Issues with collecting Dependabot alerts using GitHub integration

bil15 · November 2, 2023, 10:08am

Hello!
I'm trying to ingest Dependabot alerts from a GitHub organization to Elastic but I'm encountering some issues.
The most interesting part is that I use the same PAT and input parameters (organization, tag set, etc) for Code Scanning and Secret Scanning inputs and they work just fine. I understand that those two use regular GitHub API instead of GraphQL, but, AFAIK, they require the same permissions.
Every time agent tries to collect Dependabot alerts I see the same only error:

Has anyone encountered the same issue? Any ideas on how to troubleshoot it?

kcreddy · November 2, 2023, 11:42am

Hey, the permissions would be same as Secret Scanning.
May I know what version of the integration are you using?
To analyse the problem further, can you select Enable request tracing inside Github integration configuration page and share few request/response logs?

bil15 · November 2, 2023, 12:10pm

I use v 1.25.0
Cloud you tell me where I can find tracing results after enabling it?

kcreddy · November 2, 2023, 12:23pm

It should be inside your agent logs folder.
Trace files will be created with this pattern logs/httpjson/http-request-trace-*.ndjson

kcreddy · November 2, 2023, 12:24pm

If you are using fleet, you can collect diagnostics bundle, which should also include traces.

bil15 · November 2, 2023, 12:49pm

Looks like it's permissions issue...

{\"type\":\"INSUFFICIENT_SCOPES\",\"locations\":[{\"line\":1,\"column\":198}],\"message\":\"Your token has not been granted the required scopes to execute this query. The 'title' field requires one of the following scopes: ['public_repo'], but your token has only been granted the: ['admin:org', 'security_events'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.\"}

Will add public_repo scope and try again
In the meantime, thank for showing this request tracing feature, it is really useful in cases like this.

bil15 · November 2, 2023, 2:10pm

After add the scope nothing changes, I still do not see any data
I suspect it might be because it has already picked up the cursor and collects only the latest data, but the last Dependabot alert was generated more than 24 hours ago
In any case, here is the latest results from the request tracing file:

