameter