GitHub has a webhook event called repository_vulnerability_alert that is triggered when a vulnerability is discovered on a repository/organization. Unfortunately, there’s no documentation (that I could find) to watch for this event in a GitHub action and send it to alerting platforms.
I created this GitHub action that can be run on a CRON schedule (every 6 hours is recommended).
There are a few things you need to setup on the repository before this action can be used:
Enable Dependabot Alerts for the repository.
For Slack, you’d want to send these alerts to a dedicated channel. Create a Webhook URL for the channel and add it to the repository’s secrets. You may also use the Incoming Webhooks Slack app that makes it a lot easier.
For PagerDuty, the action will send an Alert Event which should create a new Incident with an
Create a new GitHub action:
For more documentation, please check out the Wiki.
If you find a bug, please open an issue.