{"log.level":"debug","@timestamp":"2023-11-02T13:36:04.276Z","message":"HTTP request","transaction.id":"DVEH2T69Q69HE-36","url.original":"https://api.github.com/graphql","url.scheme":"https","url.path":"/graphql","url.domain":"api.github.com","url.port":"","url.query":"","http.request.method":"POST","user_agent.original":"Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)","http.request.body.content":"{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOJ9erVg==\\\"}\"}","http.request.body.bytes":1112,"http.request.mime_type":"application/json","event.original":"POST /graphql HTTP/1.1\r\nHost: api.github.com\r\nUser-Agent: Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)\r\nContent-Length: 1112\r\nAccept: application/json\r\nAuthorization: bearer maskedtoken\r\nContent-Type: application/json\r\nAccept-Encoding: gzip\r\n\r\n{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOJ9erVg==\\\"}\"}","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2023-11-02T13:36:04.834Z","message":"HTTP response","transaction.id":"DVEH2T69Q69HE-36","http.response.status_code":200,"http.response.body.content":"{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}],\"pageInfo\":{\"hasNextPage\":true,\"endCursor\":\"Y3Vyc29yOnYyOpHOKJlrAA==\"}}}}}","http.response.body.bytes":995,"http.response.mime_type":"application/json; charset=utf-8","event.original":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset\r\nContent-Security-Policy: default-src 'none'\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 02 Nov 2023 13:36:04 GMT\r\nGithub-Authentication-Token-Expiration: 2023-12-02 14:32:47 UTC\r\nReferrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin\r\nServer: GitHub.com\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nVary: Accept-Encoding, Accept, X-Requested-With\r\nX-Accepted-Oauth-Scopes: repo\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-Github-Media-Type: github.v4\r\nX-Github-Request-Id: 755D:4157:C257D4A:18EA3B04:6543A5C4\r\nX-Oauth-Scopes: public_repo, read:audit_log, security_events\r\nX-Ratelimit-Limit: 5000\r\nX-Ratelimit-Remaining: 4600\r\nX-Ratelimit-Reset: 1698933610\r\nX-Ratelimit-Resource: graphql\r\nX-Ratelimit-Used: 400\r\nX-Xss-Protection: 0\r\n\r\n3e3\r\n{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}],\"pageInfo\":{\"hasNextPage\":true,\"endCursor\":\"Y3Vyc29yOnYyOpHOKJlrAA==\"}}}}}\r\n0\r\n\r\n","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2023-11-02T13:36:04.835Z","message":"HTTP request","transaction.id":"DVEH2T69Q69HE-37","url.original":"https://api.github.com/graphql","url.scheme":"https","url.path":"/graphql","url.domain":"api.github.com","url.port":"","url.query":"","http.request.method":"POST","user_agent.original":"Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)","http.request.body.content":"{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOKJlrAA==\\\"}\"}","http.request.body.bytes":1112,"http.request.mime_type":"application/json","event.original":"POST /graphql HTTP/1.1\r\nHost: api.github.com\r\nUser-Agent: Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)\r\nContent-Length: 1112\r\nAccept: application/json\r\nAuthorization: bearer maskedtoken\r\nContent-Type: application/json\r\nAccept-Encoding: gzip\r\n\r\n{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOKJlrAA==\\\"}\"}","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2023-11-02T13:36:05.249Z","message":"HTTP response","transaction.id":"DVEH2T69Q69HE-37","http.response.status_code":200,"http.response.body.content":"{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}],\"pageInfo\":{\"hasNextPage\":true,\"endCursor\":\"Y3Vyc29yOnYyOpHOKULTxQ==\"}}}}}","http.response.body.bytes":995,"http.response.mime_type":"application/json; charset=utf-8","event.original":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset\r\nContent-Security-Policy: default-src 'none'\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 02 Nov 2023 13:36:05 GMT\r\nGithub-Authentication-Token-Expiration: 2023-12-02 14:32:47 UTC\r\nReferrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin\r\nServer: GitHub.com\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nVary: Accept-Encoding, Accept, X-Requested-With\r\nX-Accepted-Oauth-Scopes: repo\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-Github-Media-Type: github.v4\r\nX-Github-Request-Id: 1441:4F29:CDA6E7B:1A501F76:6543A5C4\r\nX-Oauth-Scopes: public_repo, read:audit_log, security_events\r\nX-Ratelimit-Limit: 5000\r\nX-Ratelimit-Remaining: 4590\r\nX-Ratelimit-Reset: 1698933610\r\nX-Ratelimit-Resource: graphql\r\nX-Ratelimit-Used: 410\r\nX-Xss-Protection: 0\r\n\r\n3e3\r\n{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}],\"pageInfo\":{\"hasNextPage\":true,\"endCursor\":\"Y3Vyc29yOnYyOpHOKULTxQ==\"}}}}}\r\n0\r\n\r\n","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2023-11-02T13:36:05.249Z","message":"HTTP request","transaction.id":"DVEH2T69Q69HE-38","url.original":"https://api.github.com/graphql","url.scheme":"https","url.path":"/graphql","url.domain":"api.github.com","url.port":"","url.query":"","http.request.method":"POST","user_agent.original":"Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)","http.request.body.content":"{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOKULTxQ==\\\"}\"}","http.request.body.bytes":1112,"http.request.mime_type":"application/json","event.original":"POST /graphql HTTP/1.1\r\nHost: api.github.com\r\nUser-Agent: Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)\r\nContent-Length: 1112\r\nAccept: application/json\r\nAuthorization: bearer maskedtoken\r\nContent-Type: application/json\r\nAccept-Encoding: gzip\r\n\r\n{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOKULTxQ==\\\"}\"}","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2023-11-02T13:36:05.710Z","message":"HTTP response","transaction.id":"DVEH2T69Q69HE-38","http.response.status_code":200,"http.response.body.content":"{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}],\"pageInfo\":{\"hasNextPage\":true,\"endCursor\":\"Y3Vyc29yOnYyOpHOKg9MGw==\"}}}}}","http.response.body.bytes":995,"http.response.mime_type":"application/json; charset=utf-8","event.original":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset\r\nContent-Security-Policy: default-src 'none'\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 02 Nov 2023 13:36:05 GMT\r\nGithub-Authentication-Token-Expiration: 2023-12-02 14:32:47 UTC\r\nReferrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin\r\nServer: GitHub.com\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nVary: Accept-Encoding, Accept, X-Requested-With\r\nX-Accepted-Oauth-Scopes: repo\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-Github-Media-Type: github.v4\r\nX-Github-Request-Id: 366C:1D26:CBA3DB8:1A1167AD:6543A5C5\r\nX-Oauth-Scopes: public_repo, read:audit_log, security_events\r\nX-Ratelimit-Limit: 5000\r\nX-Ratelimit-Remaining: 4580\r\nX-Ratelimit-Reset: 1698933610\r\nX-Ratelimit-Resource: graphql\r\nX-Ratelimit-Used: 420\r\nX-Xss-Protection: 0\r\n\r\n3e3\r\n{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}],\"pageInfo\":{\"hasNextPage\":true,\"endCursor\":\"Y3Vyc29yOnYyOpHOKg9MGw==\"}}}}}\r\n0\r\n\r\n","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2023-11-02T13:36:05.710Z","message":"HTTP request","transaction.id":"DVEH2T69Q69HE-39","url.original":"https://api.github.com/graphql","url.scheme":"https","url.path":"/graphql","url.domain":"api.github.com","url.port":"","url.query":"","http.request.method":"POST","user_agent.original":"Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)","http.request.body.content":"{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOKg9MGw==\\\"}\"}","http.request.body.bytes":1112,"http.request.mime_type":"application/json","event.original":"POST /graphql HTTP/1.1\r\nHost: api.github.com\r\nUser-Agent: Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)\r\nContent-Length: 1112\r\nAccept: application/json\r\nAuthorization: bearer maskedtoken\r\nContent-Type: application/json\r\nAccept-Encoding: gzip\r\n\r\n{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOKg9MGw==\\\"}\"}","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2023-11-02T13:36:06.113Z","message":"HTTP response","transaction.id":"DVEH2T69Q69HE-39","http.response.status_code":200,"http.response.body.content":"{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":\"Y3Vyc29yOnYyOpHOKn4Evg==\"}}}}}","http.response.body.bytes":474,"http.response.mime_type":"application/json; charset=utf-8","event.original":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset\r\nContent-Security-Policy: default-src 'none'\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 02 Nov 2023 13:36:06 GMT\r\nGithub-Authentication-Token-Expiration: 2023-12-02 14:32:47 UTC\r\nReferrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin\r\nServer: GitHub.com\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nVary: Accept-Encoding, Accept, X-Requested-With\r\nX-Accepted-Oauth-Scopes: repo\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-Github-Media-Type: github.v4\r\nX-Github-Request-Id: 