Skip to main content
Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.

Escaneo de secretos

Use the Secret scanning API to retrieve and update secret alerts from a repository.

Nota: La API de escaneo de secretos se encuentra actualmente en beta y está sujeta a cambios.

About the Secret scanning API

La API del escaneo de secretos te permite :

  • Enable or disable escaneo de secretos for a repository. Para obtener más información, consulta la sección "Repositorios" y expande la sección de "Propiedades del objeto security_and_analysis" en la documentación de la API de REST.
  • Retrieve and update >- escaneo de secretos alerts from a repository. For further details, see the sections below.

Para obtener más información acerca de las escaneo de secretos, consulta la sección "Acerca del escaneo de secretos".

List secret scanning alerts for a repository

Funciona con GitHub Apps

Lists secret scanning alerts for a private repository, from newest to oldest. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

Parámetros

Encabezados
Nombre, Tipo, Descripción
acceptstring

Setting to application/vnd.github+json is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
ownerstringRequerido

The account owner of the repository. The name is not case sensitive.

repostringRequerido

The name of the repository. The name is not case sensitive.

Parámetros de consulta
Nombre, Tipo, Descripción
statestring

Set to open or resolved to only list secret scanning alerts in a specific state.

Puede ser una de las siguientes: open, resolved

secret_typestring

A comma-separated list of secret types to return. By default all secret types are returned. See "Secret scanning patterns" for a complete list of secret types.

resolutionstring

A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests.

pageinteger

Page number of the results to fetch.

Predeterminado: 1

per_pageinteger

The number of results per page (max 100).

Predeterminado: 30

Códigos de estado de respuesta HTTP

Código de estadoDescripción
200

OK

404

Repository is public or secret scanning is disabled for the repository

503

Service unavailable

Ejemplos de código

get/repos/{owner}/{repo}/secret-scanning/alerts
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: token <TOKEN>" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/secret-scanning/alerts

Response

Status: 200
[ { "number": 2, "created_at": "2020-11-06T18:48:51Z", "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2", "html_url": "https://github.com/owner/private-repo/security/secret-scanning/2", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2/locations", "state": "resolved", "resolution": "false_positive", "resolved_at": "2020-11-07T02:47:13Z", "resolved_by": { "login": "monalisa", "id": 2, "node_id": "MDQ6VXNlcjI=", "avatar_url": "https://alambic.github.com/avatars/u/2?", "gravatar_id": "", "url": "https://api.github.com/users/monalisa", "html_url": "https://github.com/monalisa", "followers_url": "https://api.github.com/users/monalisa/followers", "following_url": "https://api.github.com/users/monalisa/following{/other_user}", "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}", "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions", "organizations_url": "https://api.github.com/users/monalisa/orgs", "repos_url": "https://api.github.com/users/monalisa/repos", "events_url": "https://api.github.com/users/monalisa/events{/privacy}", "received_events_url": "https://api.github.com/users/monalisa/received_events", "type": "User", "site_admin": true }, "secret_type": "adafruit_io_key", "secret_type_display_name": "Adafruit IO Key", "secret": "aio_XXXXXXXXXXXXXXXXXXXXXXXXXXXX" }, { "number": 1, "created_at": "2020-11-06T18:18:30Z", "url": "https://api.github.com/repos/owner/repo/secret-scanning/alerts/1", "html_url": "https://github.com/owner/repo/security/secret-scanning/1", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/1/locations", "state": "open", "resolution": null, "resolved_at": null, "resolved_by": null, "secret_type": "mailchimp_api_key", "secret_type_display_name": "Mailchimp API Key", "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2" } ]

Get a secret scanning alert

Funciona con GitHub Apps

Gets a single secret scanning alert detected in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

Parámetros

Encabezados
Nombre, Tipo, Descripción
acceptstring

Setting to application/vnd.github+json is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
ownerstringRequerido

The account owner of the repository. The name is not case sensitive.

repostringRequerido

The name of the repository. The name is not case sensitive.

alert_numberintegerRequerido

The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the number field in the response from the GET /repos/{owner}/{repo}/code-scanning/alerts operation.

Códigos de estado de respuesta HTTP

Código de estadoDescripción
200

OK

304

Not modified

404

Repository is public, or secret scanning is disabled for the repository, or the resource is not found

503

Service unavailable

Ejemplos de código

get/repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: token <TOKEN>" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/secret-scanning/alerts/ALERT_NUMBER

Response

Status: 200
{ "number": 42, "created_at": "2020-11-06T18:18:30Z", "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42", "html_url": "https://github.com/owner/private-repo/security/secret-scanning/42", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42/locations", "state": "open", "secret_type": "mailchimp_api_key", "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2" }

Update a secret scanning alert

Funciona con GitHub Apps

Updates the status of a secret scanning alert in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts write permission to use this endpoint.

Parámetros

Encabezados
Nombre, Tipo, Descripción
acceptstring

Setting to application/vnd.github+json is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
ownerstringRequerido

The account owner of the repository. The name is not case sensitive.

repostringRequerido

The name of the repository. The name is not case sensitive.

alert_numberintegerRequerido

The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the number field in the response from the GET /repos/{owner}/{repo}/code-scanning/alerts operation.

Parámetros de cuerpo
Nombre, Tipo, Descripción
statestringRequerido

Sets the state of the secret scanning alert. Can be either open or resolved. You must provide resolution when you set the state to resolved.

Puede ser una de las siguientes: open, resolved

resolutionstring or null

Required when the state is resolved. The reason for resolving the alert.

Puede ser una de las siguientes: , false_positive, wont_fix, revoked, used_in_tests

Códigos de estado de respuesta HTTP

Código de estadoDescripción
200

OK

404

Repository is public, or secret scanning is disabled for the repository, or the resource is not found

422

State does not match the resolution

503

Service unavailable

Ejemplos de código

patch/repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}
curl \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: token <TOKEN>" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/secret-scanning/alerts/ALERT_NUMBER \ -d '{"state":"resolved","resolution":"false_positive"}'

Response

Status: 200
{ "number": 42, "created_at": "2020-11-06T18:18:30Z", "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42", "html_url": "https://github.com/owner/private-repo/security/secret-scanning/42", "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42/locations", "state": "resolved", "resolution": "used_in_tests", "resolved_at": "2020-11-16T22:42:07Z", "resolved_by": { "login": "monalisa", "id": 2, "node_id": "MDQ6VXNlcjI=", "avatar_url": "https://alambic.github.com/avatars/u/2?", "gravatar_id": "", "url": "https://api.github.com/users/monalisa", "html_url": "https://github.com/monalisa", "followers_url": "https://api.github.com/users/monalisa/followers", "following_url": "https://api.github.com/users/monalisa/following{/other_user}", "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}", "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions", "organizations_url": "https://api.github.com/users/monalisa/orgs", "repos_url": "https://api.github.com/users/monalisa/repos", "events_url": "https://api.github.com/users/monalisa/events{/privacy}", "received_events_url": "https://api.github.com/users/monalisa/received_events", "type": "User", "site_admin": true }, "secret_type": "mailchimp_api_key", "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2" }