Skip to main content

Enterprise Server 3.15 은(는) 현재 릴리스 후보로 제공됩니다.

이제 REST API의 버전이 지정되었습니다. 자세한 내용은 "API 버전 관리 정보"를 참조하세요.

Dependabot alerts에 대한 REST API 엔드포인트

REST API를 사용하여 리포지토리에 대한 Dependabot 경고와 상호 작용합니다.

참고: REST API를 사용하여 Dependabot 경고를 관리하는 기능은 현재 베타 버전이며 변경될 수 있습니다.

Dependabot alerts

정보

리포지토리에 대한 Dependabot 경고를 보고 REST API를 사용하여 개별 경고를 업데이트할 수 있습니다. 자세한 내용은 "Dependabot 경고 정보" 항목을 참조하세요.

List Dependabot alerts for an enterprise

Lists Dependabot alerts for repositories that are owned by the specified enterprise.

The authenticated user must be a member of the enterprise to use this endpoint.

Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization."

OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint.

"List Dependabot alerts for an enterprise"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"List Dependabot alerts for an enterprise"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
enterprise string Required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

쿼리 매개 변수
속성, 형식, 설명
state string

A comma-separated list of states. If specified, only alerts with these states will be returned.

Can be: auto_dismissed, dismissed, fixed, open

severity string

A comma-separated list of severities. If specified, only alerts with these severities will be returned.

Can be: low, medium, high, critical

ecosystem string

A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.

Can be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust

package string

A comma-separated list of package names. If specified, only alerts for these packages will be returned.

scope string

The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.

다음 중 하나일 수 있습니다.: development, runtime

sort string

The property by which to sort the results. created means when the alert was created. updated means when the alert's state last changed.

기본값: created

다음 중 하나일 수 있습니다.: created, updated

direction string

The direction to sort the results by.

기본값: desc

다음 중 하나일 수 있습니다.: asc, desc

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

first integer

Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with last. Instead, use per_page in combination with after to fetch the first page of results.

기본값: 30

last integer

Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with first. Instead, use per_page in combination with before to fetch the last page of results.

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

기본값: 30

"List Dependabot alerts for an enterprise"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

OK

304

Not modified

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

"List Dependabot alerts for an enterprise"에 대한 코드 샘플

요청 예제

get/enterprises/{enterprise}/dependabot/alerts
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/dependabot/alerts

Response

Status: 200
[ { "number": 2, "state": "dismissed", "dependency": { "package": { "ecosystem": "pip", "name": "django" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-rf4j-j272-fj86", "cve_id": "CVE-2018-6188", "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 1.11.8, < 1.11.10", "first_patched_version": { "identifier": "1.11.10" } } ], "severity": "high", "cvss": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "score": 8.7 } }, "cwes": [ { "cwe_id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-rf4j-j272-fj86" }, { "type": "CVE", "value": "CVE-2018-6188" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" }, { "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" }, { "url": "https://usn.ubuntu.com/3559-1/" }, { "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" }, { "url": "http://www.securitytracker.com/id/1040422" } ], "published_at": "2018-10-03T21:13:54Z", "updated_at": "2022-04-26T18:35:37Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, "url": "https://HOSTNAME/repos/octo-org/octo-repo/dependabot/alerts/2", "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2", "created_at": "2022-06-15T07:43:03Z", "updated_at": "2022-08-23T14:29:47Z", "dismissed_at": "2022-08-23T14:29:47Z", "dismissed_by": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://HOSTNAME/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://HOSTNAME/users/octocat/followers", "following_url": "https://HOSTNAME/users/octocat/following{/other_user}", "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions", "organizations_url": "https://HOSTNAME/users/octocat/orgs", "repos_url": "https://HOSTNAME/users/octocat/repos", "events_url": "https://HOSTNAME/users/octocat/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_reason": "tolerable_risk", "dismissed_comment": "This alert is accurate but we use a sanitizer.", "fixed_at": null, "repository": { "id": 217723378, "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=", "name": "octo-repo", "full_name": "octo-org/octo-repo", "owner": { "login": "octo-org", "id": 6811672, "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", "gravatar_id": "", "url": "https://HOSTNAME/users/octo-org", "html_url": "https://github.com/octo-org", "followers_url": "https://HOSTNAME/users/octo-org/followers", "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}", "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions", "organizations_url": "https://HOSTNAME/users/octo-org/orgs", "repos_url": "https://HOSTNAME/users/octo-org/repos", "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octo-org/received_events", "type": "Organization", "site_admin": false }, "private": true, "html_url": "https://github.com/octo-org/octo-repo", "description": null, "fork": false, "url": "https://HOSTNAME/repos/octo-org/octo-repo", "archive_url": "https://HOSTNAME/repos/octo-org/octo-repo/{archive_format}{/ref}", "assignees_url": "https://HOSTNAME/repos/octo-org/octo-repo/assignees{/user}", "blobs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/blobs{/sha}", "branches_url": "https://HOSTNAME/repos/octo-org/octo-repo/branches{/branch}", "collaborators_url": "https://HOSTNAME/repos/octo-org/octo-repo/collaborators{/collaborator}", "comments_url": "https://HOSTNAME/repos/octo-org/octo-repo/comments{/number}", "commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/commits{/sha}", "compare_url": "https://HOSTNAME/repos/octo-org/octo-repo/compare/{base}...{head}", "contents_url": "https://HOSTNAME/repos/octo-org/octo-repo/contents/{+path}", "contributors_url": "https://HOSTNAME/repos/octo-org/octo-repo/contributors", "deployments_url": "https://HOSTNAME/repos/octo-org/octo-repo/deployments", "downloads_url": "https://HOSTNAME/repos/octo-org/octo-repo/downloads", "events_url": "https://HOSTNAME/repos/octo-org/octo-repo/events", "forks_url": "https://HOSTNAME/repos/octo-org/octo-repo/forks", "git_commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/commits{/sha}", "git_refs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/refs{/sha}", "git_tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/tags{/sha}", "hooks_url": "https://HOSTNAME/repos/octo-org/octo-repo/hooks", "issue_comment_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/comments{/number}", "issue_events_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/events{/number}", "issues_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues{/number}", "keys_url": "https://HOSTNAME/repos/octo-org/octo-repo/keys{/key_id}", "labels_url": "https://HOSTNAME/repos/octo-org/octo-repo/labels{/name}", "languages_url": "https://HOSTNAME/repos/octo-org/octo-repo/languages", "merges_url": "https://HOSTNAME/repos/octo-org/octo-repo/merges", "milestones_url": "https://HOSTNAME/repos/octo-org/octo-repo/milestones{/number}", "notifications_url": "https://HOSTNAME/repos/octo-org/octo-repo/notifications{?since,all,participating}", "pulls_url": "https://HOSTNAME/repos/octo-org/octo-repo/pulls{/number}", "releases_url": "https://HOSTNAME/repos/octo-org/octo-repo/releases{/id}", "stargazers_url": "https://HOSTNAME/repos/octo-org/octo-repo/stargazers", "statuses_url": "https://HOSTNAME/repos/octo-org/octo-repo/statuses/{sha}", "subscribers_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscribers", "subscription_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscription", "tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/tags", "teams_url": "https://HOSTNAME/repos/octo-org/octo-repo/teams", "trees_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/trees{/sha}" } }, { "number": 