依存関係のレビュー
Dependency review APIを使うと、依存関係の変更や、それらの変更のセキュリティへの影響を理解することが、依存関係を環境に追加する前に行えます。
Dependency review APIについて
Note: The Dependency Review API is currently in public beta and subject to change.
Dependency Review APIを使うと、依存関係の変更や、それらの変更のセキュリティへの影響を理解することが、依存関係を環境に追加する前に行えます。 リポジトリの2つのコミット間の依存関係のdiffをを、既知の脆弱性を伴うバージョンアップデートに対する脆弱性のデータを含めて見ることができます。 依存関係レビューに関する詳しい情報については「依存関係レビューについて」を参照してください。
Get a diff of the dependencies between commits
Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.
パラメータ
Headers |
---|
名前, 種類, 説明 |
accept stringSetting to |
Path parameters |
名前, 種類, 説明 |
owner string必須The account owner of the repository. The name is not case sensitive. |
repo string必須The name of the repository. The name is not case sensitive. |
basehead string必須The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format |
クエリパラメータ |
名前, 種類, 説明 |
name stringThe full path, relative to the repository root, of the dependency manifest file. |
HTTP response status codes
Status code | 説明 |
---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
コードサンプル
curl \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token <TOKEN>" \
https://api.github.com/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD
Response
Status: 200
[
{
"change_type": "removed",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "4.6.0",
"package_url": "pkg:npm/helmet@4.6.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "5.0.0",
"package_url": "pkg:npm/helmet@5.0.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "Gemfile",
"ecosystem": "rubygems",
"name": "ruby-openid",
"version": "2.7.0",
"package_url": "pkg:gem/ruby-openid@2.7.0",
"license": null,
"source_repository_url": "https://github.com/openid/ruby-openid",
"vulnerabilities": [
{
"severity": "critical",
"advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
"advisory_summary": "Ruby OpenID",
"advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
}
]
}
]