Skip to main content
Мы публикуем частые обновления нашей документации, и перевод этой страницы, возможно, еще выполняется. Актуальные сведения см. в документации на английском языке.
REST API теперь имеет версию. Дополнительные сведения см. в разделе Сведения об управлении версиями API.

Dependabot alerts

Используйте REST API для взаимодействия с оповещениями Dependabot для репозитория.

Примечание. Возможность использования REST API для управления оповещениями Dependabot в настоящее время находится в общедоступной бета-версии и может быть изменена.

Сведения о Dependabot alerts

Вы можете просматривать оповещения Dependabot для репозитория и обновлять отдельные оповещения с помощью REST API. Дополнительные сведения см. в разделе Сведения об оповещениях Dependabot.

List Dependabot alerts for an enterprise

Lists Dependabot alerts for repositories that are owned by the specified enterprise. To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization."

Параметры для "List Dependabot alerts for an enterprise"

Заголовки
Имя, Тип, Описание
accept string

Setting to application/vnd.github+json is recommended.

Параметры пути
Имя, Тип, Описание
enterprise string Обязательно

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Параметры запроса
Имя, Тип, Описание
state string

A comma-separated list of states. If specified, only alerts with these states will be returned.

Can be: dismissed, fixed, open

severity string

A comma-separated list of severities. If specified, only alerts with these severities will be returned.

Can be: low, medium, high, critical

ecosystem string

A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.

Can be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust

package string

A comma-separated list of package names. If specified, only alerts for these packages will be returned.

scope string

The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.

Может быть одним из: development, runtime

sort string

The property by which to sort the results. created means when the alert was created. updated means when the alert's state last changed.

Значение по умолчанию: created

Может быть одним из: created, updated

direction string

The direction to sort the results by.

Значение по умолчанию: desc

Может быть одним из: asc, desc

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.

first integer

Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with last. Instead, use per_page in combination with after to fetch the first page of results.

Значение по умолчанию: 30

last integer

Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with first. Instead, use per_page in combination with before to fetch the last page of results.

per_page integer

The number of results per page (max 100).

Значение по умолчанию: 30

Коды состояния HTTP-ответа для "List Dependabot alerts for an enterprise"

Код состоянияОписание
200

OK

304

Not modified

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

Примеры кода для "List Dependabot alerts for an enterprise"

get/enterprises/{enterprise}/dependabot/alerts
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/dependabot/alerts

