-
Notifications
You must be signed in to change notification settings - Fork 6
32 lines (28 loc) · 1.37 KB
/
Security-Notification.yml
File metadata and controls
32 lines (28 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
name: Security Vulnerability Slack Notification
# This workflow runs whenever a Dependabot alert is created or reopened.
on:
dependabot_alert:
types: [created, reopened]
jobs:
notify_slack_on_alert:
runs-on: ubuntu-latest
steps:
- name: Send Slack Notification via Direct Curl Payload
run: |
MESSAGE_TEXT="*🚨 Dependabot Alert: ${{ github.event.action }} 🚨*\n\n*Vulnerability:* ${{ github.event.alert.security_vulnerability.package.ecosystem }} package *${{ github.event.alert.security_vulnerability.package.name }}*\n*Severity:* ${{ github.event.alert.security_vulnerability.severity }}\n*Repository:* ${{ github.repository }}\n\n*View Details:* ${{ github.event.alert.html_url }}"
SLACK_PAYLOAD=$(jq -n \
--arg text "${MESSAGE_TEXT}" \
'{
"channel": "#docs-devdocs-notifications",
"username": "Dependabot Notifier",
"icon_emoji": ":lock:",
"text": $text
}')
# 3. Send the request directly to the webhook URL stored as a secret
curl -X POST \
-H 'Content-type: application/json' \
--data "$SLACK_PAYLOAD" \
${{ secrets.SLACK_WEBHOOK }}
env:
# jq is pre-installed on GitHub runners and is used to safely build the JSON payload.
JQ_VERSION: 1.6