リポジトリ セキュリティ アドバイザリ
リポジトリ セキュリティ アドバイザリを表示し、管理するには、REST API を使います。
List repository security advisories for an organization
Lists repository security advisories for an organization.
To use this endpoint, you must be an owner or security manager for the organization, and you must use an access token with the repo
scope or repository_advisories:write
permission.
"List repository security advisories for an organization" のパラメーター
名前, Type, 説明 |
---|
accept string Setting to |
名前, Type, 説明 |
---|
org string 必須The organization name. The name is not case sensitive. |
名前, Type, 説明 |
---|
direction string The direction to sort the results by. Default: 次のいずれかにできます: |
sort string The property to sort the results by. Default: 次のいずれかにできます: |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. |
per_page integer The number of advisories to return per page. Default: |
state string Filter by the state of the repository advisories. Only advisories of this state will be returned. 次のいずれかにできます: |
"List repository security advisories for an organization" の HTTP 応答状態コード
状態コード | 説明 |
---|---|
200 | OK |
400 | Bad Request |
404 | Resource not found |
"List repository security advisories for an organization" のコード サンプル
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/security-advisories
Response
Status: 200
[
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
},
{
"ghsa_id": "GHSA-1234-5678-9012",
"cve_id": "CVE-2051-0000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-1234-5678-9012",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-1234-5678-9012",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "low",
"author": {
"login": "monauser",
"id": 2,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monauser",
"html_url": "https://github.com/monauser",
"followers_url": "https://api.github.com/users/monauser/followers",
"following_url": "https://api.github.com/users/monauser/following{/other_user}",
"gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
"organizations_url": "https://api.github.com/users/monauser/orgs",
"repos_url": "https://api.github.com/users/monauser/repos",
"events_url": "https://api.github.com/users/monauser/events{/privacy}",
"received_events_url": "https://api.github.com/users/monauser/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "monalisa",
"id": 3,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monalisa",
"html_url": "https://github.com/monalisa",
"followers_url": "https://api.github.com/users/monalisa/followers",
"following_url": "https://api.github.com/users/monalisa/following{/other_user}",
"gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
"organizations_url": "https://api.github.com/users/monalisa/orgs",
"repos_url": "https://api.github.com/users/monalisa/repos",
"events_url": "https://api.github.com/users/monalisa/events{/privacy}",
"received_events_url": "https://api.github.com/users/monalisa/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-1234-5678-9012"
},
{
"type": "CVE",
"value": "CVE-2051-00000"
}
],
"state": "published",
"created_at": "2020-01-03T00:00:00Z",
"updated_at": "2020-01-04T00:00:00Z",
"published_at": "2020-01-04T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": [
{
"accepted": true
}
],
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"score": 1.6
},
"cwes": [
{
"cwe_id": "CWE-456",
"name": "A CWE 2.0"
}
],
"cwe_ids": [
"CWE-456"
],
"credits": [
{
"login": "monauser",
"type": "reporter"
}
],
"credits_detailed": [
{
"user": {
"login": "monauser",
"id": 2,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monauser",
"html_url": "https://github.com/monauser",
"followers_url": "https://api.github.com/users/monauser/followers",
"following_url": "https://api.github.com/users/monauser/following{/other_user}",
"gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
"organizations_url": "https://api.github.com/users/monauser/orgs",
"repos_url": "https://api.github.com/users/monauser/repos",
"events_url": "https://api.github.com/users/monauser/events{/privacy}",
"received_events_url": "https://api.github.com/users/monauser/received_events",
"type": "User",
"site_admin": false
},
"type": "reporter",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
]
List repository security advisories
Lists security advisories in a repository.
You must authenticate using an access token with the repo
scope or repository_advisories:read
permission
in order to get published security advisories in a private repository, or any unpublished security advisories that you have access to.
You can access unpublished security advisories from a repository if you are a security manager or administrator of that repository, or if you are a collaborator on any security advisory.
