cortexapps · lukbla · May 7, 2025 · May 5, 2025 · May 5, 2025 · greg-p-cortex
diff --git a/pom.xml b/pom.xml
@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.kohsuke</groupId>
   <artifactId>cortexapps-github-api</artifactId>
-  <version>1.326</version>
+  <version>1.327</version>
   <name>GitHub API for Java</name>
   <url>https://github-api.kohsuke.org/</url>
   <description>GitHub API for Java</description>

diff --git a/src/main/java/org/kohsuke/github/GHRepository.java b/src/main/java/org/kohsuke/github/GHRepository.java
@@ -3496,6 +3496,47 @@ public <T> void dispatch(String eventType, @Nullable T clientPayload) throws IOE
                 .send();
     }
 
+    /**
+     * Lists the secret scanning alerts for this repository
+     *
+     * @return the paged iterable
+     */
+    public PagedIterable<GHSecretScanningAlert> listSecretScanningAlerts() {
+        return listSecretScanningAlerts(Collections.emptyMap());
+    }
+
+    /**
+     * Lists the secret scanning alerts for this repository filtered on the alert state
+     *
+     * @param state
+     *            state of the alert
+     * @return the paged iterable
+     */
+    public PagedIterable<GHSecretScanningAlert> listSecretScanningAlerts(GHSecretScanningAlertState state) {
+        return listSecretScanningAlerts(Collections.singletonMap("state", state.name().toLowerCase()));
+    }
+
+    private PagedIterable<GHSecretScanningAlert> listSecretScanningAlerts(Map<String, Object> filters) {
+        return new GHSecretScanningAlertsIterable(this,
+                root().createRequest().withUrlPath(getApiTailUrl("secret-scanning/alerts")).with(filters).build());
+    }
+
+    /**
+     * Get secret scanning alert by number
+     *
+     * @param number
+     *            number of the secret scanning alert
+     * @return the secret scanning alert
+     * @throws IOException
+     *             the io exception
+     */
+    public GHSecretScanningAlert getSecretScanningAlert(long number) throws IOException {
+        return root().createRequest()
+                .withUrlPath(getApiTailUrl("secret-scanning/alerts"), String.valueOf(number))
+                .fetch(GHSecretScanningAlert.class)
+                .wrap(this);
+    }
+
     private <T> T downloadArchive(@Nonnull String type,
             @CheckForNull String ref,
             @Nonnull InputStreamFunction<T> streamFunction) throws IOException {

diff --git a/src/main/java/org/kohsuke/github/GHSecretScanningAlert.java b/src/main/java/org/kohsuke/github/GHSecretScanningAlert.java
@@ -0,0 +1,205 @@
+package org.kohsuke.github;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+/**
+ * Secret scanning alert for a repository
+ *
+ * <a href="https://docs.github.com/en/rest/secret-scanning/secret-scanning"></a>
+ */
+@SuppressFBWarnings(value = { "UUF_UNUSED_FIELD" }, justification = "JSON API")
+public class GHSecretScanningAlert extends GHObject {
+    @JsonIgnore
+    private GHRepository owner;
+    private long number;
+    private String html_url;
+    private String locations_url;
+    private GHSecretScanningAlertState state;
+    private String resolution;
+    private String resolved_at;
+    private GHUser resolved_by;
+    private String secret_type;
+    private String secret_type_display_name;
+    private String secret;
+
+    private Boolean push_protection_bypassed;
+    private GHUser push_protection_bypassed_by;
+    private String push_protection_bypassed_at;
+
+    private String created_at;
+    private String updated_at;
+
+    GHSecretScanningAlert wrap(GHRepository owner) {
+        this.owner = owner;
+        return this;
+    }
+
+    /**
+     * Id/number of the alert.
+     *
+     * @return the id/number
+     * @see #getId()
+     */
+    public long getNumber() {
+        return number;
+    }
+
+    /**
+     * Id/number of the alert.
+     *
+     * @return the id/number
+     * @see #getNumber()
+     */
+    @Override
+    public long getId() {
+        return getNumber();
+    }
+
+    @Override
+    public URL getHtmlUrl() throws IOException {
+        return GitHubClient.parseURL(html_url);
+    }
+
+    /**
+     * State of alert
+     *
+     * @return the state
+     */
+    public GHSecretScanningAlertState getState() {
+        return state;
+    }
+
+    /**
+     * Resolution of the alert. Can be 'false_positive', 'wont_fix', 'revoked', 'used_in_tests', or null.
+     *
+     * @return the resolution
+     */
+    public String getResolution() {
+        return resolution;
+    }
+
+    /**
+     * Time when alert was resolved. Non-null when {@link #getState()} is <i>Resolved</i>
+     *
+     * @return the time
+     */
+    public Date getResolvedAt() {
+        return GitHubClient.parseDate(resolved_at);
+    }
+
+    /**
+     * User that has resolved the alert. Non-null when {@link #getState()} is <i>Resolved</i>
+     *
+     * <p>
+     * Note: User object returned by secret scanning GitHub API does not contain all fields. Use with caution
+     * </p>
+     *
+     * @return the user
+     */
+    @SuppressFBWarnings(value = { "EI_EXPOSE_REP" }, justification = "Expected behavior")
+    public GHUser getResolvedBy() {
+        return resolved_by;
+    }
+
+    /**
+     * Type of secret that was detected
+     *
+     * @return the secret type
+     */
+    public String getSecretType() {
+        return secret_type;
+    }
+
+    /**
+     * Display name for tyype of secret that was detected
+     *
+     * @return the secret type display name
+     */
+    public String getSecretTypeDisplayName() {
+        return secret_type_display_name;
+    }
+
+    /**
+     * Secret value that was detected
+     *
+     * @return the secret value
+     */
+    public String getSecret() {
+        return secret;
+    }
+
+    /**
+     * Whether push protection was bypassed for this alert
+     *
+     * @return true if push protection was bypassed, false otherwise
+     */
+    public Boolean isPushProtectionBypassed() {
+        return push_protection_bypassed;
+    }
+
+    /**
+     * User that bypassed push protection. Non-null when {@link #isPushProtectionBypassed()} is true
+     *
+     * @return the user
+     */
+    @SuppressFBWarnings(value = { "EI_EXPOSE_REP" }, justification = "Expected behavior")
+    public GHUser getPushProtectionBypassedBy() {
+        return push_protection_bypassed_by;
+    }
+
+    /**
+     * Time when push protection was bypassed. Non-null when {@link #isPushProtectionBypassed()} is true
+     *
+     * @return the time
+     */
+    public Date getPushProtectionBypassedAt() {
+        return GitHubClient.parseDate(push_protection_bypassed_at);
+    }
+
+    /**
+     * Gets created at.
+     *
+     * @return the created at
+     */
+    public Date getCreatedAt() {
+        return GitHubClient.parseDate(created_at);
+    }
+
+    /**
+     * Gets updated at.
+     *
+     * @return the updated at
+     */
+    public Date getUpdatedAt() {
+        return GitHubClient.parseDate(updated_at);
+    }
+
+    /**
+     * Gets locations url.
+     *
+     * @return the locations url
+     */
+    public String getLocationsUrl() {
+        return locations_url;
+    }
+
+    /**
+     * Gets locations.
+     *
+     * @return the locations array
+     * @throws IOException
+     *             the io exception
+     */
+    public List<GHSecretScanningAlertLocation> getLocations() throws IOException {
+        return Arrays.asList(
+                root().createRequest().withUrlPath(getLocationsUrl()).fetch(GHSecretScanningAlertLocation[].class));
+    }
+
+}
diff --git a/src/main/java/org/kohsuke/github/GHSecretScanningAlertLocation.java b/src/main/java/org/kohsuke/github/GHSecretScanningAlertLocation.java
@@ -0,0 +1,39 @@
+package org.kohsuke.github;
+
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+
+/**
+ * Code scanning alert for a repository
+ *
+ * <a href="https://docs.github.com/en/rest/reference/code-scanning"></a>
+ */
+@SuppressFBWarnings(value = { "UWF_UNWRITTEN_FIELD" }, justification = "JSON API")
+public class GHSecretScanningAlertLocation {
+    private String type;
+    private GHSecretScanningAlertLocationDetails details;
+
+    /**
+     * Instantiates a new GH secret scanning alert location.