1, "state": "open", "dependency": { "package": { "ecosystem": "pip", "name": "ansible" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-8f4m-hccc-8qph", "cve_id": "CVE-2021-20191", "summary": "Insertion of Sensitive Information into Log File in ansible", "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.9.0, < 2.9.18", "first_patched_version": { "identifier": "2.9.18" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.10.0, < 2.10.7", "first_patched_version": { "identifier": "2.10.7" } } ], "severity": "medium", "cvss": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "score": 8.5 } }, "cwes": [ { "cwe_id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-8f4m-hccc-8qph" }, { "type": "CVE", "value": "CVE-2021-20191" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" } ], "published_at": "2021-06-01T17:38:00Z", "updated_at": "2021-08-12T23:06:00Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, "url": "https://HOSTNAME/repos/octo-org/hello-world/dependabot/alerts/1", "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1", "created_at": "2022-06-14T15:21:52Z", "updated_at": "2022-06-14T15:21:52Z", "dismissed_at": null, "dismissed_by": null, "dismissed_reason": null, "dismissed_comment": null, "fixed_at": null, "repository": { "id": 664700648, "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=", "name": "hello-world", "full_name": "octo-org/hello-world", "owner": { "login": "octo-org", "id": 6811672, "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", "gravatar_id": "", "url": "https://HOSTNAME/users/octo-org", "html_url": "https://github.com/octo-org", "followers_url": "https://HOSTNAME/users/octo-org/followers", "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}", "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions", "organizations_url": "https://HOSTNAME/users/octo-org/orgs", "repos_url": "https://HOSTNAME/users/octo-org/repos", "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octo-org/received_events", "type": "Organization", "site_admin": false }, "private": true, "html_url": "https://github.com/octo-org/hello-world", "description": null, "fork": false, "url": "https://HOSTNAME/repos/octo-org/hello-world", "archive_url": "https://HOSTNAME/repos/octo-org/hello-world/{archive_format}{/ref}", "assignees_url": "https://HOSTNAME/repos/octo-org/hello-world/assignees{/user}", "blobs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/blobs{/sha}", "branches_url": "https://HOSTNAME/repos/octo-org/hello-world/branches{/branch}", "collaborators_url": "https://HOSTNAME/repos/octo-org/hello-world/collaborators{/collaborator}", "comments_url": "https://HOSTNAME/repos/octo-org/hello-world/comments{/number}", "commits_url": "https://HOSTNAME/repos/octo-org/hello-world/commits{/sha}", "compare_url": "https://HOSTNAME/repos/octo-org/hello-world/compare/{base}...{head}", "contents_url": "https://HOSTNAME/repos/octo-org/hello-world/contents/{+path}", "contributors_url": "https://HOSTNAME/repos/octo-org/hello-world/contributors", "deployments_url": "https://HOSTNAME/repos/octo-org/hello-world/deployments", "downloads_url": "https://HOSTNAME/repos/octo-org/hello-world/downloads", "events_url": "https://HOSTNAME/repos/octo-org/hello-world/events", "forks_url": "https://HOSTNAME/repos/octo-org/hello-world/forks", "git_commits_url": "https://HOSTNAME/repos/octo-org/hello-world/git/commits{/sha}", "git_refs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/refs{/sha}", "git_tags_url": "https://HOSTNAME/repos/octo-org/hello-world/git/tags{/sha}", "hooks_url": "https://HOSTNAME/repos/octo-org/hello-world/hooks", "issue_comment_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/comments{/number}", "issue_events_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/events{/number}", "issues_url": "https://HOSTNAME/repos/octo-org/hello-world/issues{/number}", "keys_url": "https://HOSTNAME/repos/octo-org/hello-world/keys{/key_id}", "labels_url": "https://HOSTNAME/repos/octo-org/hello-world/labels{/name}", "languages_url": "https://HOSTNAME/repos/octo-org/hello-world/languages", "merges_url": "https://HOSTNAME/repos/octo-org/hello-world/merges", "milestones_url": "https://HOSTNAME/repos/octo-org/hello-world/milestones{/number}", "notifications_url": "https://HOSTNAME/repos/octo-org/hello-world/notifications{?since,all,participating}", "pulls_url": "https://HOSTNAME/repos/octo-org/hello-world/pulls{/number}", "releases_url": "https://HOSTNAME/repos/octo-org/hello-world/releases{/id}", "stargazers_url": "https://HOSTNAME/repos/octo-org/hello-world/stargazers", "statuses_url": "https://HOSTNAME/repos/octo-org/hello-world/statuses/{sha}", "subscribers_url": "https://HOSTNAME/repos/octo-org/hello-world/subscribers", "subscription_url": "https://HOSTNAME/repos/octo-org/hello-world/subscription", "tags_url": "https://HOSTNAME/repos/octo-org/hello-world/tags", "teams_url": "https://HOSTNAME/repos/octo-org/hello-world/teams", "trees_url": "https://HOSTNAME/repos/octo-org/hello-world/git/trees{/sha}" } } ]

