Describe the bug
Currently, the MCP server does not support pagination of the results coming back from the GHAS endpoints. This limits the tool to only seeing 30 alerts from the API at a time. This result can lead to a weird false sense of security when performing alert analysis using AI tooling.
I'm more than happy to open a PR to resolve this issue if it helps and GitHub will accept my contribution as a GH partner.
Affected version
whatever the remote MCP server is running.
Steps to reproduce the behavior
Here's the prompt I used (client name redacted):
I want you to generate a CSV file for me based on code scanning alerts in the `[org]/[repository]` repository. Use the #list_code_scanning_alerts tool to retrieve the code scanning alerts. Create a new row in the CSV for **ALL** alerts.
The CSV output should contain the following columns:
* Alert Number
* Alert Name/Title
* Severity
* The location of the vulnerability (file and line)
* When it was found
* CodeQL Rule
* Status (opened, closed, etc.)
Place the file in the root of this directory, name it "findings.csv".
Expected vs actual behavior
Expected: there would be around 300 results in the CSV file since there are 300 open alerts in the repository right now.
Actual: There were 30 results returned, and it was just the 30 most recent open alerts.
Logs
N/A
Describe the bug
Currently, the MCP server does not support pagination of the results coming back from the GHAS endpoints. This limits the tool to only seeing 30 alerts from the API at a time. This result can lead to a weird false sense of security when performing alert analysis using AI tooling.
I'm more than happy to open a PR to resolve this issue if it helps and GitHub will accept my contribution as a GH partner.
Affected version
whatever the remote MCP server is running.
Steps to reproduce the behavior
Here's the prompt I used (client name redacted):
Expected vs actual behavior
Expected: there would be around 300 results in the CSV file since there are 300 open alerts in the repository right now.
Actual: There were 30 results returned, and it was just the 30 most recent open alerts.
Logs
N/A