"List repository security advisories" のパラメーター
名前, Type, 説明 |
---|
accept string Setting to |
名前, Type, 説明 |
---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
名前, Type, 説明 |
---|
direction string The direction to sort the results by. Default: 次のいずれかにできます: |
sort string The property to sort the results by. Default: 次のいずれかにできます: |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. |
per_page integer Number of advisories to return per page. Default: |
state string Filter by state of the repository advisories. Only advisories of this state will be returned. 次のいずれかにできます: |
"List repository security advisories" の HTTP 応答状態コード
状態コード | 説明 |
---|---|
200 | OK |
400 | Bad Request |
404 | Resource not found |
"List repository security advisories" のコード サンプル
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories
Response
Status: 200
[
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
},
{
"ghsa_id": "GHSA-1234-5678-9012",
"cve_id": "CVE-2051-0000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-1234-5678-9012",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-1234-5678-9012",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "low",
"author": {
"login": "monauser",
"id": 2,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monauser",
"html_url": "https://github.com/monauser",
"followers_url": "https://api.github.com/users/monauser/followers",
"following_url": "https://api.github.com/users/monauser/following{/other_user}",
"gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
"organizations_url": "https://api.github.com/users/monauser/orgs",
"repos_url": "https://api.github.com/users/monauser/repos",
"events_url": "https://api.github.com/users/monauser/events{/privacy}",
"received_events_url": "https://api.github.com/users/monauser/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "monalisa",
"id": 3,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monalisa",
"html_url": "https://github.com/monalisa",
"followers_url": "https://api.github.com/users/monalisa/followers",
"following_url": "https://api.github.com/users/monalisa/following{/other_user}",
"gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
"organizations_url": "https://api.github.com/users/monalisa/orgs",
"repos_url": "https://api.github.com/users/monalisa/repos",
"events_url": "https://api.github.com/users/monalisa/events{/privacy}",
"received_events_url": "https://api.github.com/users/monalisa/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-1234-5678-9012"
},
{
"type": "CVE",
"value": "CVE-2051-00000"
}
],
"state": "published",
"created_at": "2020-01-03T00:00:00Z",
"updated_at": "2020-01-04T00:00:00Z",
"published_at": "2020-01-04T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": [
{
"accepted": true
}
],
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"score": 1.6
},
"cwes": [
{
"cwe_id": "CWE-456",
"name": "A CWE 2.0"
}
],
"cwe_ids": [
"CWE-456"
],
"credits": [
{
"login": "monauser",
"type": "reporter"
}
],
"credits_detailed": [
{
"user": {
"login": "monauser",
"id": 2,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monauser",
"html_url": "https://github.com/monauser",
"followers_url": "https://api.github.com/users/monauser/followers",
"following_url": "https://api.github.com/users/monauser/following{/other_user}",
"gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
"organizations_url": "https://api.github.com/users/monauser/orgs",
"repos_url": "https://api.github.com/users/monauser/repos",
"events_url": "https://api.github.com/users/monauser/events{/privacy}",
"received_events_url": "https://api.github.com/users/monauser/received_events",
"type": "User",
"site_admin": false
},
"type": "reporter",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
]
Create a repository security advisory
Creates a new repository security advisory.
You must authenticate using an access token with the repo
scope or repository_advisories:write
permission to use this endpoint.
In order to create a draft repository security advisory, you must be a security manager or administrator of that repository.
"Create a repository security advisory" のパラメーター
名前, Type, 説明 |
---|
accept string Setting to |
名前, Type, 説明 |
---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
名前, Type, 説明 | |||||||||
---|---|---|---|---|---|---|---|---|---|
summary string 必須A short summary of the advisory. | |||||||||
description string 必須A detailed description of what the advisory impacts. | |||||||||
cve_id string or null The Common Vulnerabilities and Exposures (CVE) ID. | |||||||||
vulnerabilities array of objects 必須A product affected by the vulnerability detailed in a repository security advisory. | |||||||||
Properties of |
名前, Type, 説明 | |||
---|---|---|---|
package object 必須The name of the package affected by the vulnerability. | |||
Properties of |
名前, Type, 説明 |
---|
ecosystem string 必須The package's language or package management ecosystem. 次のいずれかにできます: |
name string or null The unique package name within its ecosystem. |
vulnerable_version_range
string or null The range of the package versions affected by the vulnerability.
patched_versions
string or null The package version(s) that resolve the vulnerability.
vulnerable_functions
array of strings or null The functions in the package that are affected.
cwe_ids
array of strings or null A list of Common Weakness Enumeration (CWE) IDs.
credits
array of objects or null A list of users receiving credit for their participation in the security advisory.