List Dependabot alerts for an organization

Lists Dependabot alerts for an organization.

The authenticated user must be an owner or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

"List Dependabot alerts for an organization"에 대한 세분화된 액세스 토큰

이 엔드포인트는 다음 세분화된 토큰 형식에서 작동합니다.:

세분화된 토큰에는 다음 권한 집합이 있어야 합니다.:

  • "Dependabot alerts" repository permissions (read)

"List Dependabot alerts for an organization"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
org string Required

The organization name. The name is not case sensitive.

쿼리 매개 변수
속성, 형식, 설명
state string

A comma-separated list of states. If specified, only alerts with these states will be returned.

Can be: auto_dismissed, dismissed, fixed, open

severity string

A comma-separated list of severities. If specified, only alerts with these severities will be returned.

Can be: low, medium, high, critical

ecosystem string

A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.

Can be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust

package string

A comma-separated list of package names. If specified, only alerts for these packages will be returned.

scope string

The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.

다음 중 하나일 수 있습니다.: development, runtime

sort string

The property by which to sort the results. created means when the alert was created. updated means when the alert's state last changed.

기본값: created

다음 중 하나일 수 있습니다.: created, updated

direction string

The direction to sort the results by.

기본값: desc

다음 중 하나일 수 있습니다.: asc, desc

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

first integer

Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with last. Instead, use per_page in combination with after to fetch the first page of results.

기본값: 30

last integer

Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with first. Instead, use per_page in combination with before to fetch the last page of results.

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

기본값: 30

"List Dependabot alerts for an organization"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

OK

304

Not modified

400

Bad Request

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

"List Dependabot alerts for an organization"에 대한 코드 샘플

요청 예제

get/orgs/{org}/dependabot/alerts
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/orgs/ORG/dependabot/alerts

Response

Status: 200
[ { "number": 2, "state": "dismissed", "dependency": { "package": { "ecosystem": "pip", "name": "django" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-rf4j-j272-fj86", "cve_id": "CVE-2018-6188", "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 1.11.8, < 1.11.10", "first_patched_version": { "identifier": "1.11.10" } } ], "severity": "high", "cvss": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "score": 8.7 } }, "cwes": [ { "cwe_id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-rf4j-j272-fj86" }, { "type": "CVE", "value": "CVE-2018-6188" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" }, { "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" }, { "url": "https://usn.ubuntu.com/3559-1/" }, { "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" }, { "url": "http://www.securitytracker.com/id/1040422" } ], "published_at": "2018-10-03T21:13:54Z", "updated_at": "2022-04-26T18:35:37Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, "url": "https://HOSTNAME/repos/octo-org/octo-repo/dependabot/alerts/2", "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2", "created_at": "2022-06-15T07:43:03Z", "updated_at": "2022-08-23T14:29:47Z", "dismissed_at": "2022-08-23T14:29:47Z", "dismissed_by": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://HOSTNAME/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://HOSTNAME/users/octocat/followers", "following_url": "https://HOSTNAME/users/octocat/following{/other_user}", "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions", "organizations_url": "https://HOSTNAME/users/octocat/orgs", "repos_url": "https://HOSTNAME/users/octocat/repos", "events_url": "https://HOSTNAME/users/octocat/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_reason": "tolerable_risk", "dismissed_comment": "This alert is accurate but we use a sanitizer.", "fixed_at": null, "repository": { "id": 217723378, "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=", "name": "octo-repo", "full_name": "octo-org/octo-repo", "owner": { "login": "octo-org", "id": 6811672, "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", "gravatar_id": "", "url": "https://HOSTNAME/users/octo-org", "html_url": "https://github.com/octo-org", "followers_url": "https://HOSTNAME/users/octo-org/followers", "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}", "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions", "organizations_url": "https://HOSTNAME/users/octo-org/orgs", "repos_url": "https://HOSTNAME/users/octo-org/repos", "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octo-org/received_events", "type": "Organization", "site_admin": false }, "private": true, "html_url": "https://github.com/octo-org/octo-repo", "description": null, "fork": false, "url": "https://HOSTNAME/repos/octo-org/octo-repo", "archive_url": "https://HOSTNAME/repos/octo-org/octo-repo/{archive_format}{/ref}", "assignees_url": "https://HOSTNAME/repos/octo-org/octo-repo/assignees{/user}", "blobs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/blobs{/sha}", "branches_url": "https://HOSTNAME/repos/octo-org/octo-repo/branches{/branch}", "collaborators_url": "https://HOSTNAME/repos/octo-org/octo-repo/collaborators{/collaborator}", "comments_url": "https://HOSTNAME/repos/octo-org/octo-repo/comments{/number}", "commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/commits{/sha}", "compare_url": "https://HOSTNAME/repos/octo-org/octo-repo/compare/{base}...{head}", "contents_url": "https://HOSTNAME/repos/octo-org/octo-repo/contents/{+path}", "contributors_url": "https://HOSTNAME/repos/octo-org/octo-repo/contributors", "deployments_url": "https://HOSTNAME/repos/octo-org/octo-repo/deployments", "downloads_url": "https://HOSTNAME/repos/octo-org/octo-repo/downloads", "events_url": "https://HOSTNAME/repos/octo-org/octo-repo/events", "forks_url": "https://HOSTNAME/repos/octo-org/octo-repo/forks", "git_commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/commits{/sha}", "git_refs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/refs{/sha}", "git_tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/tags{/sha}", "hooks_url": "https://HOSTNAME/repos/octo-org/octo-repo/hooks", "issue_comment_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/comments{/number}", "issue_events_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/events{/number}", "issues_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues{/number}", "keys_url": "https://HOSTNAME/repos/octo-org/octo-repo/keys{/key_id}", "labels_url": "https://HOSTNAME/repos/octo-org/octo-repo/labels{/name}", "languages_url": "https://HOSTNAME/repos/octo-org/octo-repo/languages", "merges_url": "https://HOSTNAME/repos/octo-org/octo-repo/merges", "milestones_url": "https://HOSTNAME/repos/octo-org/octo-repo/milestones{/number}", "notifications_url": "https://HOSTNAME/repos/octo-org/octo-repo/notifications{?since,all,participating}", "pulls_url": "https://HOSTNAME/repos/octo-org/octo-repo/pulls{/number}", "releases_url": "https://HOSTNAME/repos/octo-org/octo-repo/releases{/id}", "stargazers_url": "https://HOSTNAME/repos/octo-org/octo-repo/stargazers", "statuses_url": "https://HOSTNAME/repos/octo-org/octo-repo/statuses/{sha}", "subscribers_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscribers", "subscription_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscription", "tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/tags", "teams_url": "https://HOSTNAME/repos/octo-org/octo-repo/teams", "trees_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/trees{/sha}" } }, { "number": 