[Shipping April 4, 2022] Expand secret scanning webhooks to include alert locations (github#26394)

Co-authored-by: Grey Baker <[email protected]>
Co-authored-by: Sarah Edwards <[email protected]>
Co-authored-by: Melanie Yarbrough <[email protected]>

Author: 4 people

Diff for: content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md

@@ -1239,6 +1239,29 @@ Key | Type | Description
 {{ webhookPayloadsForCurrentVersion.secret_scanning_alert.reopened }}
 {% endif %}
 
+{% ifversion fpt or ghes > 3.4 or ghec or ghae-issue-6581 %}
+## secret_scanning_alert_location
+
+{% data reusables.webhooks.secret_scanning_alert_location_event_short_desc %}
+
+### Availability
+
+- Repository webhooks
+- Organization webhooks
+- {% data variables.product.prodname_github_apps %} with the `secret_scanning_alerts:read` permission
+
+### Webhook payload object
+
+{% data reusables.webhooks.secret_scanning_alert_location_event_properties %}
+{% data reusables.webhooks.repo_desc %}
+{% data reusables.webhooks.org_desc %}
+{% data reusables.webhooks.app_desc %}
+
+### Webhook payload example
+
+{{ webhookPayloadsForCurrentVersion.secret_scanning_alert_location.created }}
+{% endif %}
+
 {% ifversion fpt or ghes or ghec %}
 ## security_advisory
 

Diff for: data/reusables/webhooks/secret_scanning_alert_event_short_desc.md

@@ -1 +1 @@
-Activity related to secret scanning alerts in a repository. The type of activity is specified in the action property of the payload object. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
+Activity related to secret scanning alerts in a repository. The type of activity is specified in the action property of the payload object. For more information, see the "[secret scanning API](rest/reference/secret-scanning)."

Diff for: data/reusables/webhooks/secret_scanning_alert_location_event_properties.md

@@ -0,0 +1,5 @@
+Key | Type | Description
+----|------|-------------
+`action` |`string` | The action that was performed. Currently, can only be `created`.
+`location` |`object` | The location involved in the event.
+`alert` |`object` | The [`secret scanning alert`](/rest/reference/secret-scanning#get-a-secret-scanning-alert) involved in the event.

Diff for: data/reusables/webhooks/secret_scanning_alert_location_event_short_desc.md

@@ -0,0 +1 @@
+Activity related to secret scanning alert locations in a repository. The type of activity is specified in the action property of the payload object. For more information, see the "[secret scanning](rest/reference/secret-scanning)" REST API.

Diff for: lib/webhooks/static/dotcom/secret_scanning_alert_location.created.payload.json

@@ -0,0 +1,134 @@
+{
+  "action": "created",
+  "location": {
+    "type": "commit",
+    "details": {
+       "path": "/example/secrets.txt",
+       "start_line": 1,
+       "end_line": 1,
+       "start_column": 1,
+       "end_column": 64,
+       "blob_sha": "af5626b4a114abcb82d63db7c8082c3c4756e51b",
+       "blob_url": "https://api.github.com/repos/octocat/hello-world/git/blobs/af5626b4a114abcb82d63db7c8082c3c4756e51b",
+       "commit_sha": "f14d7debf9775f957cf4f1e8176da0786431f72b",
+       "commit_url": "https://api.github.com/repos/octocat/hello-world/git/commits/f14d7debf9775f957cf4f1e8176da0786431f72b"
+     }
+  },
+  "alert": {
+    "number": 191,
+    "secret_type": "adafruit_io_key",
+    "resolution": null,
+    "created_at": "2022-04-01T11:01:10Z",
+    "updated_at": "2022-04-01T12:04:28Z",
+    "resolved_by": null,
+    "resolved_at": null
+  },
+  "repository": {
+    "id": 257423561,
+    "node_id": "MDEwOlJlcG9zaXRvcnkyNTc0MjM1NjE=",
+    "name": "Hello-World",
+    "full_name": "Codertocat/Hello-World",
+    "private": true,
+    "owner": {
+      "login": "Codertocat",
+      "id": 30846345,
+      "node_id": "MDEyOk9yZ2FuaXphdGlvbjMwODQ2MzQ1",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/30846345?v=4",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/Codertocat",
+      "html_url": "https://github.com/Codertocat",
+      "followers_url": "https://api.github.com/users/Codertocat/followers",
+      "following_url": "https://api.github.com/users/Codertocat/following{/other_user}",
+      "gists_url": "https://api.github.com/users/Codertocat/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/Codertocat/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/Codertocat/subscriptions",
+      "organizations_url": "https://api.github.com/users/Codertocat/orgs",
+      "repos_url": "https://api.github.com/users/Codertocat/repos",
+      "events_url": "https://api.github.com/users/Codertocat/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/Codertocat/received_events",
+      "type": "Organization",
+      "site_admin": false
+    },
+    "html_url": "https://github.com/Codertocat/Hello-World",
+    "description": null,
+    "fork": false,
+    "url": "https://api.github.com/repos/Codertocat/Hello-World",
+    "forks_url": "https://api.github.com/repos/Codertocat/Hello-World/forks",
+    "keys_url": "https://api.github.com/repos/Codertocat/Hello-World/keys{/key_id}",
+    "collaborators_url": "https://api.github.com/repos/Codertocat/Hello-World/collaborators{/collaborator}",
+    "teams_url": "https://api.github.com/repos/Codertocat/Hello-World/teams",
+    "hooks_url": "https://api.github.com/repos/Codertocat/Hello-World/hooks",
+    "issue_events_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/events{/number}",
+    "events_url": "https://api.github.com/repos/Codertocat/Hello-World/events",
+    "assignees_url": "https://api.github.com/repos/Codertocat/Hello-World/assignees{/user}",
+    "branches_url": "https://api.github.com/repos/Codertocat/Hello-World/branches{/branch}",
+    "tags_url": "https://api.github.com/repos/Codertocat/Hello-World/tags",
+    "blobs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/blobs{/sha}",
+    "git_tags_url": "https://api.github.com/repos/Codertocat/Hello-World/git/tags{/sha}",
+    "git_refs_url": "https://api.github.com/repos/Codertocat/Hello-World/git/refs{/sha}",
+    "trees_url": "https://api.github.com/repos/Codertocat/Hello-World/git/trees{/sha}",
+    "statuses_url": "https://api.github.com/repos/Codertocat/Hello-World/statuses/{sha}",
+    "languages_url": "https://api.github.com/repos/Codertocat/Hello-World/languages",
+    "stargazers_url": "https://api.github.com/repos/Codertocat/Hello-World/stargazers",
+    "contributors_url": "https://api.github.com/repos/Codertocat/Hello-World/contributors",
+    "subscribers_url": "https://api.github.com/repos/Codertocat/Hello-World/subscribers",
+    "subscription_url": "https://api.github.com/repos/Codertocat/Hello-World/subscription",
+    "commits_url": "https://api.github.com/repos/Codertocat/Hello-World/commits{/sha}",
+    "git_commits_url": "https://api.github.com/repos/Codertocat/Hello-World/git/commits{/sha}",
+    "comments_url": "https://api.github.com/repos/Codertocat/Hello-World/comments{/number}",
+    "issue_comment_url": "https://api.github.com/repos/Codertocat/Hello-World/issues/comments{/number}",
+    "contents_url": "https://api.github.com/repos/Codertocat/Hello-World/contents/{+path}",
+    "compare_url": "https://api.github.com/repos/Codertocat/Hello-World/compare/{base}...{head}",
+    "merges_url": "https://api.github.com/repos/Codertocat/Hello-World/merges",
+    "archive_url": "https://api.github.com/repos/Codertocat/Hello-World/{archive_format}{/ref}",
+    "downloads_url": "https://api.github.com/repos/Codertocat/Hello-World/downloads",
+    "issues_url": "https://api.github.com/repos/Codertocat/Hello-World/issues{/number}",
+    "pulls_url": "https://api.github.com/repos/Codertocat/Hello-World/pulls{/number}",
+    "milestones_url": "https://api.github.com/repos/Codertocat/Hello-World/milestones{/number}",
+    "notifications_url": "https://api.github.com/repos/Codertocat/Hello-World/notifications{?since,all,participating}",
+    "labels_url": "https://api.github.com/repos/Codertocat/Hello-World/labels{/name}",
+    "releases_url": "https://api.github.com/repos/Codertocat/Hello-World/releases{/id}",
+    "deployments_url": "https://api.github.com/repos/Codertocat/Hello-World/deployments",
+    "created_at": "2020-04-20T22:59:11Z",
+    "updated_at": "2020-11-24T01:37:33Z",
+    "pushed_at": "2020-11-24T01:37:31Z",
+    "git_url": "git://github.com/Codertocat/Hello-World.git",
+    "ssh_url": "[email protected]:Codertocat/Hello-World.git",
+    "clone_url": "https://github.com/Codertocat/Hello-World.git",
+    "svn_url": "https://github.com/Codertocat/Hello-World",
+    "homepage": null,
+    "size": 1156,
+    "stargazers_count": 0,
+    "watchers_count": 0,
+    "language": "JavaScript",
+    "has_issues": false,
+    "has_projects": false,
+    "has_downloads": true,
+    "has_wiki": false,
+    "has_pages": true,
+    "forks_count": 0,
+    "mirror_url": null,
+    "archived": false,
+    "disabled": false,
+    "open_issues_count": 3,
+    "license": null,
+    "forks": 0,
+    "open_issues": 3,
+    "watchers": 0,
+    "default_branch": "master"
+  },
+  "organization": {
+    "login": "Codertocat",
+    "id": 30846345,
+    "node_id": "MDEyOk9yZ2FuaXphdGlvbjMwODQ2MzQ1",
+    "url": "https://api.github.com/orgs/Codertocat",
+    "repos_url": "https://api.github.com/orgs/Codertocat/repos",
+    "events_url": "https://api.github.com/orgs/Codertocat/events",
+    "hooks_url": "https://api.github.com/orgs/Codertocat/hooks",
+    "issues_url": "https://api.github.com/orgs/Codertocat/issues",
+    "members_url": "https://api.github.com/orgs/Codertocat/members{/member}",
+    "public_members_url": "https://api.github.com/orgs/Codertocat/public_members{/member}",
+    "avatar_url": "https://avatars0.githubusercontent.com/u/30846345?v=4",
+    "description": "Demos and testing of GitHub security products"
+  }
+}