Properties of credits
名前, Type, 説明 |
---|
login string 必須The username of the user credited. |
type string 必須The type of credit the user is receiving. 次のいずれかにできます: |
severity
string or null The severity of the advisory. You must choose between setting this field or cvss_vector_string
.
次のいずれかにできます: critical
, high
, medium
, low
, null
cvss_vector_string
string or null The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity
.
"Create a repository security advisory" の HTTP 応答状態コード
状態コード | 説明 |
---|---|
201 | Created |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
"Create a repository security advisory" のコード サンプル
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories \
-d '{"summary":"A new important advisory","description":"A more in-depth description of what the problem is.","severity":"high","cve_id":null,"vulnerabilities":[{"package":{"name":"a-package","ecosystem":"npm"},"vulnerable_version_range":"< 1.0.0","patched_versions":"1.0.0","vulnerable_functions":["important_function"]}],"cwe_ids":["CWE-1101","CWE-20"],"credits":[{"login":"monalisa","type":"reporter"},{"login":"octocat","type":"analyst"}]}'
Response
Status: 201
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
Privately report a security vulnerability
Report a security vulnerability to the maintainers of the repository. See "Privately reporting a security vulnerability" for more information about private vulnerability reporting.
"Privately report a security vulnerability" のパラメーター
名前, Type, 説明 |
---|
accept string Setting to |
名前, Type, 説明 |
---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
名前, Type, 説明 | |||||||||
---|---|---|---|---|---|---|---|---|---|
summary string 必須A short summary of the advisory. | |||||||||
description string 必須A detailed description of what the advisory impacts. | |||||||||
vulnerabilities array of objects or null An array of products affected by the vulnerability detailed in a repository security advisory. | |||||||||
Properties of |
名前, Type, 説明 | |||
---|---|---|---|
package object 必須The name of the package affected by the vulnerability. | |||
Properties of |
名前, Type, 説明 |
---|
ecosystem string 必須The package's language or package management ecosystem. 次のいずれかにできます: |
name string or null The unique package name within its ecosystem. |
vulnerable_version_range
string or null The range of the package versions affected by the vulnerability.
patched_versions
string or null The package version(s) that resolve the vulnerability.
vulnerable_functions
array of strings or null The functions in the package that are affected.
cwe_ids
array of strings or null A list of Common Weakness Enumeration (CWE) IDs.
severity
string or null The severity of the advisory. You must choose between setting this field or cvss_vector_string
.
次のいずれかにできます: critical
, high
, medium
, low
, null
cvss_vector_string
string or null The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity
.
"Privately report a security vulnerability" の HTTP 応答状態コード
状態コード | 説明 |
---|---|
201 | Created |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
"Privately report a security vulnerability" のコード サンプル
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories/reports \
-d '{"summary":"A newly discovered vulnerability","description":"A more in-depth description of what the problem is.","severity":"high","vulnerabilities":[{"package":{"name":"a-package","ecosystem":"npm"},"vulnerable_version_range":"< 1.0.0","patched_versions":"1.0.0","vulnerable_functions":["important_function"]}],"cwe_ids":["CWE-123"]}'
Response
Status: 201
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A newly discovered vulnerability",
"description": "A more in-depth description of what the problem is.",
"severity": "high",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": null,
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": null
}
],
"state": "triage",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": null,
"closed_at": null,
"withdrawn_at": null,
"submission": {
"accepted": false
},
"vulnerabilities": [
{
"package": {
"ecosystem": "npm",
"name": "a-package"
},
"vulnerable_version_range": "< 1.0.0",
"patched_versions": "1.0.0",
"vulnerable_functions": [
"important_function"
]
}
],
"cvss": null,
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "finder"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "finder",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
Get a repository security advisory
Get a repository security advisory using its GitHub Security Advisory (GHSA) identifier.
You can access any published security advisory on a public repository.