1, "state": "open", "dependency": { "package": { "ecosystem": "pip", "name": "ansible" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-8f4m-hccc-8qph", "cve_id": "CVE-2021-20191", "summary": "Insertion of Sensitive Information into Log File in ansible", "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.9.0, < 2.9.18", "first_patched_version": { "identifier": "2.9.18" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.10.0, < 2.10.7", "first_patched_version": { "identifier": "2.10.7" } } ], "severity": "medium", "cvss": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "score": 8.5 } }, "cwes": [ { "cwe_id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-8f4m-hccc-8qph" }, { "type": "CVE", "value": "CVE-2021-20191" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" } ], "published_at": "2021-06-01T17:38:00Z", "updated_at": "2021-08-12T23:06:00Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, "url": "https://HOSTNAME/repos/octo-org/hello-world/dependabot/alerts/1", "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1", "created_at": "2022-06-14T15:21:52Z", "updated_at": "2022-06-14T15:21:52Z", "dismissed_at": null, "dismissed_by": null, "dismissed_reason": null, "dismissed_comment": null, "fixed_at": null, "repository": { "id": 664700648, "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=", "name": "hello-world", "full_name": "octo-org/hello-world", "owner": { "login": "octo-org", "id": 6811672, "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", "gravatar_id": "", "url": "https://HOSTNAME/users/octo-org", "html_url": "https://github.com/octo-org", "followers_url": "https://HOSTNAME/users/octo-org/followers", "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}", "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions", "organizations_url": "https://HOSTNAME/users/octo-org/orgs", "repos_url": "https://HOSTNAME/users/octo-org/repos", "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octo-org/received_events", "type": "Organization", "site_admin": false }, "private": true, "html_url": "https://github.com/octo-org/hello-world", "description": null, "fork": false, "url": "https://HOSTNAME/repos/octo-org/hello-world", "archive_url": "https://HOSTNAME/repos/octo-org/hello-world/{archive_format}{/ref}", "assignees_url": "https://HOSTNAME/repos/octo-org/hello-world/assignees{/user}", "blobs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/blobs{/sha}", "branches_url": "https://HOSTNAME/repos/octo-org/hello-world/branches{/branch}", "collaborators_url": "https://HOSTNAME/repos/octo-org/hello-world/collaborators{/collaborator}", "comments_url": "https://HOSTNAME/repos/octo-org/hello-world/comments{/number}", "commits_url": "https://HOSTNAME/repos/octo-org/hello-world/commits{/sha}", "compare_url": "https://HOSTNAME/repos/octo-org/hello-world/compare/{base}...{head}", "contents_url": "https://HOSTNAME/repos/octo-org/hello-world/contents/{+path}", "contributors_url": "https://HOSTNAME/repos/octo-org/hello-world/contributors", "deployments_url": "https://HOSTNAME/repos/octo-org/hello-world/deployments", "downloads_url": "https://HOSTNAME/repos/octo-org/hello-world/downloads", "events_url": "https://HOSTNAME/repos/octo-org/hello-world/events", "forks_url": "https://HOSTNAME/repos/octo-org/hello-world/forks", "git_commits_url": "https://HOSTNAME/repos/octo-org/hello-world/git/commits{/sha}", "git_refs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/refs{/sha}", "git_tags_url": "https://HOSTNAME/repos/octo-org/hello-world/git/tags{/sha}", "hooks_url": "https://HOSTNAME/repos/octo-org/hello-world/hooks", "issue_comment_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/comments{/number}", "issue_events_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/events{/number}", "issues_url": "https://HOSTNAME/repos/octo-org/hello-world/issues{/number}", "keys_url": "https://HOSTNAME/repos/octo-org/hello-world/keys{/key_id}", "labels_url": "https://HOSTNAME/repos/octo-org/hello-world/labels{/name}", "languages_url": "https://HOSTNAME/repos/octo-org/hello-world/languages", "merges_url": "https://HOSTNAME/repos/octo-org/hello-world/merges", "milestones_url": "https://HOSTNAME/repos/octo-org/hello-world/milestones{/number}", "notifications_url": "https://HOSTNAME/repos/octo-org/hello-world/notifications{?since,all,participating}", "pulls_url": "https://HOSTNAME/repos/octo-org/hello-world/pulls{/number}", "releases_url": "https://HOSTNAME/repos/octo-org/hello-world/releases{/id}", "stargazers_url": "https://HOSTNAME/repos/octo-org/hello-world/stargazers", "statuses_url": "https://HOSTNAME/repos/octo-org/hello-world/statuses/{sha}", "subscribers_url": "https://HOSTNAME/repos/octo-org/hello-world/subscribers", "subscription_url": "https://HOSTNAME/repos/octo-org/hello-world/subscription", "tags_url": "https://HOSTNAME/repos/octo-org/hello-world/tags", "teams_url": "https://HOSTNAME/repos/octo-org/hello-world/teams", "trees_url": "https://HOSTNAME/repos/octo-org/hello-world/git/trees{/sha}" } } ]

