Dependabot scripts

A collection of basic look up scripts to find all known vulnerabilities and any outstanding PRs from Dependabot.

Just replace '<<USERNAME>>' with your username, and gh needs to be installed and setup.

Listing all known security vulnerabilities

powershell

gh repo list '<<USERNAME>>' --no-archived --json nameWithOwner -q '.[].nameWithOwner' | ForEach-Object { echo "=== $_ ==="; gh api --paginate "/repos/$_/dependabot/alerts?state=open" --jq '.[] | {number, created_at, "severity": .security_vulnerability?.severity, "package": .security_vulnerability?.package?.name, "summary": .security_advisory?.summary, "url": .html_url}'; }

bash

gh repo list '<<USERNAME>>' --no-archived --json nameWithOwner -q '.[].nameWithOwner' | while read repo; do echo "=== $repo ==="; gh api --paginate "/repos/$repo/dependabot/alerts?state=open" --jq '.[] | {number, created_at, "severity": .security_vulnerability?.severity, "package": .security_vulnerability?.package?.name, "summary": .security_advisory?.summary, "url": .html_url}' || echo " (no access or none)" done

Listing all known dependabot pull requests

powershell

gh repo list '<<USERNAME>>' --no-archived --json nameWithOwner -q '.[].nameWithOwner' | ForEach-Object { gh pr list --repo "$_" --author 'dependabot[bot]' --state 'open' --json 'number,title,url' }

bash

gh repo list '<<USERNAME>>' --no-archived --json nameWithOwner -q '.[].nameWithOwner' | xargs -I % sh -c 'gh pr list --repo % --author dependabot[bot] --state open --json number,title,url || true'