Skip to main content

Revisión de dependencias

The Dependency review API allows you to understand dependency changes, and the security impact of these changes, before you add them to your environment.

About the Dependency review API

Note: The Dependency Review API is currently in public beta and subject to change.

La API de revisión de dependencias te permite entender los cambios a las dependencias y el impacto de seguridad de estos antes de que los agregues a tu ambiente. You can view the diff of dependencies between two commits of a repository, including vulnerability data for any version updates with known vulnerabilities. Para obtener más información sobre la revisión de dependencias, consulta la sección "Acerca de la revisión de dependencias".

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

Parámetros

Encabezados
Nombre, Tipo, Descripción
acceptstring

Setting to application/vnd.github+json is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
ownerstringRequerido

The account owner of the repository. The name is not case sensitive.

repostringRequerido

The name of the repository. The name is not case sensitive.

baseheadstringRequerido

The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format {base}...{head}.

Parámetros de consulta
Nombre, Tipo, Descripción
namestring

The full path, relative to the repository root, of the dependency manifest file.

Códigos de estado de respuesta HTTP

Código de estadoDescripción
200

OK

403

Forbidden

404

Resource not found

Ejemplos de código

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: token <TOKEN>" \ https://api.github.com/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200
[ { "change_type": "removed", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "4.6.0", "package_url": "pkg:npm/helmet@4.6.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "5.0.0", "package_url": "pkg:npm/helmet@5.0.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "Gemfile", "ecosystem": "rubygems", "name": "ruby-openid", "version": "2.7.0", "package_url": "pkg:gem/ruby-openid@2.7.0", "license": null, "source_repository_url": "https://github.com/openid/ruby-openid", "vulnerabilities": [ { "severity": "critical", "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49", "advisory_summary": "Ruby OpenID", "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49" } ] } ]