REST-API-Endpunkte für Dependabot alerts

Hinweis: Die Möglichkeit, Dependabot-Warnungen mithilfe der REST-API zu verwalten, befindet sich derzeit in beta und kann sich ändern.

Informationen zu Dependabot alerts

Mit der REST-API kannst du Dependabot-Warnungen für ein Repository anzeigen und einzelne Warnungen aktualisieren. Weitere Informationen findest du unter Informationen zu Dependabot-Warnungen.

List Dependabot alerts for an enterprise

Lists Dependabot alerts for repositories that are owned by the specified enterprise.

The authenticated user must be a member of the enterprise to use this endpoint.

Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization."

OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint.

Differenzierte Zugriffstoken für "List Dependabot alerts for an enterprise"

Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.

Parameter für „List Dependabot alerts for an enterprise“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`enterprise` string Erforderlich The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Abfrageparameter
Name, type, BESCHREIBUNG
`state` string A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: `auto_dismissed`, `dismissed`, `fixed`, `open`
`severity` string A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: `low`, `medium`, `high`, `critical`
`ecosystem` string A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: `composer`, `go`, `maven`, `npm`, `nuget`, `pip`, `pub`, `rubygems`, `rust`
`package` string A comma-separated list of package names. If specified, only alerts for these packages will be returned.
`scope` string The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. Kann eine der Folgenden sein: `development`, `runtime`
`sort` string The property by which to sort the results. `created` means when the alert was created. `updated` means when the alert's state last changed. Standard: `created` Kann eine der Folgenden sein: `created`, `updated`
`direction` string The direction to sort the results by. Standard: `desc` Kann eine der Folgenden sein: `asc`, `desc`
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."
`first` integer Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with `last`. Instead, use `per_page` in combination with `after` to fetch the first page of results. Standard: `30`
`last` integer Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with `first`. Instead, use `per_page` in combination with `before` to fetch the last page of results.
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: `30`

HTTP-Antwortstatuscodes für „List Dependabot alerts for an enterprise“

Statuscode	BESCHREIBUNG
`200`	OK
`304`	Not modified
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Codebeispiele für „List Dependabot alerts for an enterprise“

