JupiterOne-Archives · RonaldEAM · Oct 25, 2023 · Oct 16, 2023 · Oct 16, 2023 · Oct 17, 2023
diff --git a/docs/jupiterone.md b/docs/jupiterone.md
@@ -32,6 +32,10 @@ execution_. This is an accumulative process resulting in existing `issues` and
 `pull requests` which have been ingested, but are not changing, remain in the
 graph.
 
+### **Note on `secret scanning findings`:**
+
+Secret scanning findings are by default assigned a critical severity
+
 ## Requirements
 
 - JupiterOne requires the JupiterOne GitHub app with read-only permissions be
@@ -151,64 +155,64 @@ https://github.com/JupiterOne/sdk/blob/main/docs/integrations/development.md
 
 The following entities are created:
 
-| Resources                     | Entity `_type`                  | Entity `_class` |
-| ----------------------------- | ------------------------------- | --------------- |
-| Account                       | `github_account`                | `Account`       |
-| GitHub Code Scanning Alerts   | `github_code_scanning_finding`  | `Finding`       |
-| GitHub Env Secret             | `github_env_secret`             | `Secret`        |
-| GitHub Secret Scanning Alert  | `github_secret_scanning_alert`  | `Alert`         |
-| GitHub Vulnerability Alert    | `github_finding`                | `Finding`       |
-| Github App                    | `github_app`                    | `Application`   |
-| Github Branch Protection Rule | `github_branch_protection_rule` | `Rule`          |
-| Github Environment            | `github_environment`            | `Configuration` |
-| Github Issue                  | `github_issue`                  | `Issue`         |
-| Github Org Secret             | `github_org_secret`             | `Secret`        |
-| Github Pull Request           | `github_pullrequest`            | `PR`            |
-| Github Repo                   | `github_repo`                   | `CodeRepo`      |
-| Github Repo Secret            | `github_repo_secret`            | `Secret`        |
-| Github Team                   | `github_team`                   | `UserGroup`     |
-| Github User                   | `github_user`                   | `User`          |
+| Resources                     | Entity `_type`                   | Entity `_class` |
+| ----------------------------- | -------------------------------- | --------------- |
+| Account                       | `github_account`                 | `Account`       |
+| GitHub Code Scanning Alerts   | `github_code_scanning_finding`   | `Finding`       |
+| GitHub Env Secret             | `github_env_secret`              | `Secret`        |
+| GitHub Secret Scanning Alert  | `github_secret_scanning_finding` | `Finding`       |
+| GitHub Vulnerability Alert    | `github_finding`                 | `Finding`       |
+| Github App                    | `github_app`                     | `Application`   |
+| Github Branch Protection Rule | `github_branch_protection_rule`  | `Rule`          |
+| Github Environment            | `github_environment`             | `Configuration` |
+| Github Issue                  | `github_issue`                   | `Issue`         |
+| Github Org Secret             | `github_org_secret`              | `Secret`        |
+| Github Pull Request           | `github_pullrequest`             | `PR`            |
+| Github Repo                   | `github_repo`                    | `CodeRepo`      |
+| Github Repo Secret            | `github_repo_secret`             | `Secret`        |
+| Github Team                   | `github_team`                    | `UserGroup`     |
+| Github User                   | `github_user`                    | `User`          |
 
 ### Relationships
 
 The following relationships are created:
 
