Skip to main content

依存関係のレビュー

Dependency review APIを使うと、依存関係の変更や、それらの変更のセキュリティへの影響を理解することが、依存関係を環境に追加する前に行えます。

Dependency review APIについて

Note: The Dependency Review API is currently in public beta and subject to change.

Dependency Review APIを使うと、依存関係の変更や、それらの変更のセキュリティへの影響を理解することが、依存関係を環境に追加する前に行えます。 リポジトリの2つのコミット間の依存関係のdiffをを、既知の脆弱性を伴うバージョンアップデートに対する脆弱性のデータを含めて見ることができます。 依存関係レビューに関する詳しい情報については「依存関係レビューについて」を参照してください。

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

パラメータ

Headers
名前, 種類, 説明
acceptstring

Setting to application/vnd.github.v3+json is recommended.

Path parameters
名前, 種類, 説明
ownerstring必須

The account owner of the repository. The name is not case sensitive.

repostring必須

The name of the repository. The name is not case sensitive.

baseheadstring必須

The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format {base}...{head}.

クエリパラメータ
名前, 種類, 説明
namestring

The full path, relative to the repository root, of the dependency manifest file.

HTTP response status codes

Status code説明
200

OK

403

Forbidden

404

Resource not found

コードサンプル

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}
curl \ -H "Accept: application/vnd.github.v3+json" \ -H "Authorization: token <TOKEN>" \ https://api.github.com/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200
[ { "change_type": "removed", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "4.6.0", "package_url": "pkg:npm/helmet@4.6.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "5.0.0", "package_url": "pkg:npm/helmet@5.0.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "Gemfile", "ecosystem": "rubygems", "name": "ruby-openid", "version": "2.7.0", "package_url": "pkg:gem/ruby-openid@2.7.0", "license": null, "source_repository_url": "https://github.com/openid/ruby-openid", "vulnerabilities": [ { "severity": "critical", "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49", "advisory_summary": "Ruby OpenID", "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49" } ] } ]