L’API REST est maintenant versionnée. Pour plus d’informations, consultez « À propos des versions de l’API ».

REST API endpoints for artifact attestations

Use the REST API to manage artifact attestations.

List attestations

List a collection of artifact attestations with a given subject digest that are associated with repositories owned by a user.

The collection of attestations returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the attestations:read permission is required.

Please note: in order to offer meaningful security benefits, an attestation's signature and timestamps must be cryptographically verified, and the identity of the attestation signer must be validated. Attestations can be verified using the GitHub CLI attestation verify command. For more information, see our guide on how to use artifact attestations to establish a build's provenance.

Jetons d’accès affinés pour « List attestations »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis ne nécessite aucune autorisation.

Ce point de terminaison peut être utilisé sans authentification ou si seules les ressources publiques sont demandées.

Paramètres pour « List attestations »

En-têtes
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
username string Obligatoire

The handle for the GitHub user account.

subject_digest string Obligatoire

Subject Digest

Paramètres de requête
per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

Codes d’état de la réponse HTTP pour « List attestations »

Code d’étatDescription
200

OK

201

Created

204

No Content

404

Resource not found

Exemples de code pour « List attestations »

Exemples de requête

get/users/{username}/attestations/{subject_digest}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/users/USERNAME/attestations/SUBJECT_DIGEST

Response

Status: 200