feat: Allow to ignore specific dependencies

.github/workflows/ci.yml

@@ -34,6 +34,7 @@ jobs:
           # slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
           # severity: low,medium
           # ecosystem: npm,rubygems
+          # ignore_packages: foo#CVE-2021-21291,foo#CVE-2021-21292,bar
           # count: 20
           # pager_duty_integration_key: ${{ secrets.PAGER_DUTY_INTEGRATION_KEY }}
           # zenduty_api_key: ${{ secrets.ZENDUTY_API_KEY }}

action.yml

@@ -43,6 +43,8 @@ inputs:
     description: 'Comma separated list of severities. E.g. low,medium,high,critical (NO SPACES BETWEEN COMMA AND SEVERITY)'
   ecosystem:
     description: 'A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.'
+  ignore_packages:
+    description: 'A comma-separated list of package names with CVEs name (optional). If specified without CVE, alerts for this package will be ignored. If specified with CVE, only specified CVE for package will be ignored. E.g. foo#CVE-2021-21291,foo#CVE-2021-21292,bar'
 branding:
   icon: 'alert-octagon'
   color: 'red'

src/alerts/enterprise.ts

@@ -0,0 +1,34 @@
+import { Octokit } from '@octokit/rest'
+
+import { Alert, toEnterpriseAlert, PackageCveMap } from '../entities'
+
+import { filterPackages } from './filters'
+
+export const fetchEnterpriseAlerts = async (
+  gitHubPersonalAccessToken: string,
+  enterprise: string,
+  severity: string,
+  ecosystem: string,
+  ignorePackages: PackageCveMap,
+  count: number,
+): Promise<Alert[] | []> => {
+  const octokit = new Octokit({
+    auth: gitHubPersonalAccessToken,
+    request: {
+      fetch,
+    },
+  })
+  const response = await octokit.dependabot.listAlertsForEnterprise({
+    enterprise,
+    state: 'open',
+    severity,
+    ecosystem: ecosystem.length > 0 ? ecosystem : undefined,
+    per_page: count,
+  })
+
+  return response.data
+    .filter((dependabotAlert) =>
+      filterPackages(dependabotAlert, ignorePackages),
+    )
+    .map(toEnterpriseAlert)
+}