Add security-advisory and code-scanning-alert event types

github/code-scanning.go

@@ -67,22 +67,26 @@ type Tool struct {
 //
 // GitHub API docs: https://docs.github.com/en/rest/reference/code-scanning#list-code-scanning-alerts-for-a-repository
 type Alert struct {
-	RuleID             *string             `json:"rule_id,omitempty"`
-	RuleSeverity       *string             `json:"rule_severity,omitempty"`
-	RuleDescription    *string             `json:"rule_description,omitempty"`
-	Rule               *Rule               `json:"rule,omitempty"`
-	Tool               *Tool               `json:"tool,omitempty"`
-	CreatedAt          *Timestamp          `json:"created_at,omitempty"`
-	State              *string             `json:"state,omitempty"`
-	ClosedBy           *User               `json:"closed_by,omitempty"`
-	ClosedAt           *Timestamp          `json:"closed_at,omitempty"`
-	URL                *string             `json:"url,omitempty"`
-	HTMLURL            *string             `json:"html_url,omitempty"`
-	MostRecentInstance *MostRecentInstance `json:"most_recent_instance,omitempty"`
-	DismissedBy        *User               `json:"dismissed_by,omitempty"`
-	DismissedAt        *Timestamp          `json:"dismissed_at,omitempty"`
-	DismissedReason    *string             `json:"dismissed_reason,omitempty"`
-	InstancesURL       *string             `json:"instances_url,omitempty"`
+	Number             *int                  `json:"number,omitempty"`
+	RuleID             *string               `json:"rule_id,omitempty"`
+	RuleSeverity       *string               `json:"rule_severity,omitempty"`
+	RuleDescription    *string               `json:"rule_description,omitempty"`
+	Rule               *Rule                 `json:"rule,omitempty"`
+	Tool               *Tool                 `json:"tool,omitempty"`
+	CreatedAt          *Timestamp            `json:"created_at,omitempty"`
+	UpdatedAt          *Timestamp            `json:"updated_at,omitempty"`
+	FixedAt            *Timestamp            `json:"fixed_at,omitempty"`
+	State              *string               `json:"state,omitempty"`
+	ClosedBy           *User                 `json:"closed_by,omitempty"`
+	ClosedAt           *Timestamp            `json:"closed_at,omitempty"`
+	URL                *string               `json:"url,omitempty"`
+	HTMLURL            *string               `json:"html_url,omitempty"`
+	MostRecentInstance *MostRecentInstance   `json:"most_recent_instance,omitempty"`
+	Instances          []*MostRecentInstance `json:"instances,omitempty"`
+	DismissedBy        *User                 `json:"dismissed_by,omitempty"`
+	DismissedAt        *Timestamp            `json:"dismissed_at,omitempty"`
+	DismissedReason    *string               `json:"dismissed_reason,omitempty"`
+	InstancesURL       *string               `json:"instances_url,omitempty"`
 }
 
 // ID returns the ID associated with an alert. It is the number at the end of the security alert's URL.

github/event_types.go

@@ -1248,3 +1248,63 @@ type WorkflowRunEvent struct {
 	Sender       *User         `json:"sender,omitempty"`
 	Installation *Installation `json:"installation,omitempty"`
 }
+
+type SecurityAdvisory struct {
+	GhsaID          *string                  `json:"ghsa_id,omitempty"`
+	Summary         *string                  `json:"summary,omitempty"`
+	Description     *string                  `json:"description,omitempty"`
+	Severity        *string                  `json:"severity,omitempty"`
+	Identifiers     []*AdvisoryIdentifier    `json:"identifiers,omitempty"`
+	ReferenceURLs   []*AdvisoryReferenceURL  `json:"references,omitempty"`
+	PublishedAt     *Timestamp               `json:"published_at,omitempty"`
+	UpdatedAt       *Timestamp               `json:"updated_at,omitempty"`
+	WithdrawnAt     *Timestamp               `json:"withdrawn_at,omitempty"`
+	Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"`
+}
+
+type AdvisoryIdentifier struct {
+	Value *string `json:"value,omitempty"`
+	Type  *string `json:"type,omitempty"`
+}
+
+type AdvisoryReferenceURL struct {
+	URL *string `json:"url,omitempty"`
+}
+
+type AdvisoryVulnerability struct {
+	Package                *VulnerabilityPackage `json:"package,omitempty"`
+	Severity               *string               `json:"severity,omitempty"`
+	VulnerableVersionRange *string               `json:"vulnerable_version_range,omitempty"`
+	FirstPatchedVersion    *FirstPatchedVersion  `json:"first_patched_version,omitempty"`
+}
+
+type VulnerabilityPackage struct {
+	Ecosystem *string `json:"ecosystem,omitempty"`
+	Name      *string `json:"name,omitempty"`
+}
+
+type FirstPatchedVersion struct {
+	Identifier *string `json:"identifier,omitempty"`
+}
+
+// SecurityAdvisoryEvent is triggered when a security-related vulnerabilities is found in software on GitHub.
+//
+// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory
+type SecurityAdvisoryEvent struct {
+	Action   *string           `json:"action,omitempty"`
+	Advisory *SecurityAdvisory `json:"security_advisory,omitempty"`
+}
+
+// CodeScanningAlertEvent is triggered when a code scanning finds a potential vulnerability or error in your code.
+//
+// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert
+type CodeScanningAlertEvent struct {
+	Action *string `json:"action,omitempty"`
+	Alert  *Alert  `json:"alert,omitempty"`
+	Ref    *string `json:"ref,omitempty"`
+	// CommitOID is the commit SHA of the code scanning alert
+	CommitOID *string       `json:"commit_oid,omitempty"`
+	Repo      *Repository   `json:"repository,omitempty"`
+	Org       *Organization `json:"organization,omitempty"`
+	Sender    *User         `json:"sender,omitempty"`
+}