Vérification des dépendances
Utilisez l’API REST pour interagir avec les changements de dépendances.
À propos de la vérification des dépendances
Vous pouvez utiliser l’API REST pour voir les changements de dépendances et l’impact de ces changements sur la sécurité avant de les ajouter à votre environnement. Vous pouvez voir la différence des dépendances entre deux commits d’un dépôt, y compris les données de vulnérabilité de toutes les mises à jour de version avec des vulnérabilités connues. Pour plus d’informations sur la révision des dépendances, consultez « À propos de la révision des dépendances ».
Get a diff of the dependencies between commits
Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.
Paramètres
| En-têtes |
|---|
| Nom, Type, Description |
acceptstringSetting to |
| Paramètres de chemin d’accès |
| Nom, Type, Description |
ownerstringObligatoireThe account owner of the repository. The name is not case sensitive. |
repostringObligatoireThe name of the repository. The name is not case sensitive. |
baseheadstringObligatoireThe base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format |
| Paramètres de requête |
| Nom, Type, Description |
namestringThe full path, relative to the repository root, of the dependency manifest file. |
Codes de statut de réponse HTTP
| Code d’état | Description |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Exemples de code
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEADResponse
Status: 200[
{
"change_type": "removed",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "4.6.0",
"package_url": "pkg:npm/helmet@4.6.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "5.0.0",
"package_url": "pkg:npm/helmet@5.0.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "Gemfile",
"ecosystem": "rubygems",
"name": "ruby-openid",
"version": "2.7.0",
"package_url": "pkg:gem/ruby-openid@2.7.0",
"license": null,
"source_repository_url": "https://github.com/openid/ruby-openid",
"vulnerabilities": [
{
"severity": "critical",
"advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
"advisory_summary": "Ruby OpenID",
"advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
}
]
}
]