Anforderungsbeispiel

get/enterprises/{enterprise}/dependabot/alerts

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/dependabot/alerts

Response

Status: 200

[
  {
    "number": 2,
    "state": "dismissed",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-rf4j-j272-fj86",
      "cve_id": "CVE-2018-6188",
      "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
      "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
          "first_patched_version": {
            "identifier": "2.0.2"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
          "first_patched_version": {
            "identifier": "1.11.10"
          }
        }
      ],
      "severity": "high",
      "cvss": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "score": 7.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
          "score": 8.7
        }
      },
      "cwes": [
        {
          "cwe_id": "CWE-200",
          "name": "Exposure of Sensitive Information to an Unauthorized Actor"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-rf4j-j272-fj86"
        },
        {
          "type": "CVE",
          "value": "CVE-2018-6188"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
        },
        {
          "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
        },
        {
          "url": "https://usn.ubuntu.com/3559-1/"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
        },
        {
          "url": "http://www.securitytracker.com/id/1040422"
        }
      ],
      "published_at": "2018-10-03T21:13:54Z",
      "updated_at": "2022-04-26T18:35:37Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "severity": "high",
      "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
      "first_patched_version": {
        "identifier": "2.0.2"
      }
    },
    "url": "https://HOSTNAME/repos/octo-org/octo-repo/dependabot/alerts/2",
    "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
    "created_at": "2022-06-15T07:43:03Z",
    "updated_at": "2022-08-23T14:29:47Z",
    "dismissed_at": "2022-08-23T14:29:47Z",
    "dismissed_by": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://HOSTNAME/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://HOSTNAME/users/octocat/followers",
      "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
      "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
      "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
      "organizations_url": "https://HOSTNAME/users/octocat/orgs",
      "repos_url": "https://HOSTNAME/users/octocat/repos",
      "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
      "received_events_url": "https://HOSTNAME/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "dismissed_reason": "tolerable_risk",
    "dismissed_comment": "This alert is accurate but we use a sanitizer.",
    "fixed_at": null,
    "repository": {
      "id": 217723378,
      "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
      "name": "octo-repo",
      "full_name": "octo-org/octo-repo",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://HOSTNAME/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://HOSTNAME/users/octo-org/followers",
        "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octo-org/orgs",
        "repos_url": "https://HOSTNAME/users/octo-org/repos",
        "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/octo-repo",
      "description": null,
      "fork": false,
      "url": "https://HOSTNAME/repos/octo-org/octo-repo",
      "archive_url": "https://HOSTNAME/repos/octo-org/octo-repo/{archive_format}{/ref}",
      "assignees_url": "https://HOSTNAME/repos/octo-org/octo-repo/assignees{/user}",
      "blobs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/blobs{/sha}",
      "branches_url": "https://HOSTNAME/repos/octo-org/octo-repo/branches{/branch}",
      "collaborators_url": "https://HOSTNAME/repos/octo-org/octo-repo/collaborators{/collaborator}",
      "comments_url": "https://HOSTNAME/repos/octo-org/octo-repo/comments{/number}",
      "commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/commits{/sha}",
      "compare_url": "https://HOSTNAME/repos/octo-org/octo-repo/compare/{base}...{head}",
      "contents_url": "https://HOSTNAME/repos/octo-org/octo-repo/contents/{+path}",
      "contributors_url": "https://HOSTNAME/repos/octo-org/octo-repo/contributors",
      "deployments_url": "https://HOSTNAME/repos/octo-org/octo-repo/deployments",
      "downloads_url": "https://HOSTNAME/repos/octo-org/octo-repo/downloads",
      "events_url": "https://HOSTNAME/repos/octo-org/octo-repo/events",
      "forks_url": "https://HOSTNAME/repos/octo-org/octo-repo/forks",
      "git_commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/commits{/sha}",
      "git_refs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/refs{/sha}",
      "git_tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/tags{/sha}",
      "hooks_url": "https://HOSTNAME/repos/octo-org/octo-repo/hooks",
      "issue_comment_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/comments{/number}",
      "issue_events_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/events{/number}",
      "issues_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues{/number}",
      "keys_url": "https://HOSTNAME/repos/octo-org/octo-repo/keys{/key_id}",
      "labels_url": "https://HOSTNAME/repos/octo-org/octo-repo/labels{/name}",
      "languages_url": "https://HOSTNAME/repos/octo-org/octo-repo/languages",
      "merges_url": "https://HOSTNAME/repos/octo-org/octo-repo/merges",
      "milestones_url": "https://HOSTNAME/repos/octo-org/octo-repo/milestones{/number}",
      "notifications_url": "https://HOSTNAME/repos/octo-org/octo-repo/notifications{?since,all,participating}",
      "pulls_url": "https://HOSTNAME/repos/octo-org/octo-repo/pulls{/number}",
      "releases_url": "https://HOSTNAME/repos/octo-org/octo-repo/releases{/id}",
      "stargazers_url": "https://HOSTNAME/repos/octo-org/octo-repo/stargazers",
      "statuses_url": "https://HOSTNAME/repos/octo-org/octo-repo/statuses/{sha}",
      "subscribers_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscribers",
      "subscription_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscription",
      "tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/tags",
      "teams_url": "https://HOSTNAME/repos/octo-org/octo-repo/teams",
      "trees_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/trees{/sha}"
    }
  },
  {
    "number": 1,
    "state": "open",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-8f4m-hccc-8qph",
      "cve_id": "CVE-2021-20191",
      "summary": "Insertion of Sensitive Information into Log File in ansible",
      "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
          "first_patched_version": {
            "identifier": "2.9.18"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": "< 2.8.19",
          "first_patched_version": {
            "identifier": "2.8.19"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
          "first_patched_version": {
            "identifier": "2.10.7"
          }
        }
      ],
      "severity": "medium",
      "cvss": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "score": 5.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "score": 8.5
        }
      },
      "cwes": [
        {
          "cwe_id": "CWE-532",
          "name": "Insertion of Sensitive Information into Log File"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-8f4m-hccc-8qph"
        },
        {
          "type": "CVE",
          "value": "CVE-2021-20191"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2021-20191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
        }
      ],
      "published_at": "2021-06-01T17:38:00Z",
      "updated_at": "2021-08-12T23:06:00Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "severity": "medium",
      "vulnerable_version_range": "< 2.8.19",
      "first_patched_version": {
        "identifier": "2.8.19"
      }
    },
    "url": "https://HOSTNAME/repos/octo-org/hello-world/dependabot/alerts/1",
    "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
    "created_at": "2022-06-14T15:21:52Z",
    "updated_at": "2022-06-14T15:21:52Z",
    "dismissed_at": null,
    "dismissed_by": null,
    "dismissed_reason": null,
    "dismissed_comment": null,
    "fixed_at": null,
    "repository": {
      "id": 664700648,
      "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
      "name": "hello-world",
      "full_name": "octo-org/hello-world",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://HOSTNAME/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://HOSTNAME/users/octo-org/followers",
        "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octo-org/orgs",
        "repos_url": "https://HOSTNAME/users/octo-org/repos",
        "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/hello-world",
      "description": null,
      "fork": false,
      "url": "https://HOSTNAME/repos/octo-org/hello-world",
      "archive_url": "https://HOSTNAME/repos/octo-org/hello-world/{archive_format}{/ref}",
      "assignees_url": "https://HOSTNAME/repos/octo-org/hello-world/assignees{/user}",
      "blobs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/blobs{/sha}",
      "branches_url": "https://HOSTNAME/repos/octo-org/hello-world/branches{/branch}",
      "collaborators_url": "https://HOSTNAME/repos/octo-org/hello-world/collaborators{/collaborator}",
      "comments_url": "https://HOSTNAME/repos/octo-org/hello-world/comments{/number}",
      "commits_url": "https://HOSTNAME/repos/octo-org/hello-world/commits{/sha}",
      "compare_url": "https://HOSTNAME/repos/octo-org/hello-world/compare/{base}...{head}",
      "contents_url": "https://HOSTNAME/repos/octo-org/hello-world/contents/{+path}",
      "contributors_url": "https://HOSTNAME/repos/octo-org/hello-world/contributors",
      "deployments_url": "https://HOSTNAME/repos/octo-org/hello-world/deployments",
      "downloads_url": "https://HOSTNAME/repos/octo-org/hello-world/downloads",
      "events_url": "https://HOSTNAME/repos/octo-org/hello-world/events",
      "forks_url": "https://HOSTNAME/repos/octo-org/hello-world/forks",
      "git_commits_url": "https://HOSTNAME/repos/octo-org/hello-world/git/commits{/sha}",
      "git_refs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/refs{/sha}",
      "git_tags_url": "https://HOSTNAME/repos/octo-org/hello-world/git/tags{/sha}",
      "hooks_url": "https://HOSTNAME/repos/octo-org/hello-world/hooks",
      "issue_comment_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/comments{/number}",
      "issue_events_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/events{/number}",
      "issues_url": "https://HOSTNAME/repos/octo-org/hello-world/issues{/number}",
      "keys_url": "https://HOSTNAME/repos/octo-org/hello-world/keys{/key_id}",
      "labels_url": "https://HOSTNAME/repos/octo-org/hello-world/labels{/name}",
      "languages_url": "https://HOSTNAME/repos/octo-org/hello-world/languages",
      "merges_url": "https://HOSTNAME/repos/octo-org/hello-world/merges",
      "milestones_url": "https://HOSTNAME/repos/octo-org/hello-world/milestones{/number}",
      "notifications_url": "https://HOSTNAME/repos/octo-org/hello-world/notifications{?since,all,participating}",
      "pulls_url": "https://HOSTNAME/repos/octo-org/hello-world/pulls{/number}",
      "releases_url": "https://HOSTNAME/repos/octo-org/hello-world/releases{/id}",
      "stargazers_url": "https://HOSTNAME/repos/octo-org/hello-world/stargazers",
      "statuses_url": "https://HOSTNAME/repos/octo-org/hello-world/statuses/{sha}",
      "subscribers_url": "https://HOSTNAME/repos/octo-org/hello-world/subscribers",
      "subscription_url": "https://HOSTNAME/repos/octo-org/hello-world/subscription",
      "tags_url": "https://HOSTNAME/repos/octo-org/hello-world/tags",
      "teams_url": "https://HOSTNAME/repos/octo-org/hello-world/teams",
      "trees_url": "https://HOSTNAME/repos/octo-org/hello-world/git/trees{/sha}"
    }
  }
]

