Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Github Dependabot Alert Dismissed Rule #1310

Merged
merged 4 commits into from
Aug 5, 2024

Conversation

elimgh
Copy link
Contributor

@elimgh elimgh commented Jul 30, 2024

Background

Github dependabot alerts can be dismissed without being resolved. This means that critical security fixes can get lost leaving the application vulnerable. This will trigger an alert when a vulnerability is dismissed.

Changes

  • Added detection yaml and python file.

Testing

  • Unit tests in the detection yaml file.

@elimgh elimgh requested a review from a team as a code owner July 30, 2024 14:33
Copy link
Contributor

@arielkr256 arielkr256 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@elimgh this is a great detection, thank you for your submission! I added an additional test case and the standard github alert context, otherwise looks good.

@arielkr256 arielkr256 enabled auto-merge (squash) August 5, 2024 16:25
@arielkr256 arielkr256 merged commit e6afe40 into panther-labs:release Aug 5, 2024
5 of 6 checks passed
@arielkr256 arielkr256 added the enhancement New feature or request label Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants