Skip to main content

此版本的 GitHub Enterprise 将停止服务 2022-10-12. 即使针对重大安全问题,也不会发布补丁。 为了获得更好的性能、更高的安全性和新功能,请升级到最新版本的 GitHub Enterprise。 如需升级帮助,请联系 GitHub Enterprise 支持

机密扫描

使用机密扫描 API 从存储库中检索和更新机密警报。

注意:secret scanning API 目前为 beta 版本,可能会有变动。

关于机密扫描 API

使用 secret scanning API,你可以:

  • 为存储库启用或禁用 secret scanning。 有关详细信息,请参阅“存储库”,并展开 REST API 文档中的“security_and_analysis 对象的属性”部分。
  • 从存储库检索和更新 secret scanning 警报。 有关更多详细信息,请参阅以下部分。

有关 secret scanning 的详细信息,请参阅“关于 secret scanning”。

List secret scanning alerts for a repository

Lists secret scanning alerts for a private repository, from newest to oldest. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

参数

Headers
Name, Type, Description
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
ownerstringRequired

The account owner of the repository. The name is not case sensitive.

repostringRequired

The name of the repository. The name is not case sensitive.

Query parameters
Name, Type, Description
statestring

Set to open or resolved to only list secret scanning alerts in a specific state.

Can be one of: open, resolved

secret_typestring

A comma-separated list of secret types to return. By default all secret types are returned. See "Secret scanning patterns" for a complete list of secret types.

resolutionstring

A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests.

pageinteger

Page number of the results to fetch.

Default: 1

per_pageinteger

The number of results per page (max 100).

Default: 30

HTTP 响应状态代码

状态代码说明
200

OK

404

Repository is public or secret scanning is disabled for the repository

503

Service unavailable

代码示例

get/repos/{owner}/{repo}/secret-scanning/alerts
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/secret-scanning/alerts

Response

Status: 200
[ { "number": 2, "created_at": "2020-11-06T18:48:51Z", "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2", "html_url": "https://github.com/owner/private-repo/security/secret-scanning/2", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2/locations", "state": "resolved", "resolution": "false_positive", "resolved_at": "2020-11-07T02:47:13Z", "resolved_by": { "login": "monalisa", "id": 2, "node_id": "MDQ6VXNlcjI=", "avatar_url": "https://alambic.github.com/avatars/u/2?", "gravatar_id": "", "url": "https://api.github.com/users/monalisa", "html_url": "https://github.com/monalisa", "followers_url": "https://api.github.com/users/monalisa/followers", "following_url": "https://api.github.com/users/monalisa/following{/other_user}", "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}", "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions", "organizations_url": "https://api.github.com/users/monalisa/orgs", "repos_url": "https://api.github.com/users/monalisa/repos", "events_url": "https://api.github.com/users/monalisa/events{/privacy}", "received_events_url": "https://api.github.com/users/monalisa/received_events", "type": "User", "site_admin": true }, "secret_type": "adafruit_io_key", "secret_type_display_name": "Adafruit IO Key", "secret": "aio_XXXXXXXXXXXXXXXXXXXXXXXXXXXX", "push_protection_bypassed_by": { "login": "monalisa", "id": 2, "node_id": "MDQ6VXNlcjI=", "avatar_url": "https://alambic.github.com/avatars/u/2?", "gravatar_id": "", "url": "https://api.github.com/users/monalisa", "html_url": "https://github.com/monalisa", "followers_url": "https://api.github.com/users/monalisa/followers", "following_url": "https://api.github.com/users/monalisa/following{/other_user}", "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}", "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions", "organizations_url": "https://api.github.com/users/monalisa/orgs", "repos_url": "https://api.github.com/users/monalisa/repos", "events_url": "https://api.github.com/users/monalisa/events{/privacy}", "received_events_url": "https://api.github.com/users/monalisa/received_events", "type": "User", "site_admin": true }, "push_protection_bypassed": true, "push_protection_bypassed_at": "2020-11-06T21:48:51Z" }, { "number": 1, "created_at": "2020-11-06T18:18:30Z", "url": "https://api.github.com/repos/owner/repo/secret-scanning/alerts/1", "html_url": "https://github.com/owner/repo/security/secret-scanning/1", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/1/locations", "state": "open", "resolution": null, "resolved_at": null, "resolved_by": null, "secret_type": "mailchimp_api_key", "secret_type_display_name": "Mailchimp API Key", "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2", "push_protection_bypassed_by": null, "push_protection_bypassed": false, "push_protection_bypassed_at": null } ]

Get a secret scanning alert

Gets a single secret scanning alert detected in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

参数

Headers
Name, Type, Description
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
ownerstringRequired

The account owner of the repository. The name is not case sensitive.

repostringRequired

The name of the repository. The name is not case sensitive.

alert_numberintegerRequired

The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the number field in the response from the GET /repos/{owner}/{repo}/code-scanning/alerts operation.

HTTP 响应状态代码

状态代码说明
200

OK

304

Not modified

404

Repository is public, or secret scanning is disabled for the repository, or the resource is not found

503

Service unavailable

代码示例

get/repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/secret-scanning/alerts/ALERT_NUMBER

Response

Status: 200
{ "number": 42, "created_at": "2020-11-06T18:18:30Z", "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42", "html_url": "https://github.com/owner/private-repo/security/secret-scanning/42", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42/locations", "state": "open", "secret_type": "mailchimp_api_key", "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2" }

Update a secret scanning alert

Updates the status of a secret scanning alert in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts write permission to use this endpoint.

参数

Headers
Name, Type, Description
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
ownerstringRequired

The account owner of the repository. The name is not case sensitive.

repostringRequired

The name of the repository. The name is not case sensitive.

alert_numberintegerRequired

The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the number field in the response from the GET /repos/{owner}/{repo}/code-scanning/alerts operation.

Body parameters
Name, Type, Description
statestringRequired

Sets the state of the secret scanning alert. You must provide resolution when you set the state to resolved.

Can be one of: open, resolved

resolutionstring or null

Required when the state is resolved. The reason for resolving the alert.

Can be one of: , false_positive, wont_fix, revoked, used_in_tests

HTTP 响应状态代码

状态代码说明
200

OK

404

Repository is public, or secret scanning is disabled for the repository, or the resource is not found

422

State does not match the resolution

503

Service unavailable

代码示例

patch/repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}
curl \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/secret-scanning/alerts/ALERT_NUMBER \ -d '{"state":"resolved","resolution":"false_positive"}'

Response

Status: 200
{ "number": 42, "created_at": "2020-11-06T18:18:30Z", "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42", "html_url": "https://github.com/owner/private-repo/security/secret-scanning/42", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42/locations", "state": "resolved", "resolution": "used_in_tests", "resolved_at": "2020-11-16T22:42:07Z", "resolved_by": { "login": "monalisa", "id": 2, "node_id": "MDQ6VXNlcjI=", "avatar_url": "https://alambic.github.com/avatars/u/2?", "gravatar_id": "", "url": "https://api.github.com/users/monalisa", "html_url": "https://github.com/monalisa", "followers_url": "https://api.github.com/users/monalisa/followers", "following_url": "https://api.github.com/users/monalisa/following{/other_user}", "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}", "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions", "organizations_url": "https://api.github.com/users/monalisa/orgs", "repos_url": "https://api.github.com/users/monalisa/repos", "events_url": "https://api.github.com/users/monalisa/events{/privacy}", "received_events_url": "https://api.github.com/users/monalisa/received_events", "type": "User", "site_admin": true }, "secret_type": "mailchimp_api_key", "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2" }