@shinyaz

Check Dependabot alert details from the terminal with gh CLI

1 min read
#github#cli#security

Got a Dependabot vulnerability warning on git push and wanted to check the details without opening a browser.

gh api can fetch Dependabot alert info directly:

Terminal
gh api /repos/{owner}/{repo}/dependabot/alerts/19 \
  --jq '{severity: .security_advisory.severity, package: .security_vulnerability.package.name, summary: .security_advisory.summary, fixed_in: .security_vulnerability.first_patched_version.identifier}'
Output
{
  "severity": "high",
  "package": "flatted",
  "summary": "Prototype Pollution via parse() in NodeJS flatted",
  "fixed_in": "3.4.2"
}

Package name, severity, and fix version in one shot. The --jq filter makes it easy to integrate into CI scripts too.

Share this post

Shinya Tahara

Shinya Tahara

Solutions Architect @ AWS

I'm a Solutions Architect at AWS, providing technical guidance primarily to financial industry customers. I share learnings about cloud architecture and AI/ML on this site.The views and opinions expressed on this site are my own and do not represent the official positions of my employer.

Read more