1563:0B65:D4545B8:1B28B3CA:6543A5C5\r\nX-Oauth-Scopes: public_repo, read:audit_log, security_events\r\nX-Ratelimit-Limit: 5000\r\nX-Ratelimit-Remaining: 4570\r\nX-Ratelimit-Reset: 1698933610\r\nX-Ratelimit-Resource: graphql\r\nX-Ratelimit-Used: 430\r\nX-Xss-Protection: 0\r\n\r\n1da\r\n{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}},{\"vulnerabilityAlerts\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":\"Y3Vyc29yOnYyOpHOKn4Evg==\"}}}}}\r\n0\r\n\r\n","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2023-11-02T13:36:06.114Z","message":"HTTP request","transaction.id":"DVEH2T69Q69HE-40","url.original":"https://api.github.com/graphql","url.scheme":"https","url.path":"/graphql","url.domain":"api.github.com","url.port":"","url.query":"","http.request.method":"POST","user_agent.original":"Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)","http.request.body.content":"{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOKn4Evg==\\\"}\"}","http.request.body.bytes":1112,"http.request.mime_type":"application/json","event.original":"POST /graphql HTTP/1.1\r\nHost: api.github.com\r\nUser-Agent: Elastic-Filebeat/8.10.4 (linux; amd64; 10b198c985eb95c16405b979c63847881a199aba; 2023-10-11 19:23:15 +0000 UTC)\r\nContent-Length: 1112\r\nAccept: application/json\r\nAuthorization: bearer maskedtoken\r\nContent-Type: application/json\r\nAccept-Encoding: gzip\r\n\r\n{\"query\":\"query fetchRepoAlerts ($org: String!, $cursor:String!) { organization(login: $org) { repositories(first: 10, after: $cursor) { nodes { vulnerabilityAlerts(first: 100) {  nodes { createdAt dependabotUpdate { error { body errorType title } pullRequest { createdAt closed closedAt merged mergedAt number url title } } dependencyScope dismissReason dismissedAt dismisser { login url } fixedAt number repository { description isInOrganization isPrivate name owner { login url } url } securityAdvisory { classification cvss { score vectorString } cwes(first:2) { nodes { cweId description name } } description ghsaId identifiers { type value } origin permalink references { url } publishedAt severity summary updatedAt withdrawnAt } securityVulnerability { firstPatchedVersion { identifier } package { ecosystem name } severity updatedAt vulnerableVersionRange } state vulnerableManifestPath vulnerableManifestFilename vulnerableRequirements } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } }\",\"variables\":\"{\\\"org\\\": \\\"myorg\\\", \\\"cursor\\\": \\\"Y3Vyc29yOnYyOpHOKn4Evg==\\\"}\"}","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2023-11-02T13:36:06.301Z","message":"HTTP response","transaction.id":"DVEH2T69Q69HE-40","http.response.status_code":200,"http.response.body.content":"{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}}}","http.response.body.bytes":105,"http.response.mime_type":"application/json; charset=utf-8","event.original":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset\r\nContent-Security-Policy: default-src 'none'\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 02 Nov 2023 13:36:06 GMT\r\nGithub-Authentication-Token-Expiration: 2023-12-02 14:32:47 UTC\r\nReferrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin\r\nServer: GitHub.com\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains; preload\r\nVary: Accept-Encoding, Accept, X-Requested-With\r\nX-Accepted-Oauth-Scopes: repo\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-Github-Media-Type: github.v4\r\nX-Github-Request-Id: 6AF9:7F56:C5E5076:1959987B:6543A5C6\r\nX-Oauth-Scopes: public_repo, read:audit_log, security_events\r\nX-Ratelimit-Limit: 5000\r\nX-Ratelimit-Remaining: 4560\r\nX-Ratelimit-Reset: 1698933610\r\nX-Ratelimit-Resource: graphql\r\nX-Ratelimit-Used: 440\r\nX-Xss-Protection: 0\r\n\r\n69\r\n{\"data\":{\"organization\":{\"repositories\":{\"nodes\":[],\"pageInfo\":{\"hasNextPage\":false,\"endCursor\":null}}}}}\r\n0\r\n\r\n","ecs.version":"1.6.0"}

bil15 · November 3, 2023, 8:16am

Update: it didn't help
The only error I see in trace logs near the time of Dependabot alerts creation is:

{"log.level":"debug","@timestamp":"2023-11-02T17:46:45.455Z","message":"HTTP response error","transaction.id":"FBFHAGSCRM9HE-96","error":{"message":"context deadline exceeded"},"ecs.version":"1.6.0"}

Interesting thing is that now Secret Scanning alerts are not being collected as well, I get constant 404 replies. My token has security_events, public repo and read:audit_log scopes, exactly as the Github integration page recommends.

system · December 1, 2023, 8:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.