Detection: Repository Vulnerability Alert Dismissed
Overview
Detect when a repository vulnerability alert was dismissed. Dismissing a vulnerability alert may result in ignoring critical security risks that could expose the repository to exploitation. Monitoring these events ensures that security vulnerabilities are properly reviewed and mitigated in compliance with security best practices.
References:
Usage
Run the detection in your terminal:
powerpipe detection run github_audit_log_detections.detection.repository_vulnerability_alert_dismissedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe detection run github_audit_log_detections.detection.repository_vulnerability_alert_dismissed --shareSQL
This detection uses a named query:
select tp_timestamp as timestamp,action as operation,concat('https://github.com/', repo, '/security/dependabot/', additional_fields ->> 'alert_number') as resource,actor,tp_source_ip as source_ip,tp_index as organization,split_part(repo, '/', 2) as repository,tp_id as source_id,*exclude (actor, timestamp)
from github_audit_logwhere action = 'repository_vulnerability_alert.dismiss'order by tp_timestamp desc;