List Dependabot alerts for a repository

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

"List Dependabot alerts for a repository"에 대한 세분화된 액세스 토큰

이 엔드포인트는 다음 세분화된 토큰 형식에서 작동합니다.:

세분화된 토큰에는 다음 권한 집합이 있어야 합니다.:

  • "Dependabot alerts" repository permissions (read)

"List Dependabot alerts for a repository"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

쿼리 매개 변수
속성, 형식, 설명
state string

A comma-separated list of states. If specified, only alerts with these states will be returned.

Can be: auto_dismissed, dismissed, fixed, open

severity string

A comma-separated list of severities. If specified, only alerts with these severities will be returned.

Can be: low, medium, high, critical

ecosystem string

A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.

Can be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust

package string

A comma-separated list of package names. If specified, only alerts for these packages will be returned.

manifest string

A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned.

scope string

The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.

다음 중 하나일 수 있습니다.: development, runtime

sort string

The property by which to sort the results. created means when the alert was created. updated means when the alert's state last changed.

기본값: created

다음 중 하나일 수 있습니다.: created, updated

direction string

The direction to sort the results by.

기본값: desc

다음 중 하나일 수 있습니다.: asc, desc

page integer

Closing down notice. Page number of the results to fetch. Use cursor-based pagination with before or after instead.

기본값: 1

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

기본값: 30

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

first integer

Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with last. Instead, use per_page in combination with after to fetch the first page of results.

기본값: 30

last integer

Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with first. Instead, use per_page in combination with before to fetch the last page of results.

"List Dependabot alerts for a repository"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

OK

304

Not modified

400

Bad Request

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

"List Dependabot alerts for a repository"에 대한 코드 샘플

요청 예제

get/repos/{owner}/{repo}/dependabot/alerts
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependabot/alerts

Response

Status: 200
[ { "number": 2, "state": "dismissed", "dependency": { "package": { "ecosystem": "pip", "name": "django" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-rf4j-j272-fj86", "cve_id": "CVE-2018-6188", "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 1.11.8, < 1.11.10", "first_patched_version": { "identifier": "1.11.10" } } ], "severity": "high", "cvss": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "score": 8.7 } }, "cwes": [ { "cwe_id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-rf4j-j272-fj86" }, { "type": "CVE", "value": "CVE-2018-6188" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" }, { "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" }, { "url": "https://usn.ubuntu.com/3559-1/" }, { "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" }, { "url": "http://www.securitytracker.com/id/1040422" } ], "published_at": "2018-10-03T21:13:54Z", "updated_at": "2022-04-26T18:35:37Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/2", "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", "created_at": "2022-06-15T07:43:03Z", "updated_at": "2022-08-23T14:29:47Z", "dismissed_at": "2022-08-23T14:29:47Z", "dismissed_by": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://HOSTNAME/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://HOSTNAME/users/octocat/followers", "following_url": "https://HOSTNAME/users/octocat/following{/other_user}", "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions", "organizations_url": "https://HOSTNAME/users/octocat/orgs", "repos_url": "https://HOSTNAME/users/octocat/repos", "events_url": "https://HOSTNAME/users/octocat/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_reason": "tolerable_risk", "dismissed_comment": "This alert is accurate but we use a sanitizer.", "fixed_at": null }, { "number": 1, "state": "open", "dependency": { "package": { "ecosystem": "pip", "name": "ansible" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-8f4m-hccc-8qph", "cve_id": "CVE-2021-20191", "summary": "Insertion of Sensitive Information into Log File in ansible", "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.9.0, < 2.9.18", "first_patched_version": { "identifier": "2.9.18" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.10.0, < 2.10.7", "first_patched_version": { "identifier": "2.10.7" } } ], "severity": "medium", "cvss": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "score": 8.5 } }, "cwes": [ { "cwe_id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-8f4m-hccc-8qph" }, { "type": "CVE", "value": "CVE-2021-20191" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" } ], "published_at": "2021-06-01T17:38:00Z", "updated_at": "2021-08-12T23:06:00Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/1", "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", "created_at": "2022-06-14T15:21:52Z", "updated_at": "2022-06-14T15:21:52Z", "dismissed_at": null, "dismissed_by": null, "dismissed_reason": null, "dismissed_comment": null, "fixed_at": null } ]

Get a Dependabot alert

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

"Get a Dependabot alert"에 대한 세분화된 액세스 토큰

이 엔드포인트는 다음 세분화된 토큰 형식에서 작동합니다.:

세분화된 토큰에는 다음 권한 집합이 있어야 합니다.:

  • "Dependabot alerts" repository permissions (read)

"Get a Dependabot alert"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

alert_number integer Required

The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in number fields in the response from the GET /repos/{owner}/{repo}/dependabot/alerts operation.