-| Source Entity `_type` | Relationship `_class` | Target Entity `_type`           |
-| --------------------- | --------------------- | ------------------------------- |
-| `github_account`      | **INSTALLED**         | `github_app`                    |
-| `github_account`      | **HAS**               | `github_org_secret`             |
-| `github_account`      | **OWNS**              | `github_repo`                   |
-| `github_account`      | **HAS**               | `github_team`                   |
-| `github_account`      | **HAS**               | `github_user`                   |
-| `github_app`          | **OVERRIDES**         | `github_branch_protection_rule` |
-| `github_env_secret`   | **OVERRIDES**         | `github_org_secret`             |
-| `github_env_secret`   | **OVERRIDES**         | `github_repo_secret`            |
-| `github_environment`  | **HAS**               | `github_env_secret`             |
-| `github_pullrequest`  | **CONTAINS**          | `github_pullrequest`            |
-| `github_repo`         | **HAS**               | `github_branch_protection_rule` |
-| `github_repo`         | **HAS**               | `github_code_scanning_finding`  |
-| `github_repo`         | **USES**              | `github_env_secret`             |
-| `github_repo`         | **HAS**               | `github_environment`            |
-| `github_repo`         | **HAS**               | `github_finding`                |
-| `github_repo`         | **HAS**               | `github_issue`                  |
-| `github_repo`         | **USES**              | `github_org_secret`             |
-| `github_repo`         | **HAS**               | `github_pullrequest`            |
-| `github_repo`         | **HAS**               | `github_repo_secret`            |
-| `github_repo`         | **USES**              | `github_repo_secret`            |
-| `github_repo`         | **HAS**               | `github_secret_scanning_alert`  |
-| `github_repo`         | **ALLOWS**            | `github_team`                   |
-| `github_repo`         | **ALLOWS**            | `github_user`                   |
-| `github_repo_secret`  | **OVERRIDES**         | `github_org_secret`             |
-| `github_team`         | **OVERRIDES**         | `github_branch_protection_rule` |
-| `github_team`         | **HAS**               | `github_user`                   |
-| `github_user`         | **MANAGES**           | `github_account`                |
-| `github_user`         | **OVERRIDES**         | `github_branch_protection_rule` |
-| `github_user`         | **ASSIGNED**          | `github_issue`                  |
-| `github_user`         | **CREATED**           | `github_issue`                  |
-| `github_user`         | **APPROVED**          | `github_pullrequest`            |
-| `github_user`         | **OPENED**            | `github_pullrequest`            |
-| `github_user`         | **REVIEWED**          | `github_pullrequest`            |
-| `github_user`         | **MANAGES**           | `github_team`                   |
+| Source Entity `_type` | Relationship `_class` | Target Entity `_type`            |
+| --------------------- | --------------------- | -------------------------------- |
+| `github_account`      | **INSTALLED**         | `github_app`                     |
+| `github_account`      | **HAS**               | `github_org_secret`              |
+| `github_account`      | **OWNS**              | `github_repo`                    |
+| `github_account`      | **HAS**               | `github_team`                    |
+| `github_account`      | **HAS**               | `github_user`                    |
+| `github_app`          | **OVERRIDES**         | `github_branch_protection_rule`  |
+| `github_env_secret`   | **OVERRIDES**         | `github_org_secret`              |
+| `github_env_secret`   | **OVERRIDES**         | `github_repo_secret`             |
+| `github_environment`  | **HAS**               | `github_env_secret`              |
+| `github_pullrequest`  | **CONTAINS**          | `github_pullrequest`             |
+| `github_repo`         | **HAS**               | `github_branch_protection_rule`  |
+| `github_repo`         | **HAS**               | `github_code_scanning_finding`   |
+| `github_repo`         | **USES**              | `github_env_secret`              |
+| `github_repo`         | **HAS**               | `github_environment`             |
+| `github_repo`         | **HAS**               | `github_finding`                 |
+| `github_repo`         | **HAS**               | `github_issue`                   |
+| `github_repo`         | **USES**              | `github_org_secret`              |
+| `github_repo`         | **HAS**               | `github_pullrequest`             |
+| `github_repo`         | **HAS**               | `github_repo_secret`             |
+| `github_repo`         | **USES**              | `github_repo_secret`             |
+| `github_repo`         | **HAS**               | `github_secret_scanning_finding` |
+| `github_repo`         | **ALLOWS**            | `github_team`                    |
+| `github_repo`         | **ALLOWS**            | `github_user`                    |
+| `github_repo_secret`  | **OVERRIDES**         | `github_org_secret`              |
+| `github_team`         | **OVERRIDES**         | `github_branch_protection_rule`  |
+| `github_team`         | **HAS**               | `github_user`                    |
+| `github_user`         | **MANAGES**           | `github_account`                 |
+| `github_user`         | **OVERRIDES**         | `github_branch_protection_rule`  |
+| `github_user`         | **ASSIGNED**          | `github_issue`                   |
+| `github_user`         | **CREATED**           | `github_issue`                   |
+| `github_user`         | **APPROVED**          | `github_pullrequest`             |
+| `github_user`         | **OPENED**            | `github_pullrequest`             |
+| `github_user`         | **REVIEWED**          | `github_pullrequest`             |
+| `github_user`         | **MANAGES**           | `github_team`                    |
 