+     */
+    public GHSecretScanningAlertLocation() {
+    }
+
+    /**
+     * The type of location.
+     *
+     * @return the type
+     */
+    public String getType() {
+        return type;
+    }
+
+    /**
+     * The details of the location.
+     *
+     * @return the details
+     */
+    public GHSecretScanningAlertLocationDetails getDetails() {
+        return details;
+    }
+
+}
diff --git a/src/main/java/org/kohsuke/github/GHSecretScanningAlertLocationDetails.java b/src/main/java/org/kohsuke/github/GHSecretScanningAlertLocationDetails.java
@@ -0,0 +1,28 @@
+package org.kohsuke.github;
+
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+
+/**
+ * Code sc for a repository
+ *
+ * <a href="https://docs.github.com/en/rest/reference/code-scanning"></a>
+ */
+@SuppressFBWarnings(value = { "UWF_UNWRITTEN_FIELD" }, justification = "JSON API")
+public class GHSecretScanningAlertLocationDetails {
+    private String path;
+
+    /**
+     * Instantiates a new GH secret scanning alert location details.
+     */
+    public GHSecretScanningAlertLocationDetails() {
+    }
+
+    /**
+     * The path to the file containing the secret.
+     *
+     * @return the path
+     */
+    public String getPath() {
+        return path;
+    }
+}
diff --git a/src/main/java/org/kohsuke/github/GHSecretScanningAlertState.java b/src/main/java/org/kohsuke/github/GHSecretScanningAlertState.java
@@ -0,0 +1,15 @@
+package org.kohsuke.github;
+
+/**
+ * What is the current state of the Secret Scanning Alert
+ */
+public enum GHSecretScanningAlertState {
+    /**
+     * Alert is open and still an active issue.
+     */
+    OPEN,
+    /**
+     * Issue that has caused the alert has been addressed.
+     */
+    RESOLVED,
+}
diff --git a/src/main/java/org/kohsuke/github/GHSecretScanningAlertsIterable.java b/src/main/java/org/kohsuke/github/GHSecretScanningAlertsIterable.java
@@ -0,0 +1,45 @@
+package org.kohsuke.github;
+
+import java.util.Iterator;
+
+import javax.annotation.Nonnull;
+
+class GHSecretScanningAlertsIterable extends PagedIterable<GHSecretScanningAlert> {
+    private final GHRepository owner;
+    private final GitHubRequest request;
+    private GHSecretScanningAlert[] result;
+
+    GHSecretScanningAlertsIterable(GHRepository owner, GitHubRequest request) {
+        this.owner = owner;
+        this.request = request;
+    }
+
+    @Nonnull
+    @Override
+    public PagedIterator<GHSecretScanningAlert> _iterator(int pageSize) {
+        return new PagedIterator<>(
+                adapt(GitHubPageIterator
+                        .create(owner.root().getClient(), GHSecretScanningAlert[].class, request, pageSize)),
+                null);
+    }
+
+    protected Iterator<GHSecretScanningAlert[]> adapt(final Iterator<GHSecretScanningAlert[]> base) {
+        return new Iterator<GHSecretScanningAlert[]>() {
+            public boolean hasNext() {
+                return base.hasNext();
+            }
+
+            public GHSecretScanningAlert[] next() {
+                GHSecretScanningAlert[] v = base.next();
+                if (result == null) {
+                    result = v;
+                }
+
+                for (GHSecretScanningAlert alert : result) {
+                    alert.wrap(owner);
+                }
+                return result;
+            }
+        };
+    }
+}