Response

Status: 200
[ { "number": 2, "state": "dismissed", "dependency": { "package": { "ecosystem": "pip", "name": "django" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-rf4j-j272-fj86", "cve_id": "CVE-2018-6188", "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 1.11.8, < 1.11.10", "first_patched_version": { "identifier": "1.11.10" } } ], "severity": "high", "cvss": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cwes": [ { "cwe_id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-rf4j-j272-fj86" }, { "type": "CVE", "value": "CVE-2018-6188" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" }, { "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" }, { "url": "https://usn.ubuntu.com/3559-1/" }, { "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" }, { "url": "http://www.securitytracker.com/id/1040422" } ], "published_at": "2018-10-03T21:13:54Z", "updated_at": "2022-04-26T18:35:37Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, "url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2", "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2", "created_at": "2022-06-15T07:43:03Z", "updated_at": "2022-08-23T14:29:47Z", "dismissed_at": "2022-08-23T14:29:47Z", "dismissed_by": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_reason": "tolerable_risk", "dismissed_comment": "This alert is accurate but we use a sanitizer.", "fixed_at": null, "repository": { "id": 217723378, "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=", "name": "octo-repo", "full_name": "octo-org/octo-repo", "owner": { "login": "octo-org", "id": 6811672, "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", "gravatar_id": "", "url": "https://api.github.com/users/octo-org", "html_url": "https://github.com/octo-org", "followers_url": "https://api.github.com/users/octo-org/followers", "following_url": "https://api.github.com/users/octo-org/following{/other_user}", "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", "organizations_url": "https://api.github.com/users/octo-org/orgs", "repos_url": "https://api.github.com/users/octo-org/repos", "events_url": "https://api.github.com/users/octo-org/events{/privacy}", "received_events_url": "https://api.github.com/users/octo-org/received_events", "type": "Organization", "site_admin": false }, "private": true, "html_url": "https://github.com/octo-org/octo-repo", "description": null, "fork": false, "url": "https://api.github.com/repos/octo-org/octo-repo", "archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}", "assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}", "blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}", "branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}", "collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}", "comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}", "commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}", "compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}", "contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}", "contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors", "deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments", "downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads", "events_url": "https://api.github.com/repos/octo-org/octo-repo/events", "forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks", "git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}", "git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}", "git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}", "hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks", "issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}", "issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}", "issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}", "keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}", "labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}", "languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages", "merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges", "milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}", "notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}", "pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}", "releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}", "stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers", "statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers", "subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription", "tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags", "teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams", "trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}" } }, { "number": 1, "state": "open", "dependency": { "package": { "ecosystem": "pip", "name": "ansible" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-8f4m-hccc-8qph", "cve_id": "CVE-2021-20191", "summary": "Insertion of Sensitive Information into Log File in ansible", "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.9.0, < 2.9.18", "first_patched_version": { "identifier": "2.9.18" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.10.0, < 2.10.7", "first_patched_version": { "identifier": "2.10.7" } } ], "severity": "medium", "cvss": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cwes": [ { "cwe_id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-8f4m-hccc-8qph" }, { "type": "CVE", "value": "CVE-2021-20191" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" } ], "published_at": "2021-06-01T17:38:00Z", "updated_at": "2021-08-12T23:06:00Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, "url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1", "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1", "created_at": "2022-06-14T15:21:52Z", "updated_at": "2022-06-14T15:21:52Z", "dismissed_at": null, "dismissed_by": null, "dismissed_reason": null, "dismissed_comment": null, "fixed_at": null, "repository": { "id": 664700648, "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=", "name": "hello-world", "full_name": "octo-org/hello-world", "owner": { "login": "octo-org", "id": 6811672, "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", "gravatar_id": "", "url": "https://api.github.com/users/octo-org", "html_url": "https://github.com/octo-org", "followers_url": "https://api.github.com/users/octo-org/followers", "following_url": "https://api.github.com/users/octo-org/following{/other_user}", "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", "organizations_url": "https://api.github.com/users/octo-org/orgs", "repos_url": "https://api.github.com/users/octo-org/repos", "events_url": "https://api.github.com/users/octo-org/events{/privacy}", "received_events_url": "https://api.github.com/users/octo-org/received_events", "type": "Organization", "site_admin": false }, "private": true, "html_url": "https://github.com/octo-org/hello-world", "description": null, "fork": false, "url": "https://api.github.com/repos/octo-org/hello-world", "archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}", "assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}", "blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}", "branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}", "collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}", "comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}", "commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}", "compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}", "contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}", "contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors", "deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments", "downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads", "events_url": "https://api.github.com/repos/octo-org/hello-world/events", "forks_url": "https://api.github.com/repos/octo-org/hello-world/forks", "git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}", "git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}", "git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}", "hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks", "issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}", "issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}", "issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}", "keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}", "labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}", "languages_url": "https://api.github.com/repos/octo-org/hello-world/languages", "merges_url": "https://api.github.com/repos/octo-org/hello-world/merges", "milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}", "notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}", "pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}", "releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}", "stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers", "statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers", "subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription", "tags_url": "https://api.github.com/repos/octo-org/hello-world/tags", "teams_url": "https://api.github.com/repos/octo-org/hello-world/teams", "trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}" } } ]

List Dependabot alerts for an organization

Работа с GitHub Apps

Lists Dependabot alerts for an organization.

To use this endpoint, you must be an owner or security manager for the organization, and you must use an access token with the repo scope or security_events scope.

For public repositories, you may instead use the public_repo scope.

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

Параметры для "List Dependabot alerts for an organization"

Заголовки
Имя, Тип, Описание
accept string

Setting to application/vnd.github+json is recommended.

Параметры пути
Имя, Тип, Описание
org string Обязательно

The organization name. The name is not case sensitive.

Параметры запроса
Имя, Тип, Описание
state string

A comma-separated list of states. If specified, only alerts with these states will be returned.

Can be: dismissed, fixed, open

severity string

A comma-separated list of severities. If specified, only alerts with these severities will be returned.

Can be: low, medium, high, critical

ecosystem string

A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.

Can be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust

package string

A comma-separated list of package names. If specified, only alerts for these packages will be returned.

scope string

The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.

Может быть одним из: development, runtime

sort string

The property by which to sort the results. created means when the alert was created. updated means when the alert's state last changed.

Значение по умолчанию: created

Может быть одним из: created, updated

direction string

The direction to sort the results by.

Значение по умолчанию: desc

Может быть одним из: asc, desc

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.

first integer

Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with last. Instead, use per_page in combination with after to fetch the first page of results.