List Dependabot alerts for an organization

Lists Dependabot alerts for an organization.

The authenticated user must be an owner or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Differenzierte Zugriffstoken für "List Dependabot alerts for an organization"

Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:

Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:

"Dependabot alerts" repository permissions (read)

Parameter für „List Dependabot alerts for an organization“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`org` string Erforderlich The organization name. The name is not case sensitive.

Abfrageparameter
Name, type, BESCHREIBUNG
`state` string A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: `auto_dismissed`, `dismissed`, `fixed`, `open`
`severity` string A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: `low`, `medium`, `high`, `critical`
`ecosystem` string A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: `composer`, `go`, `maven`, `npm`, `nuget`, `pip`, `pub`, `rubygems`, `rust`
`package` string A comma-separated list of package names. If specified, only alerts for these packages will be returned.
`scope` string The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. Kann eine der Folgenden sein: `development`, `runtime`
`sort` string The property by which to sort the results. `created` means when the alert was created. `updated` means when the alert's state last changed. Standard: `created` Kann eine der Folgenden sein: `created`, `updated`
`direction` string The direction to sort the results by. Standard: `desc` Kann eine der Folgenden sein: `asc`, `desc`
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."
`first` integer Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with `last`. Instead, use `per_page` in combination with `after` to fetch the first page of results. Standard: `30`
`last` integer Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with `first`. Instead, use `per_page` in combination with `before` to fetch the last page of results.
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: `30`

