Get vulnerabilities by organisation

metrics/github/cli.py

@@ -71,8 +71,8 @@ def pr_throughput(prs, org):
             process_prs(writer, merged_prs, day, name="prs_merged")
 
 
-def vulnerabilities():
-    vulns = security.parse_vulnerabilities(security.get_vulnerabilities())
+def vulnerabilities(org):
+    vulns = security.parse_vulnerabilities(security.get_vulnerabilities(org), org)
     with TimescaleDBWriter(GitHubVulnerabilities) as writer:
         for v in vulns:
             date = v.pop("date")
@@ -105,4 +105,4 @@ def github(ctx, token):
 
         open_prs(prs, org, days_threshold=7)
         pr_throughput(prs, org)
-        vulnerabilities()
+        vulnerabilities(org)

metrics/github/security.py

@@ -29,7 +29,7 @@ def make_request(query, variables):
     return response.json()
 
 
-def get_vulnerabilities():
+def get_vulnerabilities(org):
     query = """
     query vulnerabilities($org: String!) {
       organization(login: $org) {
@@ -52,7 +52,7 @@ def get_vulnerabilities():
       }
     }
     """
-    variables = {"org": "opensafely-core"}
+    variables = {"org": org}
     response = make_request(query, variables)
     return response["data"]["organization"]["repositories"]["nodes"]
 
@@ -64,7 +64,7 @@ def date_before(date_string, target_date):
     return datetime.fromisoformat(date_string).date() <= target_date
 
 
-def parse_vulnerabilities_for_date(vulns, repo, target_date):
+def parse_vulnerabilities_for_date(vulns, repo, target_date, org):
     closed_vulns = 0
     open_vulns = 0
     for row in vulns:
@@ -78,12 +78,12 @@ def parse_vulnerabilities_for_date(vulns, repo, target_date):
         "date": target_date,
         "closed": closed_vulns,
         "open": open_vulns,
-        "organisation": "opensafely-core",
+        "organisation": org,
         "repo": repo,
     }
 
 
-def parse_vulnerabilities(vulnerabilities):
+def parse_vulnerabilities(vulnerabilities, org):
     results = []
 
     for repo in vulnerabilities:
@@ -98,7 +98,7 @@ def parse_vulnerabilities(vulnerabilities):
 
         while earliest_date <= latest_date:
             results.append(
-                parse_vulnerabilities_for_date(alerts, repo_name, earliest_date)
+                parse_vulnerabilities_for_date(alerts, repo_name, earliest_date, org)
             )
             earliest_date += delta
     return results

tests/metrics/github/test_security.py

@@ -3,7 +3,7 @@
 from metrics.github import security
 
 
-def fake_vulnerabilities():
+def fake_vulnerabilities(org):
     github_response = [
         {
             "name": "opencodelists",
@@ -61,8 +61,10 @@ def fake_vulnerabilities():
 def test_security_number_of_alerts_today():
     today = date(2023, 11, 28)
 
-    alerts = fake_vulnerabilities()[0]["vulnerabilityAlerts"]["nodes"]
-    result = security.parse_vulnerabilities_for_date(alerts, "opencodelists", today)
+    alerts = fake_vulnerabilities("test-org")[0]["vulnerabilityAlerts"]["nodes"]
+    result = security.parse_vulnerabilities_for_date(
+        alerts, "opencodelists", today, "test-org"
+    )
 
     assert str(result["date"]) == "2023-11-28"
     assert result["closed"] == 4
@@ -72,9 +74,9 @@ def test_security_number_of_alerts_today():
 def test_security_number_of_alerts_last_year():
     target_date = date(2022, 11, 1)
 
-    alerts = fake_vulnerabilities()[0]["vulnerabilityAlerts"]["nodes"]
+    alerts = fake_vulnerabilities("test-org")[0]["vulnerabilityAlerts"]["nodes"]
     result = security.parse_vulnerabilities_for_date(
-        alerts, "opencodelists", target_date
+        alerts, "opencodelists", target_date, "test-org"
     )
 
     assert str(result["date"]) == "2022-11-01"
@@ -83,7 +85,9 @@ def test_security_number_of_alerts_last_year():
 
 
 def test_security_parse_vulnerabilities_earliest_date():
-    result = security.parse_vulnerabilities(fake_vulnerabilities())
+    result = security.parse_vulnerabilities(
+        fake_vulnerabilities("test-org"), "test-org"
+    )
 
     assert len(result) == 624
     assert str(result[0]["date"]) == "2022-02-10"