 ### Mapped Relationships
 

diff --git a/src/config.ts b/src/config.ts
@@ -286,5 +286,6 @@ export const ingestionConfig: IntegrationIngestionConfigFieldMap = {
     title: 'GitHub Secret Scanning Alerts',
     description:
       'Alerts for potential leaks of known secrets in public repositories',
+    defaultsToDisabled: true,
   },
 };
diff --git a/src/constants.ts b/src/constants.ts
@@ -384,8 +384,8 @@ export const GithubEntities: Record<
   },
   GITHUB_SECRET_SCANNING_ALERT: {
     resourceName: 'GitHub Secret Scanning Alert',
-    _type: 'github_secret_scanning_alert',
-    _class: ['Alert'],
+    _type: 'github_secret_scanning_finding',
+    _class: ['Finding'],
   },
   CVE: {
     resourceName: 'CVE',
@@ -455,7 +455,7 @@ export const Relationships: Record<
   | 'REPO_USES_ORG_SECRET'
   | 'ACCOUNT_HAS_ORG_SECRET'
   | 'REPO_USES_ORG_SECRET'
-  | 'REPO_HAS_SECRET_SCANNING_ALERT',
+  | 'REPO_HAS_SECRET_SCANNING_FINDING',
   StepRelationshipMetadata
 > = {
   TEAM_HAS_USER: {
@@ -663,8 +663,8 @@ export const Relationships: Record<
     _class: RelationshipClass.USES,
     targetType: GithubEntities.GITHUB_ORG_SECRET._type,
   },
-  REPO_HAS_SECRET_SCANNING_ALERT: {
-    _type: 'github_repo_has_secret_scanning_alert',
+  REPO_HAS_SECRET_SCANNING_FINDING: {
+    _type: 'github_repo_has_secret_scanning_finding',
     sourceType: GithubEntities.GITHUB_REPO._type,
     _class: RelationshipClass.HAS,
     targetType: GithubEntities.GITHUB_SECRET_SCANNING_ALERT._type,

diff --git a/src/steps/secretScanningAlerts.ts b/src/steps/secretScanningAlerts.ts
@@ -53,9 +53,9 @@ export async function fetchSecretScanningAlerts({
 export const secretScanningAlertsSteps: IntegrationStep<IntegrationConfig>[] = [
   {
     id: Steps.FETCH_SECRET_SCANNING_ALERTS,
-    name: 'Fetch Secret Scanning Alerts',
+    name: 'Fetch Secret Scanning Findings',
     entities: [GithubEntities.GITHUB_SECRET_SCANNING_ALERT],
-    relationships: [Relationships.REPO_HAS_SECRET_SCANNING_ALERT],
+    relationships: [Relationships.REPO_HAS_SECRET_SCANNING_FINDING],
     dependsOn: [Steps.FETCH_REPOS],
     ingestionSourceId: IngestionSources.SECRET_SCANNING_ALERTS,
     executionHandler: fetchSecretScanningAlerts,

diff --git a/src/sync/converters.ts b/src/sync/converters.ts
@@ -192,7 +192,7 @@ export function createCodeScanningFindingEntity(
 }
 
 export function getSecretScanningAlertKey(id: string) {
-  return `github_secret_scanning_alert:${id}`;
+  return `github_secret_scanning_finding:${id}`;
 }
 
 export function createSecretScanningAlertEntity(
@@ -207,9 +207,13 @@ export function createSecretScanningAlertEntity(
         _key: getSecretScanningAlertKey(String(data.number)),
         displayName: data.secret_type_display_name,
         name: data.secret_type_display_name,
+        severity: 'CRITICAL',
+        numericSeverity: 10,
+        category: 'application',
         number: data.number,
         url: data.html_url,
         state: data.state,
+        open: data.state === 'open',
         resolution: data.resolution,
         secretType: data.secret_type,
         secretTypeDisplayName: data.secret_type_display_name,