Skip to main content

秘密扫描

使用机密扫描 API 从存储库中检索和更新机密警报。

注意:秘密扫描 API 目前处于测试阶段,可能会更改。

关于机密扫描 API

秘密扫描 API 可让您:

  • 启用或禁用仓库的 秘密扫描。 更多信息请参阅“存储库”,并展开 REST API 文档中的“security_and_analysis 对象的属性”部分。
  • 从仓库中检索和更新 > - 秘密扫描 警报。 有关更多详细信息,请参阅以下部分。

有关 秘密扫描 的更多信息,请参阅“关于 秘密扫描”。

List secret scanning alerts for a repository

Lists secret scanning alerts for a private repository, from newest to oldest. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

参数

标头
名称, 类型, 描述
acceptstring

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 描述
ownerstring必选

The account owner of the repository. The name is not case sensitive.

repostring必选

The name of the repository. The name is not case sensitive.

查询参数
名称, 类型, 描述
statestring

Set to open or resolved to only list secret scanning alerts in a specific state.

可以是以下其中之一: open, resolved

secret_typestring

A comma-separated list of secret types to return. By default all secret types are returned. See "Secret scanning patterns" for a complete list of secret types.

resolutionstring

A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests.

pageinteger

Page number of the results to fetch.

默认值: 1

per_pageinteger

The number of results per page (max 100).

默认值: 30

HTTP 响应状态代码

状态代码描述
200

OK

404

Repository is public or secret scanning is disabled for the repository

503

Service unavailable

代码示例

get/repos/{owner}/{repo}/secret-scanning/alerts
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: token <TOKEN>" \ https://HOSTNAME/api/v3/repos/OWNER/REPO/secret-scanning/alerts

Response

Status: 200
[ { "number": 2, "created_at": "2020-11-06T18:48:51Z", "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2", "html_url": "https://github.com/owner/private-repo/security/secret-scanning/2", "state": "resolved", "resolution": "false_positive", "resolved_at": "2020-11-07T02:47:13Z", "resolved_by": { "login": "monalisa", "id": 2, "node_id": "MDQ6VXNlcjI=", "avatar_url": "https://alambic.github.com/avatars/u/2?", "gravatar_id": "", "url": "https://api.github.com/users/monalisa", "html_url": "https://github.com/monalisa", "followers_url": "https://api.github.com/users/monalisa/followers", "following_url": "https://api.github.com/users/monalisa/following{/other_user}", "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}", "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions", "organizations_url": "https://api.github.com/users/monalisa/orgs", "repos_url": "https://api.github.com/users/monalisa/repos", "events_url": "https://api.github.com/users/monalisa/events{/privacy}", "received_events_url": "https://api.github.com/users/monalisa/received_events", "type": "User", "site_admin": true }, "secret_type": "adafruit_io_key", "secret": "aio_XXXXXXXXXXXXXXXXXXXXXXXXXXXX" }, { "number": 1, "created_at": "2020-11-06T18:18:30Z", "url": "https://api.github.com/repos/owner/repo/secret-scanning/alerts/1", "html_url": "https://github.com/owner/repo/security/secret-scanning/1", "state": "open", "resolution": null, "resolved_at": null, "resolved_by": null, "secret_type": "mailchimp_api_key", "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2" } ]

Get a secret scanning alert

Gets a single secret scanning alert detected in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

参数

标头
名称, 类型, 描述
acceptstring

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 描述
ownerstring必选

The account owner of the repository. The name is not case sensitive.

repostring必选

The name of the repository. The name is not case sensitive.

alert_numberinteger必选

The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the number field in the response from the GET /repos/{owner}/{repo}/code-scanning/alerts operation.

HTTP 响应状态代码

状态代码描述
200

OK

304

Not modified

404

Repository is public, or secret scanning is disabled for the repository, or the resource is not found

503

Service unavailable

代码示例

get/repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: token <TOKEN>" \ https://HOSTNAME/api/v3/repos/OWNER/REPO/secret-scanning/alerts/ALERT_NUMBER

Response

Status: 200
{ "number": 42, "created_at": "2020-11-06T18:18:30Z", "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42", "html_url": "https://github.com/owner/private-repo/security/secret-scanning/42", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42/locations", "state": "open", "secret_type": "mailchimp_api_key", "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2" }

Update a secret scanning alert

Updates the status of a secret scanning alert in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts write permission to use this endpoint.

参数

标头
名称, 类型, 描述
acceptstring

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 描述
ownerstring必选

The account owner of the repository. The name is not case sensitive.

repostring必选

The name of the repository. The name is not case sensitive.

alert_numberinteger必选

The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the number field in the response from the GET /repos/{owner}/{repo}/code-scanning/alerts operation.

正文参数
名称, 类型, 描述
statestring必选

Sets the state of the secret scanning alert. Can be either open or resolved. You must provide resolution when you set the state to resolved.

可以是以下其中之一: open, resolved

resolutionstring or null

Required when the state is resolved. The reason for resolving the alert.

可以是以下其中之一: , false_positive, wont_fix, revoked, used_in_tests

HTTP 响应状态代码

状态代码描述
200

OK

404

Repository is public, or secret scanning is disabled for the repository, or the resource is not found

422

State does not match the resolution

503

Service unavailable

代码示例

patch/repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}
curl \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: token <TOKEN>" \ https://HOSTNAME/api/v3/repos/OWNER/REPO/secret-scanning/alerts/ALERT_NUMBER \ -d '{"state":"resolved","resolution":"false_positive"}'

Response

Status: 200
{ "number": 42, "created_at": "2020-11-06T18:18:30Z", "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42", "html_url": "https://github.com/owner/private-repo/security/secret-scanning/42", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42/locations", "state": "resolved", "resolution": "used_in_tests", "resolved_at": "2020-11-16T22:42:07Z", "resolved_by": { "login": "monalisa", "id": 2, "node_id": "MDQ6VXNlcjI=", "avatar_url": "https://alambic.github.com/avatars/u/2?", "gravatar_id": "", "url": "https://api.github.com/users/monalisa", "html_url": "https://github.com/monalisa", "followers_url": "https://api.github.com/users/monalisa/followers", "following_url": "https://api.github.com/users/monalisa/following{/other_user}", "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}", "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions", "organizations_url": "https://api.github.com/users/monalisa/orgs", "repos_url": "https://api.github.com/users/monalisa/repos", "events_url": "https://api.github.com/users/monalisa/events{/privacy}", "received_events_url": "https://api.github.com/users/monalisa/received_events", "type": "User", "site_admin": true }, "secret_type": "mailchimp_api_key", "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2" }