Análise de dependência

Use a API REST para interagir com as alterações de dependência.

Sobre a análise de dependência

Você pode usar a API REST para exibir as alterações de dependência, bem como o impacto delas sobre a segurança, antes de adicioná-las ao seu ambiente. Você pode ver a comparação de dependências entre dois commits de um repositório, incluindo dados de vulnerabilidade para todas as atualizações de versão com vulnerabilidades conhecidas. Para obter mais informações sobre a revisão de dependência, confira "Sobre a revisão de dependência".

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

Parameters

Headers
Nome, Type, Descrição
`accept`string Setting to `application/vnd.github+json` is recommended.
Path parameters
Nome, Type, Descrição
`owner`stringRequired The account owner of the repository. The name is not case sensitive.
`repo`stringRequired The name of the repository. The name is not case sensitive.
`basehead`stringRequired The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format `{base}...{head}`.
Query parameters
Nome, Type, Descrição
`name`string The full path, relative to the repository root, of the dependency manifest file.

HTTP response status codes

Status code	Descrição
`200`	OK
`403`	Forbidden
`404`	Resource not found

Code samples

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}

curl \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200

[
  {
    "change_type": "removed",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "4.6.0",
    "package_url": "pkg:npm/helmet@4.6.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "5.0.0",
    "package_url": "pkg:npm/helmet@5.0.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "Gemfile",
    "ecosystem": "rubygems",
    "name": "ruby-openid",
    "version": "2.7.0",
    "package_url": "pkg:gem/ruby-openid@2.7.0",
    "license": null,
    "source_repository_url": "https://github.com/openid/ruby-openid",
    "vulnerabilities": [
      {
        "severity": "critical",
        "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
        "advisory_summary": "Ruby OpenID",
        "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
      }
    ]
  }
]