Endpoints da API REST para Dependabot solicitações de dispensa de alertas

List dismissal requests for Dependabot alerts for an organization

Lists dismissal requests for Dependabot alerts in an organization.

Delegated alert dismissal must be enabled on repositories in the org and the user must be an org admin, security manager, or have the appropriate permission to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Organization dismissal requests for Dependabot" organization permissions (read)

Parâmetros para "List dismissal requests for Dependabot alerts for an organization"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`org` string Obrigatório The organization name. The name is not case sensitive.

Parâmetros de consulta
Nome, Tipo, Descrição
`repository_name` string The name of the repository to filter on.
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for rule suites that occurred in the past 7 days (168 hours). Padrão: `day` Pode ser um dos: `hour`, `day`, `week`, `month`
`request_status` string The status of the dismissal request to filter on. When specified, only requests with this status will be returned. Padrão: `all` Pode ser um dos: `completed`, `cancelled`, `approved`, `expired`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Padrão: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Padrão: `1`

http_status_code

status_code	Descrição
`200`	A list of alert dismissal requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/orgs/{org}/dismissal-requests/dependabot

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/dismissal-requests/dependabot

A list of alert dismissal requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "dependabot_alert_dismissal",
    "data": [
      {
        "reason": "no_bandwidth",
        "alert_number": "1",
        "alert_title": "lodash - GHSA-1234-abcd-5678"
      }
    ],
    "resource_identifier": "1",
    "status": "denied",
    "requester_comment": "No bandwidth to fix this right now",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
    "html_url": "https://github.com/octo-org/smile/security/dependabot/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "dependabot_alert_dismissal",
    "data": [
      {
        "reason": "tolerable_risk",
        "alert_number": "2",
        "alert_title": "axios - GHSA-5678-efgh-9012"
      }
    ],
    "resource_identifier": "2",
    "status": "approved",
    "requester_comment": "Risk is acceptable for this internal tool",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 43,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "approved",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/2",
    "html_url": "https://github.com/octo-org/smile/security/dependabot/2"
  }
]

List dismissal requests for Dependabot alerts for a repository

Lists dismissal requests for Dependabot alerts for a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Dependabot alerts" repository permissions (read)

Parâmetros para "List dismissal requests for Dependabot alerts for a repository"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`owner` string Obrigatório The account owner of the repository. The name is not case sensitive.
`repo` string Obrigatório The name of the repository without the `.git` extension. The name is not case sensitive.

Parâmetros de consulta
Nome, Tipo, Descrição
`reviewer` string Filter alert dismissal requests by the handle of the GitHub user who reviewed the dismissal request.
`requester` string Filter alert dismissal requests by the handle of the GitHub user who requested the dismissal.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for insights that occurred in the past 7 days (168 hours). Padrão: `month` Pode ser um dos: `hour`, `day`, `week`, `month`
`request_status` string Filter alert dismissal requests by status. When specified, only requests with this status will be returned. Padrão: `all` Pode ser um dos: `open`, `approved`, `expired`, `denied`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Padrão: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Padrão: `1`

http_status_code

status_code	Descrição
`200`	A list of alert dismissal requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/repos/{owner}/{repo}/dismissal-requests/dependabot

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot

A list of alert dismissal requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "dependabot_alert_dismissal",
    "data": [
      {
        "reason": "no_bandwidth",
        "alert_number": "1",
        "alert_title": "lodash - GHSA-1234-abcd-5678"
      }
    ],
    "resource_identifier": "1",
    "status": "denied",
    "requester_comment": "No bandwidth to fix this right now",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
    "html_url": "https://github.com/octo-org/smile/security/dependabot/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "dependabot_alert_dismissal",
    "data": [
      {
        "reason": "tolerable_risk",
        "alert_number": "2",
        "alert_title": "axios - GHSA-5678-efgh-9012"
      }
    ],
    "resource_identifier": "2",
    "status": "approved",
    "requester_comment": "Risk is acceptable for this internal tool",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 43,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "approved",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/2",
    "html_url": "https://github.com/octo-org/smile/security/dependabot/2"
  }
]

Get a dismissal request for a Dependabot alert for a repository

Gets a dismissal request to dismiss a Dependabot alert in a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Dependabot alerts" repository permissions (read)

Parâmetros para "Get a dismissal request for a Dependabot alert for a repository"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`owner` string Obrigatório The account owner of the repository. The name is not case sensitive.
`repo` string Obrigatório The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Obrigatório The number that identifies the Dependabot alert.

http_status_code

status_code	Descrição
`200`	A single dismissal request.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER

A single dismissal request.

