REST API endpoints for security campaigns
Use the REST API to create and manage security campaigns for your organization.
Hinweis
These endpoints only interact with published campaigns. Draft campaigns cannot currently be viewed or managed through the API.
List campaigns for an organization
Lists campaigns in an organization.
The authenticated user must be an owner or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.
Differenzierte Zugriffstoken für "List campaigns for an organization"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Campaigns" organization permissions (read)
Parameter für „List campaigns for an organization“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
| Name, type, BESCHREIBUNG |
|---|
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Standard: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: |
direction string The direction to sort the results by. Standard: Kann eine der Folgenden sein: |
state string If specified, only campaigns with this state will be returned. Kann eine der Folgenden sein: |
sort string The property by which to sort the results. Standard: Kann eine der Folgenden sein: |
HTTP-Antwortstatuscodes für „List campaigns for an organization“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | OK |
404 | Resource not found |
503 | Service unavailable |
Codebeispiele für „List campaigns for an organization“
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/campaignsResponse
Status: 200[
{
"number": 3,
"created_at": "2024-02-14T12:29:18Z",
"updated_at": "2024-02-14T12:29:18Z",
"name": "Critical CodeQL alert",
"description": "Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.",
"managers": [
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
],
"ends_at": "2024-03-14T12:29:18Z",
"closed_at": null,
"state": "open"
},
{
"number": 4,
"created_at": "2024-03-30T12:29:18Z",
"updated_at": "2024-03-30T12:29:18Z",
"name": "Mitre top 10 KEV",
"description": "Remediate the MITRE Top 10 KEV (Known Exploited Vulnerabilities) to enhance security by addressing vulnerabilities actively exploited by attackers. This reduces risk, prevents breaches and can help protect sensitive data.",
"managers": [
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
],
"ends_at": "2024-04-30T12:29:18Z",
"closed_at": null,
"state": "open"
}
]Create a campaign for an organization
Create a campaign for an organization.
The authenticated user must be an owner or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.
Fine-grained tokens must have the "Code scanning alerts" repository permissions (read) on all repositories included in the campaign.
Differenzierte Zugriffstoken für "Create a campaign for an organization"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Campaigns" organization permissions (write)
Parameter für „Create a campaign for an organization“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
| Name, type, BESCHREIBUNG | |||
|---|---|---|---|
name string ErforderlichThe name of the campaign | |||
description string ErforderlichA description for the campaign | |||
managers array of strings The logins of the users to set as the campaign managers. At this time, only a single manager can be supplied. | |||
team_managers array of strings The slugs of the teams to set as the campaign managers. | |||
ends_at string ErforderlichThe end date and time of the campaign. The date must be in the future. | |||
contact_link string or null The contact link of the campaign. Must be a URI. | |||
code_scanning_alerts array of objects ErforderlichThe code scanning alerts to include in this campaign | |||
Properties of |
| Name, type, BESCHREIBUNG |
|---|
repository_id integer ErforderlichThe repository id |
alert_numbers array of integers ErforderlichThe alert numbers |
generate_issues boolean If true, will automatically generate issues for the campaign. The default is false.
Standard: false
HTTP-Antwortstatuscodes für „Create a campaign for an organization“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | OK |
400 | Bad Request |
404 | Resource not found |
422 | Unprocessable Entity |
429 | Too Many Requests |
503 | Service unavailable |
Codebeispiele für „Create a campaign for an organization“
Anforderungsbeispiel
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/campaigns \
-d '{"name":"Critical CodeQL alerts","description":"Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.","managers":["octocat"],"ends_at":"2024-03-14T00:00:00Z","code_scanning_alerts":[{"repository_id":1296269,"alert_numbers":[1,2]}]}'Response
Status: 200{
"number": 3,
"created_at": "2024-02-14T12:29:18Z",
"updated_at": "2024-02-14T12:29:18Z",
"name": "Critical CodeQL alert",
"description": "Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.",
"managers": [
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
],
"published_at": "2024-02-14T12:29:18Z",
"ends_at": "2024-03-14T12:29:18Z",
"closed_at": null,
"state": "open",
"alert_stats": {
"open_count": 10,
"closed_count": 3,
"in_progress_count": 3
}
}Get a campaign for an organization
Gets a campaign for an organization.
The authenticated user must be an owner or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.
Differenzierte Zugriffstoken für "Get a campaign for an organization"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Campaigns" organization permissions (read)
Parameter für „Get a campaign for an organization“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
campaign_number integer ErforderlichThe campaign number. |
HTTP-Antwortstatuscodes für „Get a campaign for an organization“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | OK |
404 | Resource not found |
422 | Unprocessable Entity |
503 | Service unavailable |
Codebeispiele für „Get a campaign for an organization“
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/campaigns/CAMPAIGN_NUMBERResponse
Status: 200{
"number": 3,
"created_at": "2024-02-14T12:29:18Z",
"updated_at": "2024-02-14T12:29:18Z",
"name": "Critical CodeQL alert",
"description": "Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.",
"managers": [
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
],
"published_at": "2024-02-14T12:29:18Z",
"ends_at": "2024-03-14T12:29:18Z",
"closed_at": null,
"state": "open",
"alert_stats": {
"open_count": 10,
"closed_count": 3,
"in_progress_count": 3
}
}Update a campaign
Updates a campaign in an organization.
The authenticated user must be an owner or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.
Differenzierte Zugriffstoken für "Update a campaign"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Campaigns" organization permissions (write)
Parameter für „Update a campaign“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
campaign_number integer ErforderlichThe campaign number. |
| Name, type, BESCHREIBUNG |
|---|
name string The name of the campaign |
description string A description for the campaign |
managers array of strings The logins of the users to set as the campaign managers. At this time, only a single manager can be supplied. |
team_managers array of strings The slugs of the teams to set as the campaign managers. |
ends_at string The end date and time of the campaign, in ISO 8601 format':' YYYY-MM-DDTHH:MM:SSZ. |
contact_link string or null The contact link of the campaign. Must be a URI. |
state string Indicates whether a campaign is open or closed Kann eine der Folgenden sein: |
HTTP-Antwortstatuscodes für „Update a campaign“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | OK |
400 | Bad Request |
404 | Resource not found |
422 | Unprocessable Entity |
503 | Service unavailable |
Codebeispiele für „Update a campaign“
Anforderungsbeispiel
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/campaigns/CAMPAIGN_NUMBER \
-d '{"name":"Critical CodeQL alerts"}'Response
Status: 200{
"number": 3,
"created_at": "2024-02-14T12:29:18Z",
"updated_at": "2024-02-14T12:29:18Z",
"name": "Critical CodeQL alert",
"description": "Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.",
"managers": [
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
],
"published_at": "2024-02-14T12:29:18Z",
"ends_at": "2024-03-14T12:29:18Z",
"closed_at": null,
"state": "open",
"alert_stats": {
"open_count": 10,
"closed_count": 3,
"in_progress_count": 3
}
}Delete a campaign for an organization
Deletes a campaign in an organization.
The authenticated user must be an owner or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.
Differenzierte Zugriffstoken für "Delete a campaign for an organization"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Campaigns" organization permissions (write)
Parameter für „Delete a campaign for an organization“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
campaign_number integer ErforderlichThe campaign number. |
HTTP-Antwortstatuscodes für „Delete a campaign for an organization“
| Statuscode | BESCHREIBUNG |
|---|---|
204 | Deletion successful |
404 | Resource not found |
503 | Service unavailable |
Codebeispiele für „Delete a campaign for an organization“
Anforderungsbeispiel
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/campaigns/CAMPAIGN_NUMBERDeletion successful
Status: 204