Значение по умолчанию: 30

last integer

Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with first. Instead, use per_page in combination with before to fetch the last page of results.

per_page integer

The number of results per page (max 100).

Значение по умолчанию: 30

Коды состояния HTTP-ответа для "List Dependabot alerts for an organization"

Код состоянияОписание
200

OK

304

Not modified

400

Bad Request

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

Примеры кода для "List Dependabot alerts for an organization"

get/orgs/{org}/dependabot/alerts
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/dependabot/alerts

Response

Status: 200
[ { "number": 2, "state": "dismissed", "dependency": { "package": { "ecosystem": "pip", "name": "django" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-rf4j-j272-fj86", "cve_id": "CVE-2018-6188", "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 1.11.8, < 1.11.10", "first_patched_version": { "identifier": "1.11.10" } } ], "severity": "high", "cvss": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cwes": [ { "cwe_id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-rf4j-j272-fj86" }, { "type": "CVE", "value": "CVE-2018-6188" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" }, { "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" }, { "url": "https://usn.ubuntu.com/3559-1/" }, { "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" }, { "url": "http://www.securitytracker.com/id/1040422" } ], "published_at": "2018-10-03T21:13:54Z", "updated_at": "2022-04-26T18:35:37Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, "url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2", "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2", "created_at": "2022-06-15T07:43:03Z", "updated_at": "2022-08-23T14:29:47Z", "dismissed_at": "2022-08-23T14:29:47Z", "dismissed_by": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_reason": "tolerable_risk", "dismissed_comment": "This alert is accurate but we use a sanitizer.", "fixed_at": null, "repository": { "id": 217723378, "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=", "name": "octo-repo", "full_name": "octo-org/octo-repo", "owner": { "login": "octo-org", "id": 6811672, "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", "gravatar_id": "", "url": "https://api.github.com/users/octo-org", "html_url": "https://github.com/octo-org", "followers_url": "https://api.github.com/users/octo-org/followers", "following_url": "https://api.github.com/users/octo-org/following{/other_user}", "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", "organizations_url": "https://api.github.com/users/octo-org/orgs", "repos_url": "https://api.github.com/users/octo-org/repos", "events_url": "https://api.github.com/users/octo-org/events{/privacy}", "received_events_url": "https://api.github.com/users/octo-org/received_events", "type": "Organization", "site_admin": false }, "private": true, "html_url": "https://github.com/octo-org/octo-repo", "description": null, "fork": false, "url": "https://api.github.com/repos/octo-org/octo-repo", "archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}", "assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}", "blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}", "branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}", "collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}", "comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}", "commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}", "compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}", "contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}", "contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors", "deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments", "downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads", "events_url": "https://api.github.com/repos/octo-org/octo-repo/events", "forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks", "git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}", "git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}", "git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}", "hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks", "issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}", "issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}", "issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}", "keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}", "labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}", "languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages", "merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges", "milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}", "notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}", "pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}", "releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}", "stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers", "statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers", "subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription", "tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags", "teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams", "trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}" } }, { "number": 1, "state": "open", "dependency": { "package": { "ecosystem": "pip", "name": "ansible" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-8f4m-hccc-8qph", "cve_id": "CVE-2021-20191", "summary": "Insertion of Sensitive Information into Log File in ansible", "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.9.0, < 2.9.18", "first_patched_version": { "identifier": "2.9.18" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.10.0, < 2.10.7", "first_patched_version": { "identifier": "2.10.7" } } ], "severity": "medium", "cvss": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cwes": [ { "cwe_id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-8f4m-hccc-8qph" }, { "type": "CVE", "value": "CVE-2021-20191" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" } ], "published_at": "2021-06-01T17:38:00Z", "updated_at": "2021-08-12T23:06:00Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, "url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1", "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1", "created_at": "2022-06-14T15:21:52Z", "updated_at": "2022-06-14T15:21:52Z", "dismissed_at": null, "dismissed_by": null, "dismissed_reason": null, "dismissed_comment": null, "fixed_at": null, "repository": { "id": 664700648, "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=", "name": "hello-world", "full_name": "octo-org/hello-world", "owner": { "login": "octo-org", "id": 6811672, "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", "gravatar_id": "", "url": "https://api.github.com/users/octo-org", "html_url": "https://github.com/octo-org", "followers_url": "https://api.github.com/users/octo-org/followers", "following_url": "https://api.github.com/users/octo-org/following{/other_user}", "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", "organizations_url": "https://api.github.com/users/octo-org/orgs", "repos_url": "https://api.github.com/users/octo-org/repos", "events_url": "https://api.github.com/users/octo-org/events{/privacy}", "received_events_url": "https://api.github.com/users/octo-org/received_events", "type": "Organization", "site_admin": false }, "private": true, "html_url": "https://github.com/octo-org/hello-world", "description": null, "fork": false, "url": "https://api.github.com/repos/octo-org/hello-world", "archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}", "assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}", "blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}", "branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}", "collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}", "comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}", "commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}", "compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}", "contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}", "contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors", "deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments", "downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads", "events_url": "https://api.github.com/repos/octo-org/hello-world/events", "forks_url": "https://api.github.com/repos/octo-org/hello-world/forks", "git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}", "git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}", "git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}", "hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks", "issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}", "issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}", "issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}", "keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}", "labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}", "languages_url": "https://api.github.com/repos/octo-org/hello-world/languages", "merges_url": "https://api.github.com/repos/octo-org/hello-world/merges", "milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}", "notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}", "pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}", "releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}", "stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers", "statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers", "subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription", "tags_url": "https://api.github.com/repos/octo-org/hello-world/tags", "teams_url": "https://api.github.com/repos/octo-org/hello-world/teams", "trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}" } } ]