HTTP-Antwortstatuscodes für „List Dependabot alerts for an organization“

Statuscode	BESCHREIBUNG
`200`	OK
`304`	Not modified
`400`	Bad Request
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Codebeispiele für „List Dependabot alerts for an organization“

Anforderungsbeispiel

get/orgs/{org}/dependabot/alerts

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/orgs/ORG/dependabot/alerts

Response

Status: 200

[
  {
    "number": 2,
    "state": "dismissed",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-rf4j-j272-fj86",
      "cve_id": "CVE-2018-6188",
      "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
      "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
          "first_patched_version": {
            "identifier": "2.0.2"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
          "first_patched_version": {
            "identifier": "1.11.10"
          }
        }
      ],
      "severity": "high",
      "cvss": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "score": 7.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
          "score": 8.7
        }
      },
      "cwes": [
        {
          "cwe_id": "CWE-200",
          "name": "Exposure of Sensitive Information to an Unauthorized Actor"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-rf4j-j272-fj86"
        },
        {
          "type": "CVE",
          "value": "CVE-2018-6188"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
        },
        {
          "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
        },
        {
          "url": "https://usn.ubuntu.com/3559-1/"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
        },
        {
          "url": "http://www.securitytracker.com/id/1040422"
        }
      ],
      "published_at": "2018-10-03T21:13:54Z",
      "updated_at": "2022-04-26T18:35:37Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "severity": "high",
      "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
      "first_patched_version": {
        "identifier": "2.0.2"
      }
    },
    "url": "https://HOSTNAME/repos/octo-org/octo-repo/dependabot/alerts/2",
    "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
    "created_at": "2022-06-15T07:43:03Z",
    "updated_at": "2022-08-23T14:29:47Z",
    "dismissed_at": "2022-08-23T14:29:47Z",
    "dismissed_by": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://HOSTNAME/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://HOSTNAME/users/octocat/followers",
      "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
      "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
      "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
      "organizations_url": "https://HOSTNAME/users/octocat/orgs",
      "repos_url": "https://HOSTNAME/users/octocat/repos",
      "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
      "received_events_url": "https://HOSTNAME/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "dismissed_reason": "tolerable_risk",
    "dismissed_comment": "This alert is accurate but we use a sanitizer.",
    "fixed_at": null,
    "repository": {
      "id": 217723378,
      "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
      "name": "octo-repo",
      "full_name": "octo-org/octo-repo",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://HOSTNAME/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://HOSTNAME/users/octo-org/followers",
        "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octo-org/orgs",
        "repos_url": "https://HOSTNAME/users/octo-org/repos",
        "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/octo-repo",
      "description": null,
      "fork": false,
      "url": "https://HOSTNAME/repos/octo-org/octo-repo",
      "archive_url": "https://HOSTNAME/repos/octo-org/octo-repo/{archive_format}{/ref}",
      "assignees_url": "https://HOSTNAME/repos/octo-org/octo-repo/assignees{/user}",
      "blobs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/blobs{/sha}",
      "branches_url": "https://HOSTNAME/repos/octo-org/octo-repo/branches{/branch}",
      "collaborators_url": "https://HOSTNAME/repos/octo-org/octo-repo/collaborators{/collaborator}",
      "comments_url": "https://HOSTNAME/repos/octo-org/octo-repo/comments{/number}",
      "commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/commits{/sha}",
      "compare_url": "https://HOSTNAME/repos/octo-org/octo-repo/compare/{base}...{head}",
      "contents_url": "https://HOSTNAME/repos/octo-org/octo-repo/contents/{+path}",
      "contributors_url": "https://HOSTNAME/repos/octo-org/octo-repo/contributors",
      "deployments_url": "https://HOSTNAME/repos/octo-org/octo-repo/deployments",
      "downloads_url": "https://HOSTNAME/repos/octo-org/octo-repo/downloads",
      "events_url": "https://HOSTNAME/repos/octo-org/octo-repo/events",
      "forks_url": "https://HOSTNAME/repos/octo-org/octo-repo/forks",
      "git_commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/commits{/sha}",
      "git_refs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/refs{/sha}",
      "git_tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/tags{/sha}",
      "hooks_url": "https://HOSTNAME/repos/octo-org/octo-repo/hooks",
      "issue_comment_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/comments{/number}",
      "issue_events_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/events{/number}",
      "issues_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues{/number}",
      "keys_url": "https://HOSTNAME/repos/octo-org/octo-repo/keys{/key_id}",
      "labels_url": "https://HOSTNAME/repos/octo-org/octo-repo/labels{/name}",
      "languages_url": "https://HOSTNAME/repos/octo-org/octo-repo/languages",
      "merges_url": "https://HOSTNAME/repos/octo-org/octo-repo/merges",
      "milestones_url": "https://HOSTNAME/repos/octo-org/octo-repo/milestones{/number}",
      "notifications_url": "https://HOSTNAME/repos/octo-org/octo-repo/notifications{?since,all,participating}",
      "pulls_url": "https://HOSTNAME/repos/octo-org/octo-repo/pulls{/number}",
      "releases_url": "https://HOSTNAME/repos/octo-org/octo-repo/releases{/id}",
      "stargazers_url": "https://HOSTNAME/repos/octo-org/octo-repo/stargazers",
      "statuses_url": "https://HOSTNAME/repos/octo-org/octo-repo/statuses/{sha}",
      "subscribers_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscribers",
      "subscription_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscription",
      "tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/tags",
      "teams_url": "https://HOSTNAME/repos/octo-org/octo-repo/teams",
      "trees_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/trees{/sha}"
    }
  },
  {
    "number": 1,
    "state": "open",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-8f4m-hccc-8qph",
      "cve_id": "CVE-2021-20191",
      "summary": "Insertion of Sensitive Information into Log File in ansible",
      "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
          "first_patched_version": {
            "identifier": "2.9.18"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": "< 2.8.19",
          "first_patched_version": {
            "identifier": "2.8.19"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
          "first_patched_version": {
            "identifier": "2.10.7"
          }
        }
      ],
      "severity": "medium",
      "cvss": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "score": 5.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "score": 8.5
        }
      },
      "cwes": [
        {
          "cwe_id": "CWE-532",
          "name": "Insertion of Sensitive Information into Log File"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-8f4m-hccc-8qph"
        },
        {
          "type": "CVE",
          "value": "CVE-2021-20191"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2021-20191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
        }
      ],
      "published_at": "2021-06-01T17:38:00Z",
      "updated_at": "2021-08-12T23:06:00Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "severity": "medium",
      "vulnerable_version_range": "< 2.8.19",
      "first_patched_version": {
        "identifier": "2.8.19"
      }
    },
    "url": "https://HOSTNAME/repos/octo-org/hello-world/dependabot/alerts/1",
    "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
    "created_at": "2022-06-14T15:21:52Z",
    "updated_at": "2022-06-14T15:21:52Z",
    "dismissed_at": null,
    "dismissed_by": null,
    "dismissed_reason": null,
    "dismissed_comment": null,
    "fixed_at": null,
    "repository": {
      "id": 664700648,
      "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
      "name": "hello-world",
      "full_name": "octo-org/hello-world",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://HOSTNAME/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://HOSTNAME/users/octo-org/followers",
        "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octo-org/orgs",
        "repos_url": "https://HOSTNAME/users/octo-org/repos",
        "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/hello-world",
      "description": null,
      "fork": false,
      "url": "https://HOSTNAME/repos/octo-org/hello-world",
      "archive_url": "https://HOSTNAME/repos/octo-org/hello-world/{archive_format}{/ref}",
      "assignees_url": "https://HOSTNAME/repos/octo-org/hello-world/assignees{/user}",
      "blobs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/blobs{/sha}",
      "branches_url": "https://HOSTNAME/repos/octo-org/hello-world/branches{/branch}",
      "collaborators_url": "https://HOSTNAME/repos/octo-org/hello-world/collaborators{/collaborator}",
      "comments_url": "https://HOSTNAME/repos/octo-org/hello-world/comments{/number}",
      "commits_url": "https://HOSTNAME/repos/octo-org/hello-world/commits{/sha}",
      "compare_url": "https://HOSTNAME/repos/octo-org/hello-world/compare/{base}...{head}",
      "contents_url": "https://HOSTNAME/repos/octo-org/hello-world/contents/{+path}",
      "contributors_url": "https://HOSTNAME/repos/octo-org/hello-world/contributors",
      "deployments_url": "https://HOSTNAME/repos/octo-org/hello-world/deployments",
      "downloads_url": "https://HOSTNAME/repos/octo-org/hello-world/downloads",
      "events_url": "https://HOSTNAME/repos/octo-org/hello-world/events",
      "forks_url": "https://HOSTNAME/repos/octo-org/hello-world/forks",
      "git_commits_url": "https://HOSTNAME/repos/octo-org/hello-world/git/commits{/sha}",
      "git_refs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/refs{/sha}",
      "git_tags_url": "https://HOSTNAME/repos/octo-org/hello-world/git/tags{/sha}",
      "hooks_url": "https://HOSTNAME/repos/octo-org/hello-world/hooks",
      "issue_comment_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/comments{/number}",
      "issue_events_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/events{/number}",
      "issues_url": "https://HOSTNAME/repos/octo-org/hello-world/issues{/number}",
      "keys_url": "https://HOSTNAME/repos/octo-org/hello-world/keys{/key_id}",
      "labels_url": "https://HOSTNAME/repos/octo-org/hello-world/labels{/name}",
      "languages_url": "https://HOSTNAME/repos/octo-org/hello-world/languages",
      "merges_url": "https://HOSTNAME/repos/octo-org/hello-world/merges",
      "milestones_url": "https://HOSTNAME/repos/octo-org/hello-world/milestones{/number}",
      "notifications_url": "https://HOSTNAME/repos/octo-org/hello-world/notifications{?since,all,participating}",
      "pulls_url": "https://HOSTNAME/repos/octo-org/hello-world/pulls{/number}",
      "releases_url": "https://HOSTNAME/repos/octo-org/hello-world/releases{/id}",
      "stargazers_url": "https://HOSTNAME/repos/octo-org/hello-world/stargazers",
      "statuses_url": "https://HOSTNAME/repos/octo-org/hello-world/statuses/{sha}",
      "subscribers_url": "https://HOSTNAME/repos/octo-org/hello-world/subscribers",
      "subscription_url": "https://HOSTNAME/repos/octo-org/hello-world/subscription",
      "tags_url": "https://HOSTNAME/repos/octo-org/hello-world/tags",
      "teams_url": "https://HOSTNAME/repos/octo-org/hello-world/teams",
      "trees_url": "https://HOSTNAME/repos/octo-org/hello-world/git/trees{/sha}"
    }
  }
]

List Dependabot alerts for a repository

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Differenzierte Zugriffstoken für "List Dependabot alerts for a repository"

Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:

Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:

"Dependabot alerts" repository permissions (read)

Parameter für „List Dependabot alerts for a repository“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`owner` string Erforderlich The account owner of the repository. The name is not case sensitive.
`repo` string Erforderlich The name of the repository without the `.git` extension. The name is not case sensitive.

Abfrageparameter
Name, type, BESCHREIBUNG
`state` string A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: `auto_dismissed`, `dismissed`, `fixed`, `open`
`severity` string A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: `low`, `medium`, `high`, `critical`
`ecosystem` string A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: `composer`, `go`, `maven`, `npm`, `nuget`, `pip`, `pub`, `rubygems`, `rust`
`package` string A comma-separated list of package names. If specified, only alerts for these packages will be returned.
`manifest` string A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned.
`scope` string The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. Kann eine der Folgenden sein: `development`, `runtime`
`sort` string The property by which to sort the results. `created` means when the alert was created. `updated` means when the alert's state last changed. Standard: `created` Kann eine der Folgenden sein: `created`, `updated`
`direction` string The direction to sort the results by. Standard: `desc` Kann eine der Folgenden sein: `asc`, `desc`
`page` integer Closing down notice. Page number of the results to fetch. Use cursor-based pagination with `before` or `after` instead. Standard: `1`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: `30`
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."
`first` integer Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with `last`. Instead, use `per_page` in combination with `after` to fetch the first page of results. Standard: `30`
`last` integer Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with `first`. Instead, use `per_page` in combination with `before` to fetch the last page of results.

HTTP-Antwortstatuscodes für „List Dependabot alerts for a repository“

Statuscode	BESCHREIBUNG
`200`	OK
`304`	Not modified
`400`	Bad Request
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Codebeispiele für „List Dependabot alerts for a repository“

Anforderungsbeispiel

get/repos/{owner}/{repo}/dependabot/alerts

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependabot/alerts

Response

Status: 200

[
  {
    "number": 2,
    "state": "dismissed",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-rf4j-j272-fj86",
      "cve_id": "CVE-2018-6188",
      "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
      "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
          "first_patched_version": {
            "identifier": "2.0.2"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
          "first_patched_version": {
            "identifier": "1.11.10"
          }
        }
      ],
      "severity": "high",
      "cvss": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "score": 7.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
          "score": 8.7
        }
      },
      "cwes": [
        {
          "cwe_id": "CWE-200",
          "name": "Exposure of Sensitive Information to an Unauthorized Actor"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-rf4j-j272-fj86"
        },
        {
          "type": "CVE",
          "value": "CVE-2018-6188"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
        },
        {
          "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
        },
        {
          "url": "https://usn.ubuntu.com/3559-1/"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
        },
        {
          "url": "http://www.securitytracker.com/id/1040422"
        }
      ],
      "published_at": "2018-10-03T21:13:54Z",
      "updated_at": "2022-04-26T18:35:37Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "severity": "high",
      "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
      "first_patched_version": {
        "identifier": "2.0.2"
      }
    },
    "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/2",
    "html_url": "https://github.com/octocat/hello-world/security/dependabot/2",
    "created_at": "2022-06-15T07:43:03Z",
    "updated_at": "2022-08-23T14:29:47Z",
    "dismissed_at": "2022-08-23T14:29:47Z",
    "dismissed_by": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://HOSTNAME/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://HOSTNAME/users/octocat/followers",
      "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
      "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
      "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
      "organizations_url": "https://HOSTNAME/users/octocat/orgs",
      "repos_url": "https://HOSTNAME/users/octocat/repos",
      "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
      "received_events_url": "https://HOSTNAME/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "dismissed_reason": "tolerable_risk",
    "dismissed_comment": "This alert is accurate but we use a sanitizer.",
    "fixed_at": null
  },
  {
    "number": 1,
    "state": "open",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-8f4m-hccc-8qph",
      "cve_id": "CVE-2021-20191",
      "summary": "Insertion of Sensitive Information into Log File in ansible",
      "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
          "first_patched_version": {
            "identifier": "2.9.18"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": "< 2.8.19",
          "first_patched_version": {
            "identifier": "2.8.19"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
          "first_patched_version": {
            "identifier": "2.10.7"
          }
        }
      ],
      "severity": "medium",
      "cvss": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "score": 5.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "score": 8.5
        }
      },
      "cwes": [
        {
          "cwe_id": "CWE-532",
          "name": "Insertion of Sensitive Information into Log File"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-8f4m-hccc-8qph"
        },
        {
          "type": "CVE",
          "value": "CVE-2021-20191"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2021-20191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
        }
      ],
      "published_at": "2021-06-01T17:38:00Z",
      "updated_at": "2021-08-12T23:06:00Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "severity": "medium",
      "vulnerable_version_range": "< 2.8.19",
      "first_patched_version": {
        "identifier": "2.8.19"
      }
    },
    "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/1",
    "html_url": "https://github.com/octocat/hello-world/security/dependabot/1",
    "created_at": "2022-06-14T15:21:52Z",
    "updated_at": "2022-06-14T15:21:52Z",
    "dismissed_at": null,
    "dismissed_by": null,
    "dismissed_reason": null,
    "dismissed_comment": null,
    "fixed_at": null
  }
]

Get a Dependabot alert

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Differenzierte Zugriffstoken für "Get a Dependabot alert"

Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:

Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:

"Dependabot alerts" repository permissions (read)

Parameter für „Get a Dependabot alert“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`owner` string Erforderlich The account owner of the repository. The name is not case sensitive.
`repo` string Erforderlich The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Erforderlich The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in `number` fields in the response from the `GET /repos/{owner}/{repo}/dependabot/alerts` operation.

HTTP-Antwortstatuscodes für „Get a Dependabot alert“

Statuscode	BESCHREIBUNG
`200`	OK
`304`	Not modified
`403`	Forbidden
`404`	Resource not found

Codebeispiele für „Get a Dependabot alert“

Anforderungsbeispiel

get/repos/{owner}/{repo}/dependabot/alerts/{alert_number}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER

Response

Status: 200

{
  "number": 1,
  "state": "open",
  "dependency": {
    "package": {
      "ecosystem": "pip",
      "name": "ansible"
    },
    "manifest_path": "path/to/requirements.txt",
    "scope": "runtime"
  },
  "security_advisory": {
    "ghsa_id": "GHSA-8f4m-hccc-8qph",
    "cve_id": "CVE-2021-20191",
    "summary": "Insertion of Sensitive Information into Log File in ansible",
    "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "pip",
          "name": "ansible"
        },
        "severity": "medium",
        "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
        "first_patched_version": {
          "identifier": "2.9.18"
        }
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "ansible"
        },
        "severity": "medium",
        "vulnerable_version_range": "< 2.8.19",
        "first_patched_version": {
          "identifier": "2.8.19"
        }
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "ansible"
        },
        "severity": "medium",
        "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
        "first_patched_version": {
          "identifier": "2.10.7"
        }
      }
    ],
    "severity": "medium",
    "cvss": {
      "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "score": 5.5
    },
    "cvss_severities": {
      "cvss_v3": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cvss_v4": {
        "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "score": 8.5
      }
    },
    "cwes": [
      {
        "cwe_id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      }
    ],
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-8f4m-hccc-8qph"
      },
      {
        "type": "CVE",
        "value": "CVE-2021-20191"
      }
    ],
    "references": [
      {
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
      },
      {
        "url": "https://access.redhat.com/security/cve/cve-2021-20191"
      },
      {
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
      }
    ],
    "published_at": "2021-06-01T17:38:00Z",
    "updated_at": "2021-08-12T23:06:00Z",
    "withdrawn_at": null
  },
  "security_vulnerability": {
    "package": {
      "ecosystem": "pip",
      "name": "ansible"
    },
    "severity": "medium",
    "vulnerable_version_range": "< 2.8.19",
    "first_patched_version": {
      "identifier": "2.8.19"
    }
  },
  "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/1",
  "html_url": "https://github.com/octocat/hello-world/security/dependabot/1",
  "created_at": "2022-06-14T15:21:52Z",
  "updated_at": "2022-06-14T15:21:52Z",
  "dismissed_at": null,
  "dismissed_by": null,
  "dismissed_reason": null,
  "dismissed_comment": null,
  "fixed_at": null
}

Update a Dependabot alert

The authenticated user must have access to security alerts for the repository to use this endpoint. For more information, see "Granting access to security alerts."

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Differenzierte Zugriffstoken für "Update a Dependabot alert"

Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:

Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:

"Dependabot alerts" repository permissions (write)

Parameter für „Update a Dependabot alert“

Header
Name, type, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
`owner` string Erforderlich The account owner of the repository. The name is not case sensitive.
`repo` string Erforderlich The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Erforderlich The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in `number` fields in the response from the `GET /repos/{owner}/{repo}/dependabot/alerts` operation.

Textparameter
Name, type, BESCHREIBUNG
`state` string Erforderlich The state of the Dependabot alert. A `dismissed_reason` must be provided when setting the state to `dismissed`. Kann eine der Folgenden sein: `dismissed`, `open`
`dismissed_reason` string Required when `state` is `dismissed`. A reason for dismissing the alert. Kann eine der Folgenden sein: `fix_started`, `inaccurate`, `no_bandwidth`, `not_used`, `tolerable_risk`
`dismissed_comment` string An optional comment associated with dismissing the alert.

HTTP-Antwortstatuscodes für „Update a Dependabot alert“

Statuscode	BESCHREIBUNG
`200`	OK
`400`	Bad Request
`403`	Forbidden
`404`	Resource not found
`409`	Conflict
`422`	Validation failed, or the endpoint has been spammed.

Codebeispiele für „Update a Dependabot alert“

Anforderungsbeispiel

patch/repos/{owner}/{repo}/dependabot/alerts/{alert_number}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \
  -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'

Response

Status: 200

{
  "number": 2,
  "state": "dismissed",
  "dependency": {
    "package": {
      "ecosystem": "pip",
      "name": "django"
    },
    "manifest_path": "path/to/requirements.txt",
    "scope": "runtime"
  },
  "security_advisory": {
    "ghsa_id": "GHSA-rf4j-j272-fj86",
    "cve_id": "CVE-2018-6188",
    "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
    "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "pip",
          "name": "django"
        },
        "severity": "high",
        "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
        "first_patched_version": {
          "identifier": "2.0.2"
        }
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "django"
        },
        "severity": "high",
        "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
        "first_patched_version": {
          "identifier": "1.11.10"
        }
      }
    ],
    "severity": "high",
    "cvss": {
      "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "score": 7.5
    },
    "cvss_severities": {
      "cvss_v3": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cvss_v4": {
        "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "score": 8.7
      }
    },
    "cwes": [
      {
        "cwe_id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      }
    ],
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-rf4j-j272-fj86"
      },
      {
        "type": "CVE",
        "value": "CVE-2018-6188"
      }
    ],
    "references": [
      {
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
      },
      {
        "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
      },
      {
        "url": "https://usn.ubuntu.com/3559-1/"
      },
      {
        "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
      },
      {
        "url": "http://www.securitytracker.com/id/1040422"
      }
    ],
    "published_at": "2018-10-03T21:13:54Z",
    "updated_at": "2022-04-26T18:35:37Z",
    "withdrawn_at": null
  },
  "security_vulnerability": {
    "package": {
      "ecosystem": "pip",
      "name": "django"
    },
    "severity": "high",
    "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
    "first_patched_version": {
      "identifier": "2.0.2"
    }
  },
  "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/2",
  "html_url": "https://github.com/octocat/hello-world/security/dependabot/2",
  "created_at": "2022-06-15T07:43:03Z",
  "updated_at": "2022-08-23T14:29:47Z",
  "dismissed_at": "2022-08-23T14:29:47Z",
  "dismissed_by": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://HOSTNAME/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://HOSTNAME/users/octocat/followers",
    "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
    "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
    "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
    "organizations_url": "https://HOSTNAME/users/octocat/orgs",
    "repos_url": "https://HOSTNAME/users/octocat/repos",
    "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
    "received_events_url": "https://HOSTNAME/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "dismissed_reason": "tolerable_risk",
  "dismissed_comment": "This alert is accurate but we use a sanitizer.",
  "fixed_at": null
}