"Get a Dependabot alert"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

OK

304

Not modified

403

Forbidden

404

Resource not found

"Get a Dependabot alert"에 대한 코드 샘플

요청 예제

get/repos/{owner}/{repo}/dependabot/alerts/{alert_number}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER

Response

Status: 200
{ "number": 1, "state": "open", "dependency": { "package": { "ecosystem": "pip", "name": "ansible" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-8f4m-hccc-8qph", "cve_id": "CVE-2021-20191", "summary": "Insertion of Sensitive Information into Log File in ansible", "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.9.0, < 2.9.18", "first_patched_version": { "identifier": "2.9.18" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.10.0, < 2.10.7", "first_patched_version": { "identifier": "2.10.7" } } ], "severity": "medium", "cvss": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "score": 8.5 } }, "cwes": [ { "cwe_id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-8f4m-hccc-8qph" }, { "type": "CVE", "value": "CVE-2021-20191" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" } ], "published_at": "2021-06-01T17:38:00Z", "updated_at": "2021-08-12T23:06:00Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/1", "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", "created_at": "2022-06-14T15:21:52Z", "updated_at": "2022-06-14T15:21:52Z", "dismissed_at": null, "dismissed_by": null, "dismissed_reason": null, "dismissed_comment": null, "fixed_at": null }

Update a Dependabot alert

The authenticated user must have access to security alerts for the repository to use this endpoint. For more information, see "Granting access to security alerts."

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

"Update a Dependabot alert"에 대한 세분화된 액세스 토큰

이 엔드포인트는 다음 세분화된 토큰 형식에서 작동합니다.:

세분화된 토큰에는 다음 권한 집합이 있어야 합니다.:

  • "Dependabot alerts" repository permissions (write)

"Update a Dependabot alert"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

alert_number integer Required

The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in number fields in the response from the GET /repos/{owner}/{repo}/dependabot/alerts operation.

본문 매개 변수
속성, 형식, 설명
state string Required

The state of the Dependabot alert. A dismissed_reason must be provided when setting the state to dismissed.

다음 중 하나일 수 있습니다.: dismissed, open

dismissed_reason string

Required when state is dismissed. A reason for dismissing the alert.

다음 중 하나일 수 있습니다.: fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk

dismissed_comment string

An optional comment associated with dismissing the alert.

"Update a Dependabot alert"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

OK

400

Bad Request

403

Forbidden

404

Resource not found

409

Conflict

422

Validation failed, or the endpoint has been spammed.

"Update a Dependabot alert"에 대한 코드 샘플

요청 예제

patch/repos/{owner}/{repo}/dependabot/alerts/{alert_number}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \ -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'

Response

Status: 200
{ "number": 2, "state": "dismissed", "dependency": { "package": { "ecosystem": "pip", "name": "django" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-rf4j-j272-fj86", "cve_id": "CVE-2018-6188", "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 1.11.8, < 1.11.10", "first_patched_version": { "identifier": "1.11.10" } } ], "severity": "high", "cvss": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "score": 8.7 } }, "cwes": [ { "cwe_id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-rf4j-j272-fj86" }, { "type": "CVE", "value": "CVE-2018-6188" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" }, { "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" }, { "url": "https://usn.ubuntu.com/3559-1/" }, { "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" }, { "url": "http://www.securitytracker.com/id/1040422" } ], "published_at": "2018-10-03T21:13:54Z", "updated_at": "2022-04-26T18:35:37Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/2", "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", "created_at": "2022-06-15T07:43:03Z", "updated_at": "2022-08-23T14:29:47Z", "dismissed_at": "2022-08-23T14:29:47Z", "dismissed_by": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://HOSTNAME/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://HOSTNAME/users/octocat/followers", "following_url": "https://HOSTNAME/users/octocat/following{/other_user}", "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions", "organizations_url": "https://HOSTNAME/users/octocat/orgs", "repos_url": "https://HOSTNAME/users/octocat/repos", "events_url": "https://HOSTNAME/users/octocat/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_reason": "tolerable_risk", "dismissed_comment": "This alert is accurate but we use a sanitizer.", "fixed_at": null }