List Dependabot alerts for a repository

Работа с GitHub Apps

You must use an access token with the security_events scope to use this endpoint with private repositories. You can also use tokens with the public_repo scope for public repositories only. GitHub Apps must have Dependabot alerts read permission to use this endpoint.

Параметры для "List Dependabot alerts for a repository"

Заголовки
Имя, Тип, Описание
accept string

Setting to application/vnd.github+json is recommended.

Параметры пути
Имя, Тип, Описание
owner string Обязательно

The account owner of the repository. The name is not case sensitive.

repo string Обязательно

The name of the repository. The name is not case sensitive.

Параметры запроса
Имя, Тип, Описание
state string

A comma-separated list of states. If specified, only alerts with these states will be returned.

Can be: dismissed, fixed, open

severity string

A comma-separated list of severities. If specified, only alerts with these severities will be returned.

Can be: low, medium, high, critical

ecosystem string

A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.

Can be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust

package string

A comma-separated list of package names. If specified, only alerts for these packages will be returned.

manifest string

A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned.

scope string

The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.

Может быть одним из: development, runtime

sort string

The property by which to sort the results. created means when the alert was created. updated means when the alert's state last changed.

Значение по умолчанию: created

Может быть одним из: created, updated

direction string

The direction to sort the results by.

Значение по умолчанию: desc

Может быть одним из: asc, desc

page integer

Deprecated. Page number of the results to fetch. Use cursor-based pagination with before or after instead.

Значение по умолчанию: 1

per_page integer

The number of results per page (max 100).

Значение по умолчанию: 30

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.

first integer

Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with last. Instead, use per_page in combination with after to fetch the first page of results.

Значение по умолчанию: 30

last integer

Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with first. Instead, use per_page in combination with before to fetch the last page of results.

Коды состояния HTTP-ответа для "List Dependabot alerts for a repository"

Код состоянияОписание
200

OK

304

Not modified

400

Bad Request

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

Примеры кода для "List Dependabot alerts for a repository"

get/repos/{owner}/{repo}/dependabot/alerts
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dependabot/alerts

Response

Status: 200
[ { "number": 2, "state": "dismissed", "dependency": { "package": { "ecosystem": "pip", "name": "django" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-rf4j-j272-fj86", "cve_id": "CVE-2018-6188", "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 1.11.8, < 1.11.10", "first_patched_version": { "identifier": "1.11.10" } } ], "severity": "high", "cvss": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cwes": [ { "cwe_id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-rf4j-j272-fj86" }, { "type": "CVE", "value": "CVE-2018-6188" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" }, { "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" }, { "url": "https://usn.ubuntu.com/3559-1/" }, { "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" }, { "url": "http://www.securitytracker.com/id/1040422" } ], "published_at": "2018-10-03T21:13:54Z", "updated_at": "2022-04-26T18:35:37Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", "created_at": "2022-06-15T07:43:03Z", "updated_at": "2022-08-23T14:29:47Z", "dismissed_at": "2022-08-23T14:29:47Z", "dismissed_by": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_reason": "tolerable_risk", "dismissed_comment": "This alert is accurate but we use a sanitizer.", "fixed_at": null }, { "number": 1, "state": "open", "dependency": { "package": { "ecosystem": "pip", "name": "ansible" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-8f4m-hccc-8qph", "cve_id": "CVE-2021-20191", "summary": "Insertion of Sensitive Information into Log File in ansible", "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.9.0, < 2.9.18", "first_patched_version": { "identifier": "2.9.18" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.10.0, < 2.10.7", "first_patched_version": { "identifier": "2.10.7" } } ], "severity": "medium", "cvss": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cwes": [ { "cwe_id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-8f4m-hccc-8qph" }, { "type": "CVE", "value": "CVE-2021-20191" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" } ], "published_at": "2021-06-01T17:38:00Z", "updated_at": "2021-08-12T23:06:00Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", "created_at": "2022-06-14T15:21:52Z", "updated_at": "2022-06-14T15:21:52Z", "dismissed_at": null, "dismissed_by": null, "dismissed_reason": null, "dismissed_comment": null, "fixed_at": null } ]

