秘密扫描 API 可让您从 私有 仓库检索和更新密钥扫描警报。 有关密钥扫描更多信息,请参阅“关于密钥扫描”。
List secret scanning alerts for a repository
Lists all secret scanning alerts for a private repository, from newest to oldest. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.
GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.
get /repos/{owner}/{repo}/secret-scanning/alerts参数
| Name | Type | In | Description |
|---|---|---|---|
accept |
string | header |
Setting to |
owner |
string | path | |
repo |
string | path | |
state |
string | query |
Set to |
secret_type |
string | query |
A comma separated list of secret types to return. By default all secret types are returned. |
page |
integer | query |
Page number of the results to fetch. Default:1
|
per_page |
integer | query |
Results per page (max 100). Default:30
|
代码示例
Shell
curl \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/octocat/hello-world/secret-scanning/alertsJavaScript (@octokit/core.js)
await octokit.request('GET /repos/{owner}/{repo}/secret-scanning/alerts', {
owner: 'octocat',
repo: 'hello-world'
})
Response
Status: 200 OK[
{
"number": 2,
"created_at": "2020-11-06T18:48:51Z",
"url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2",
"html_url": "https://github.com/owner/private-repo/security/secret-scanning/2",
"state": "resolved",
"resolution": "false_positive",
"resolved_at": "2020-11-07T02:47:13Z",
"resolved_by": {
"login": "monalisa",
"id": 2,
"node_id": "MDQ6VXNlcjI=",
"avatar_url": "https://alambic.github.com/avatars/u/2?",
"gravatar_id": "",
"url": "https://api.github.com/users/monalisa",
"html_url": "https://github.com/monalisa",
"followers_url": "https://api.github.com/users/monalisa/followers",
"following_url": "https://api.github.com/users/monalisa/following{/other_user}",
"gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
"organizations_url": "https://api.github.com/users/monalisa/orgs",
"repos_url": "https://api.github.com/users/monalisa/repos",
"events_url": "https://api.github.com/users/monalisa/events{/privacy}",
"received_events_url": "https://api.github.com/users/monalisa/received_events",
"type": "User",
"site_admin": true
},
"secret_type": "adafruit_io_key",
"secret": "aio_XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
},
{
"number": 1,
"created_at": "2020-11-06T18:18:30Z",
"url": "https://api.github.com/repos/owner/repo/secret-scanning/alerts/1",
"html_url": "https://github.com/owner/repo/security/secret-scanning/1",
"state": "open",
"resolution": null,
"resolved_at": null,
"resolved_by": null,
"secret_type": "mailchimp_api_key",
"secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2"
}
]
Repository is public or secret scanning is disabled for the repository
Status: 404 Not FoundService unavailable
Status: 503 Service UnavailableNotes
Get a secret scanning alert
Gets a single secret scanning alert detected in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.
GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.
get /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}参数
| Name | Type | In | Description |
|---|---|---|---|
accept |
string | header |
Setting to |
owner |
string | path | |
repo |
string | path | |
alert_number |
integer | path |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
代码示例
Shell
curl \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/octocat/hello-world/secret-scanning/alerts/42JavaScript (@octokit/core.js)
await octokit.request('GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}', {
owner: 'octocat',
repo: 'hello-world',
alert_number: 42
})
Response
Status: 200 OK{
"number": 42,
"created_at": "2020-11-06T18:18:30Z",
"url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42",
"html_url": "https://github.com/owner/private-repo/security/secret-scanning/42",
"state": "open",
"resolution": null,
"resolved_at": null,
"resolved_by": null,
"secret_type": "mailchimp_api_key",
"secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2"
}
Repository is public, or secret scanning is disabled for the repository, or the resource is not found
Status: 404 Not FoundService unavailable
Status: 503 Service UnavailableNotes
Update a secret scanning alert
Updates the status of a secret scanning alert in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.
GitHub Apps must have the secret_scanning_alerts write permission to use this endpoint.
patch /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}参数
| Name | Type | In | Description |
|---|---|---|---|
accept |
string | header |
Setting to |
owner |
string | path | |
repo |
string | path | |
alert_number |
integer | path |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
state |
string | body |
Required. Sets the state of the secret scanning alert. Can be either |
resolution |
string or nullable | body |
Required when the |
代码示例
Shell
curl \
-X PATCH \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/octocat/hello-world/secret-scanning/alerts/42 \
-d '{"state":"state"}'JavaScript (@octokit/core.js)
await octokit.request('PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}', {
owner: 'octocat',
repo: 'hello-world',
alert_number: 42,
state: 'state'
})
Response
Status: 200 OK{
"number": 42,
"created_at": "2020-11-06T18:18:30Z",
"url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42",
"html_url": "https://github.com/owner/private-repo/security/secret-scanning/42",
"state": "resolved",
"resolution": "used_in_tests",
"resolved_at": "2020-11-16T22:42:07Z",
"resolved_by": {
"login": "monalisa",
"id": 2,
"node_id": "MDQ6VXNlcjI=",
"avatar_url": "https://alambic.github.com/avatars/u/2?",
"gravatar_id": "",
"url": "https://api.github.com/users/monalisa",
"html_url": "https://github.com/monalisa",
"followers_url": "https://api.github.com/users/monalisa/followers",
"following_url": "https://api.github.com/users/monalisa/following{/other_user}",
"gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
"organizations_url": "https://api.github.com/users/monalisa/orgs",
"repos_url": "https://api.github.com/users/monalisa/repos",
"events_url": "https://api.github.com/users/monalisa/events{/privacy}",
"received_events_url": "https://api.github.com/users/monalisa/received_events",
"type": "User",
"site_admin": true
},
"secret_type": "mailchimp_api_key",
"secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2"
}
Repository is public, or secret scanning is disabled for the repository, or the resource is not found
Status: 404 Not FoundState does not match the resolution
Status: 422 Unprocessable EntityService unavailable
Status: 503 Service Unavailable