You must authenticate using an access token with the repo
scope or repository_advisories:read
permission
in order to get a published security advisory in a private repository, or any unpublished security advisory that you have access to.
You can access an unpublished security advisory from a repository if you are a security manager or administrator of that repository, or if you are a collaborator on the security advisory.
"Get a repository security advisory" のパラメーター
名前, Type, 説明 |
---|
accept string Setting to |
名前, Type, 説明 |
---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
ghsa_id string 必須The GHSA (GitHub Security Advisory) identifier of the advisory. |
"Get a repository security advisory" の HTTP 応答状態コード
状態コード | 説明 |
---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
"Get a repository security advisory" のコード サンプル
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories/GHSA_ID
Response
Status: 200
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
Update a repository security advisory
Update a repository security advisory using its GitHub Security Advisory (GHSA) identifier.
You must authenticate using an access token with the repo
scope or repository_advisories:write
permission to use this endpoint.
In order to update any security advisory, you must be a security manager or administrator of that repository, or a collaborator on the repository security advisory.
"Update a repository security advisory" のパラメーター
名前, Type, 説明 |
---|
accept string Setting to |
名前, Type, 説明 |
---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
ghsa_id string 必須The GHSA (GitHub Security Advisory) identifier of the advisory. |
名前, Type, 説明 | |||||||||
---|---|---|---|---|---|---|---|---|---|
summary string A short summary of the advisory. | |||||||||
description string A detailed description of what the advisory impacts. | |||||||||
cve_id string or null The Common Vulnerabilities and Exposures (CVE) ID. | |||||||||
vulnerabilities array of objects A product affected by the vulnerability detailed in a repository security advisory. | |||||||||
Properties of |
名前, Type, 説明 | |||
---|---|---|---|
package object 必須The name of the package affected by the vulnerability. | |||
Properties of |
名前, Type, 説明 |
---|
ecosystem string 必須The package's language or package management ecosystem. 次のいずれかにできます: |
name string or null The unique package name within its ecosystem. |
vulnerable_version_range
string or null The range of the package versions affected by the vulnerability.
patched_versions
string or null The package version(s) that resolve the vulnerability.
vulnerable_functions
array of strings or null The functions in the package that are affected.
cwe_ids
array of strings or null A list of Common Weakness Enumeration (CWE) IDs.
credits
array of objects or null A list of users receiving credit for their participation in the security advisory.
Properties of credits
名前, Type, 説明 |
---|
login string 必須The username of the user credited. |
type string 必須The type of credit the user is receiving. 次のいずれかにできます: |
severity
string or null The severity of the advisory. You must choose between setting this field or cvss_vector_string
.
次のいずれかにできます: critical
, high
, medium
, low
, null
cvss_vector_string
string or null The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity
.
state
string The state of the advisory.
次のいずれかにできます: published
, closed
, draft
collaborating_users
array of strings or null A list of usernames who have been granted write access to the advisory.
collaborating_teams
array of strings or null A list of team slugs which have been granted write access to the advisory.
"Update a repository security advisory" の HTTP 応答状態コード
状態コード | 説明 |
---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
"Update a repository security advisory" のコード サンプル
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories/GHSA_ID \
-d '{"severity":"critical","state":"published"}'
Response
Status: 200
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
Request a CVE for a repository security advisory
If you want a CVE identification number for the security vulnerability in your project, and don't already have one, you can request a CVE identification number from GitHub. For more information see "Requesting a CVE identification number."
You may request a CVE for public repositories, but cannot do so for private repositories.
You must authenticate using an access token with the repo
scope or repository_advisories:write
permission to use this endpoint.
In order to request a CVE for a repository security advisory, you must be a security manager or administrator of that repository.
"Request a CVE for a repository security advisory" のパラメーター
名前, Type, 説明 |
---|
accept string Setting to |
名前, Type, 説明 |
---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
ghsa_id string 必須The GHSA (GitHub Security Advisory) identifier of the advisory. |
"Request a CVE for a repository security advisory" の HTTP 応答状態コード
状態コード | 説明 |
---|---|
202 | Accepted |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
"Request a CVE for a repository security advisory" のコード サンプル
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories/GHSA_ID/cve
Accepted