Fix dependabot update pr link parsing

Logicmn · Logicmn · commit 84b070634b6e · 2025-07-18T17:55:02.000-04:00
diff --git a/dojo/tools/github_vulnerability/parser.py b/dojo/tools/github_vulnerability/parser.py
@@ -41,9 +41,13 @@ def get_findings(self, filename, test):
             summary = advisory.get("summary", "")
             desc = advisory.get("description", "")
 
-            pr_link = alert.get("dependabotUpdate", {}).get("pullRequest", {}).get("permalink")
-            if pr_link:
-                desc = f"Fix PR: [{pr_link}]({pr_link})\n" + desc
+            pr_link = None
+            dependabot_update = alert.get("dependabotUpdate", {})
+            if dependabot_update:
+                pr = dependabot_update.get("pullRequest", {})
+                if pr:
+                    pr_link = pr.get("permalink")
+                    desc = f"Fix PR: [{pr_link}]({pr_link})\n" + desc
 
             alert_num = alert.get("number")
             if alert_num and repo_url:
