REST-API-Endpunkte für globale Sicherheitsempfehlungen
Verwende die REST-API, um globale Sicherheitsempfehlungen anzuzeigen.
Note
Um diese Endpunkte zu verwenden, muss ein Administrator GitHub Connect für Ihre GitHub Enterprise Server-Instance aktivieren. Weitere Informationen finden Sie unter Durchsuchen von Sicherheitsempfehlungen in der GitHub Advisory Database.
List global security advisories
Lists all global security advisories that match the specified parameters. If no other parameters are defined, the request will return only GitHub-reviewed advisories that are not malware.
By default, all responses will exclude advisories for malware, because malware are not standard vulnerabilities. To list advisories for malware, you must include the type
parameter in your request, with the value malware
. For more information about the different types of security advisories, see "About the GitHub Advisory database."
Differenzierte Zugriffstoken für "List global security advisories"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token erfordert keine Berechtigungen.
Dieser Endpunkt kann ohne Authentifizierung werden, wenn nur öffentliche Ressourcen angefordert werden.
Parameter für „List global security advisories“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
ghsa_id string If specified, only advisories with this GHSA (GitHub Security Advisory) identifier will be returned. |
type string If specified, only advisories of this type will be returned. By default, a request with no other parameters defined will only return reviewed advisories that are not malware. Standard: Kann eine der Folgenden sein: |
cve_id string If specified, only advisories with this CVE (Common Vulnerabilities and Exposures) identifier will be returned. |
ecosystem string If specified, only advisories for these ecosystems will be returned. Kann eine der Folgenden sein: |
severity string If specified, only advisories with these severities will be returned. Kann eine der Folgenden sein: |
cwes If specified, only advisories with these Common Weakness Enumerations (CWEs) will be returned. Example: |
is_withdrawn boolean Whether to only return advisories that have been withdrawn. |
affects If specified, only return advisories that affect any of Example: |
published string If specified, only return advisories that were published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
updated string If specified, only return advisories that were updated on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
modified string If specified, only show advisories that were updated or published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
epss_percentage string If specified, only return advisories that have an EPSS percentage score that matches the provided value. The EPSS percentage represents the likelihood of a CVE being exploited. |
epss_percentile string If specified, only return advisories that have an EPSS percentile score that matches the provided value. The EPSS percentile represents the relative rank of the CVE's likelihood of being exploited compared to other CVEs. |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
direction string The direction to sort the results by. Standard: Kann eine der Folgenden sein: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: |
sort string The property to sort the results by. Standard: Kann eine der Folgenden sein: |
HTTP-Antwortstatuscodes für „List global security advisories“
Statuscode | BESCHREIBUNG |
---|---|
200 | OK |
422 | Validation failed, or the endpoint has been spammed. |
429 | Too many requests |
Codebeispiele für „List global security advisories“
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/advisories
Response
Status: 200
[
{
"id": 1,
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://HOSTNAME/advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh",
"repository_advisory_url": "https://HOSTNAME/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh",
"summary": "Heartbleed security advisory",
"description": "This bug allows an attacker to read portions of the affected server’s memory, potentially disclosing sensitive information.",
"type": "reviewed",
"severity": "high",
"source_code_location": "https://github.com/project/a-package",
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2050-00000"
],
"published_at": "2023-03-23T02:30:56Z",
"updated_at": "2023-03-24T02:30:56Z",
"github_reviewed_at": "2023-03-23T02:30:56Z",
"nvd_published_at": "2023-03-25T02:30:56Z",
"withdrawn_at": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "npm",
"name": "a-package"
},
"first_patched_version": "1.0.3",
"vulnerable_version_range": "<=1.0.2",
"vulnerable_functions": [
"a_function"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cvss_severities": {
"cvss_v3": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cvss_v4": {
"vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"score": 9.3
}
},
"cwes": [
{
"cwe_id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
}
],
"epss": [
{
"percentage": 0.00045,
"percentile": "0.16001e0"
}
],
"credits": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://HOSTNAME/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://HOSTNAME/users/octocat/followers",
"following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
"gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
"starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
"organizations_url": "https://HOSTNAME/users/octocat/orgs",
"repos_url": "https://HOSTNAME/users/octocat/repos",
"events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
"received_events_url": "https://HOSTNAME/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst"
}
]
}
]
Get a global security advisory
Gets a global security advisory using its GitHub Security Advisory (GHSA) identifier.
Differenzierte Zugriffstoken für "Get a global security advisory"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token erfordert keine Berechtigungen.
Dieser Endpunkt kann ohne Authentifizierung werden, wenn nur öffentliche Ressourcen angefordert werden.
Parameter für „Get a global security advisory“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
ghsa_id string ErforderlichThe GHSA (GitHub Security Advisory) identifier of the advisory. |
HTTP-Antwortstatuscodes für „Get a global security advisory“
Statuscode | BESCHREIBUNG |
---|---|
200 | OK |
404 | Resource not found |
Codebeispiele für „Get a global security advisory“
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
http(s)://HOSTNAME/api/v3/advisories/GHSA_ID
Response
Status: 200
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://HOSTNAME/advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh",
"repository_advisory_url": "https://HOSTNAME/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"type": "reviewed",
"severity": "high",
"source_code_location": "https://github.com/project/a-package",
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2050-00000"
],
"published_at": "2023-03-23T02:30:56Z",
"updated_at": "2023-03-24T02:30:56Z",
"github_reviewed_at": "2023-03-23T02:30:56Z",
"nvd_published_at": "2023-03-25T02:30:56Z",
"withdrawn_at": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "npm",
"name": "a-package"
},
"first_patched_version": "1.0.3",
"vulnerable_version_range": "<=1.0.2",
"vulnerable_functions": [
"a_function"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cvss_severities": {
"cvss_v3": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cvss_v4": {
"vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"score": 9.3
}
},
"cwes": [
{
"cwe_id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
}
],
"credits": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://HOSTNAME/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://HOSTNAME/users/octocat/followers",
"following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
"gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
"starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
"organizations_url": "https://HOSTNAME/users/octocat/orgs",
"repos_url": "https://HOSTNAME/users/octocat/repos",
"events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
"received_events_url": "https://HOSTNAME/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst"
}
]
}