Status: 200

{
  "id": 21,
  "number": 42,
  "repository": {
    "id": 1,
    "name": "smile",
    "full_name": "octo-org/smile"
  },
  "organization": {
    "id": 1,
    "name": "octo-org"
  },
  "requester": {
    "actor_id": 12,
    "actor_name": "monalisa"
  },
  "request_type": "dependabot_alert_dismissal",
  "data": [
    {
      "reason": "no_bandwidth",
      "alert_number": "1",
      "alert_title": "lodash - GHSA-1234-abcd-5678"
    }
  ],
  "resource_identifier": "1",
  "status": "pending",
  "requester_comment": "No bandwidth to fix this right now",
  "expires_at": "2024-07-08T08:43:03Z",
  "created_at": "2024-07-01T08:43:03Z",
  "responses": [],
  "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
  "html_url": "https://github.com/octo-org/smile/security/dependabot/1"
}

Create a dismissal request for a Dependabot alert for a repository

Creates a new dismissal request to dismiss a Dependabot alert in a repository.

Delegated alert dismissal must be enabled on the repository and the user must have permission to view Dependabot alerts to access this endpoint. OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Dependabot alerts" repository permissions (read)

Parâmetros para "Create a dismissal request for a Dependabot alert for a repository"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`owner` string Obrigatório The account owner of the repository. The name is not case sensitive.
`repo` string Obrigatório The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Obrigatório The number that identifies the Dependabot alert.

Parâmetros do corpo
Nome, Tipo, Descrição
`dismissed_reason` string Obrigatório The reason for dismissing the alert. Pode ser um dos: `fix_started`, `no_bandwidth`, `tolerable_risk`, `inaccurate`, `not_used`
`dismissed_comment` string An optional comment explaining the dismissal.

http_status_code

status_code	Descrição
`201`	The created dismissal request.
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

code_samples

data_residency_notice

request_example

post/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER \
  -d '{"dismissed_reason":"tolerable_risk","dismissed_comment":"Risk is acceptable for this project."}'

The created dismissal request.

Status: 201

{
  "id": 1,
  "number": 1,
  "repository": {
    "id": 1,
    "name": "hello-world",
    "full_name": "octocat/hello-world"
  },
  "organization": {
    "id": 1,
    "name": "octocat"
  },
  "requester": {
    "actor_id": 1,
    "actor_name": "octocat"
  },
  "request_type": "dependabot_alert_closure",
  "data": [
    {
      "reason": "tolerable_risk",
      "alert_number": "42",
      "alert_title": "lodash vulnerability"
    }
  ],
  "resource_identifier": "42",
  "status": "pending",
  "requester_comment": "Risk is acceptable for this project.",
  "expires_at": "2024-01-15T00:00:00Z",
  "created_at": "2024-01-08T00:00:00Z",
  "responses": null,
  "url": "https://github.com/octocat/hello-world/security/dependabot/42"
}

Review a dismissal request for a Dependabot alert for a repository

Approve or deny a dismissal request to dismiss a Dependabot alert in a repository.

Delegated alert dismissal must be enabled on the repository and the user must be a dismissal reviewer to access this endpoint. OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Organization dismissal requests for Dependabot" organization permissions (write) and "Dependabot alerts" repository permissions (read)

Parâmetros para "Review a dismissal request for a Dependabot alert for a repository"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`owner` string Obrigatório The account owner of the repository. The name is not case sensitive.
`repo` string Obrigatório The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Obrigatório The number that identifies the Dependabot alert.

Parâmetros do corpo
Nome, Tipo, Descrição
`status` string Obrigatório The review action to perform on the dismissal request. Pode ser um dos: `approve`, `deny`
`message` string Obrigatório A message to include with the review. Has a maximum character length of 2048.

http_status_code

status_code	Descrição
`200`	The review of the dismissal request.
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

code_samples

data_residency_notice

request_example

patch/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER \
  -d '{"status":"approve","message":"Used in tests."}'

The review of the dismissal request.

Status: 200

{
  "dismissal_review_id": 1
}

Cancel a dismissal request for a Dependabot alert for a repository

Cancels a pending dismissal request for a Dependabot alert in a repository.

The authenticated user must be the requester of the dismissal request or have reviewer permissions (security manager or organization owner). Delegated alert dismissal must be enabled on the repository. OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Organization dismissal requests for Dependabot" organization permissions (write) and "Dependabot alerts" repository permissions (read)

Parâmetros para "Cancel a dismissal request for a Dependabot alert for a repository"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`owner` string Obrigatório The account owner of the repository. The name is not case sensitive.
`repo` string Obrigatório The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Obrigatório The number that identifies the Dependabot alert.

http_status_code

status_code	Descrição
`204`	Dismissal request cancelled successfully.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

delete/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER

Dismissal request cancelled successfully.

Status: 204