feat: Backup of repository security advisories

2026-01-13 01:32:40 +01:00 · 2026-01-09 21:04:21 +01:00
parent 858731ebbd
commit 9a6f0b4c21
2 changed files with 50 additions and 4 deletions
--- a/github_backup/github_backup.py
+++ b/github_backup/github_backup.py
@@ -310,6 +310,12 @@ def parse_args(args=None):
        dest="include_milestones",
        help="include milestones in backup",
    )
+    parser.add_argument(
+        "--security-advisories",
+        action="store_true",
+        dest="include_security_advisories",
+        help="include security advisories in backup",
+    )
    parser.add_argument(
        "--repositories",
        action="store_true",
@@ -1718,6 +1724,9 @@ def backup_repositories(args, output_directory, repositories):
            if args.include_milestones or args.include_everything:
                backup_milestones(args, repo_cwd, repository, repos_template)

+            if args.include_security_advisories or args.include_everything:
+                backup_security_advisories(args, repo_cwd, repository, repos_template)
+
            if args.include_labels or args.include_everything:
                backup_labels(args, repo_cwd, repository, repos_template)

@@ -1934,6 +1943,41 @@ def backup_milestones(args, repo_cwd, repository, repos_template):
        )


+def backup_security_advisories(args, repo_cwd, repository, repos_template):
+    advisory_cwd = os.path.join(repo_cwd, "security-advisories")
+    if args.skip_existing and os.path.isdir(advisory_cwd):
+        return
+
+    logger.info("Retrieving {0} security advisories".format(repository["full_name"]))
+    mkdir_p(repo_cwd, advisory_cwd)
+
+    template = "{0}/{1}/security-advisories".format(repos_template, repository["full_name"])
+
+    _advisories = retrieve_data(args, template)
+
+    advisories = {}
+    for advisory in _advisories:
+        advisories[advisory["ghsa_id"]] = advisory
+
+    written_count = 0
+    for ghsa_id, advisory in list(advisories.items()):
+        advisory_file = "{0}/{1}.json".format(advisory_cwd, ghsa_id)
+        if json_dump_if_changed(advisory, advisory_file):
+            written_count += 1
+
+    total = len(advisories)
+    if written_count == total:
+        logger.info("Saved {0} security advisories to disk".format(total))
+    elif written_count == 0:
+        logger.info("{0} security advisories unchanged, skipped write".format(total))
+    else:
+        logger.info(
+            "Saved {0} of {1} security advisories to disk ({2} unchanged)".format(
+                written_count, total, total - written_count
+            )
+        )
+
+
 def backup_labels(args, repo_cwd, repository, repos_template):
    label_cwd = os.path.join(repo_cwd, "labels")
    output_file = "{0}/labels.json".format(label_cwd)