Merged
Conversation
Implements the paradigm from Get-GHSecretScanningHistoryProgress.ps1 in Python. Adds: - Enterprise/org/repo resolution with GraphQL for enterprise orgs - Concurrent scan history API calls via ThreadPoolExecutor - Summary progress bars for backfill/incremental/pattern_update scans - Detailed markdown table output option - Error reporting for repos with disabled secret scanning Also adds list_org_repos, list_enterprise_orgs, and get_secret_scanning_scan_history methods to githubapi.py. Agent-Logs-Url: https://github.com/advanced-security/ghas-api-python-scripts/sessions/f6a777a1-48ca-4999-ba66-76934aa82818 Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
Agent-Logs-Url: https://github.com/advanced-security/ghas-api-python-scripts/sessions/f6a777a1-48ca-4999-ba66-76934aa82818 Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
The method was using query_once which defaults to cursor-based pagination. The scan-history endpoint returns a single JSON object (not a paginated list), so pagination params were incorrect and HTTP errors were silently swallowed. Now uses _get directly so: - No spurious per_page/before query params - HTTP errors (e.g. 403) properly propagate to callers Agent-Logs-Url: https://github.com/advanced-security/ghas-api-python-scripts/sessions/7fb48030-50b4-4f88-bce8-1e571af0e38b Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
felickz
April 7, 2026 21:26
View session
felickz
requested review from
adrienpessu,
Copilot and
felickz
and removed request for
a team
There was a problem hiding this comment.
Pull request overview
This PR corrects how secret scanning scan-history is fetched by switching from paginated querying to a direct GET (so HTTP errors surface properly), and adds a new CLI script to summarize scan-history progress across repo/org/enterprise scopes.
Changes:
- Add
get_secret_scanning_scan_history()that performs a direct_get()call (no pagination params) and propagates HTTP errors. - Add helpers to enumerate repos (org) and orgs (enterprise via GraphQL), plus a new
get_secret_scanning_scan_history_progress.pyreporting script. - Update README documentation and ignore
.venv/.
Show a summary per file
| File | Description |
|---|---|
README.md |
Documents the new scan-history progress script and usage examples. |
githubapi.py |
Adds org repo listing, enterprise org listing (GraphQL), and direct scan-history GET helper. |
get_secret_scanning_scan_history_progress.py |
New CLI to concurrently fetch scan-history per repo and render progress/table output. |
.gitignore |
Adds .venv/ and fixes .pyc ignore formatting. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 3/4 changed files
- Comments generated: 3
felickz
changed the title
…GitHub client for each thread
👍
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces new functionality for retrieving and summarizing secret scanning scan history progress across repositories, organizations, or enterprises. It adds a script for concurrent querying of the scan history API, updates documentation with usage instructions and examples, and extends the
githubapi.pymodule with helper methods for listing repos and organizations.Secret scanning scan history progress retrieval:
get_secret_scanning_scan_history_progress.py) to retrieve and summarize secret scanning scan history for repositories at the repo, org, or enterprise level, with support for concurrent API calls and optional detailed markdown output.README.mdwith a new section describing the scan history progress script, its usage, options, and example invocations.API helper enhancements in
githubapi.py:list_org_reposto enumerate all repositories in a given organization.list_enterprise_orgsto enumerate all organizations in a given enterprise using the GitHub GraphQL API.get_secret_scanning_scan_historyto fetch the secret scanning scan history for a single repository.