Skip to main content

依存関係の確認

依存関係の確認 API を使用すると、依存関係の変更やこの変更がセキュリティに及ぼす影響を把握したうえで、この変更を環境に追加することができます。

依存関係の確認 API について

: 依存関係のレビュー API は現在パブリック ベータ版であり、変更される可能性があります。

依存関係レビュー API を使用すると、依存関係の変更やこの変更がセキュリティに及ぼす影響を把握したうえで、この変更を環境に追加することができます。 既知の脆弱性を含むすべてのバージョン アップデートの脆弱性データを含め、リポジトリの 2 つのコミット間の依存関係の差分を確認することができます。 依存関係レビューの詳細については、「依存関係のレビューについて」を参照してください。

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

パラメーター

Headers
Name, Type, Description
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
ownerstringRequired

The account owner of the repository. The name is not case sensitive.

repostringRequired

The name of the repository. The name is not case sensitive.

baseheadstringRequired

The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format {base}...{head}.

Query parameters
Name, Type, Description
namestring

The full path, relative to the repository root, of the dependency manifest file.

HTTP 応答状態コード

status code説明
200

OK

403

Forbidden

404

Resource not found

コード サンプル

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ https://api.github.com/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200
[ { "change_type": "removed", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "4.6.0", "package_url": "pkg:npm/helmet@4.6.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "5.0.0", "package_url": "pkg:npm/helmet@5.0.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "Gemfile", "ecosystem": "rubygems", "name": "ruby-openid", "version": "2.7.0", "package_url": "pkg:gem/ruby-openid@2.7.0", "license": null, "source_repository_url": "https://github.com/openid/ruby-openid", "vulnerabilities": [ { "severity": "critical", "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49", "advisory_summary": "Ruby OpenID", "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49" } ] } ]