🔐 Automatically create GitHub issues from open Dependabot alerts — complete with severity, CVE info, and tagging.
alert2issue scans a list of GitHub repositories for open Dependabot alerts and creates labeled GitHub issues summarizing the problems.
It helps teams stay on top of security alerts by converting them into visible, actionable tasks.
When creating issues, it applies useful labels to improve visibility:
securityGeneral security issuedependabotMarks it as coming from a Dependabot alertno-patchSpecial label if no fix is available for the vulnerability
This helps teams triage and prioritize issues more easily within GitHub.
- ✅ Lists open Dependabot alerts using the GitHub CLI
- ✅ Avoids duplicate issues
- ✅ Auto-labels issues with
securityanddependabot - ✅ Marks alerts with
no-patchas special warnings - ✅ Supports dry-run mode for safe testing
- ✅ Tested with unit tests and >80% coverage
- Python 3.8+
- GitHub CLI (
gh) - GitHub token with
reposcope if using private repositories
Install via PyPI:
pip install alert2issueMake sure you have the GitHub CLI (gh) installed and authenticated:
gh auth login# Quick example
echo "annejan/woo_data_playground" > repos.txt
alert2issue repos.txt
# ✅ Created issue: "[Dependabot] Security Alert for: requests (pip)"Run the tool with a list of repositories (one per line):
alert2issue path/to/repo-list.txtYou can also pass options:
alert2issue -d -m 200 repos.txt| Short | Long | Description |
|---|---|---|
-d |
--dry-run |
Run without creating issues or labels (preview only) |
-m |
--min-rate-limit MIN |
Minimum number of GitHub API calls required to proceed (default: 100) |
GitHub’s API has rate limits, especially for authenticated requests.
Use --min-rate-limit to avoid starting work if the remaining quota is too low, this is useful for automation and CI environments.
If the current rate limit is below the provided minimum, the script exits early with a warning.
This ensures you have enough API calls left before processing begins so you don't break other more important automation.
# Only include public or authorized repos
annejan/alert2issue
badgeteam/website # Inline comment can be used
IJHack/QtPass
This project includes GitHub Actions workflows that runs tests and linting.
To contribute or run from source:
git clone https://github.com/annejan/alert2issue.git
cd alert2issue
pip install -e .[dev]This project uses ruff and black for code style enforcement:
# Run ruff linter
ruff check .
# Auto-fix style issues
ruff check . --fix
# Format with black
black .
# Type check
mypy *.pyRun unit tests with:
python -m unittestWith coverage:
coverage run -m unittest
coverage reportPull requests welcome! Open an issue first if you'd like to suggest a major change.
MIT License — see LICENSE file.
© 2025 Anne Jan Brouwer
Parts of this project were written with the assistance of ChatGPT, Claude and VLAM.ai.