Get a Dependabot alert

Работа с GitHub Apps

You must use an access token with the security_events scope to use this endpoint with private repositories. You can also use tokens with the public_repo scope for public repositories only. GitHub Apps must have Dependabot alerts read permission to use this endpoint.

Параметры для "Get a Dependabot alert"

Заголовки
Имя, Тип, Описание
accept string

Setting to application/vnd.github+json is recommended.

Параметры пути
Имя, Тип, Описание
owner string Обязательно

The account owner of the repository. The name is not case sensitive.

repo string Обязательно

The name of the repository. The name is not case sensitive.

alert_number integer Обязательно

The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in number fields in the response from the GET /repos/{owner}/{repo}/dependabot/alerts operation.

Коды состояния HTTP-ответа для "Get a Dependabot alert"

Код состоянияОписание
200

OK

304

Not modified

403

Forbidden

404

Resource not found

Примеры кода для "Get a Dependabot alert"

get/repos/{owner}/{repo}/dependabot/alerts/{alert_number}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER

Response

Status: 200
{ "number": 1, "state": "open", "dependency": { "package": { "ecosystem": "pip", "name": "ansible" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-8f4m-hccc-8qph", "cve_id": "CVE-2021-20191", "summary": "Insertion of Sensitive Information into Log File in ansible", "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.9.0, < 2.9.18", "first_patched_version": { "identifier": "2.9.18" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": ">= 2.10.0, < 2.10.7", "first_patched_version": { "identifier": "2.10.7" } } ], "severity": "medium", "cvss": { "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "score": 5.5 }, "cwes": [ { "cwe_id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-8f4m-hccc-8qph" }, { "type": "CVE", "value": "CVE-2021-20191" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" } ], "published_at": "2021-06-01T17:38:00Z", "updated_at": "2021-08-12T23:06:00Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "ansible" }, "severity": "medium", "vulnerable_version_range": "< 2.8.19", "first_patched_version": { "identifier": "2.8.19" } }, "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", "created_at": "2022-06-14T15:21:52Z", "updated_at": "2022-06-14T15:21:52Z", "dismissed_at": null, "dismissed_by": null, "dismissed_reason": null, "dismissed_comment": null, "fixed_at": null }

Update a Dependabot alert

Работа с GitHub Apps

You must use an access token with the security_events scope to use this endpoint with private repositories. You can also use tokens with the public_repo scope for public repositories only. GitHub Apps must have Dependabot alerts write permission to use this endpoint.

Параметры для "Update a Dependabot alert"

Заголовки
Имя, Тип, Описание
accept string

Setting to application/vnd.github+json is recommended.

Параметры пути
Имя, Тип, Описание
owner string Обязательно

The account owner of the repository. The name is not case sensitive.

repo string Обязательно

The name of the repository. The name is not case sensitive.

alert_number integer Обязательно

The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in number fields in the response from the GET /repos/{owner}/{repo}/dependabot/alerts operation.

Параметры запроса
Имя, Тип, Описание
state string Обязательно

The state of the Dependabot alert. A dismissed_reason must be provided when setting the state to dismissed.

Может быть одним из: dismissed, open

dismissed_reason string

Required when state is dismissed. A reason for dismissing the alert.

Может быть одним из: fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk

dismissed_comment string

An optional comment associated with dismissing the alert.

Коды состояния HTTP-ответа для "Update a Dependabot alert"

Код состоянияОписание
200

OK

400

Bad Request

403

Forbidden

404

Resource not found

409

Conflict

422

Validation failed, or the endpoint has been spammed.

Примеры кода для "Update a Dependabot alert"

patch/repos/{owner}/{repo}/dependabot/alerts/{alert_number}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>"\ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \ -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'

Response

Status: 200
{ "number": 2, "state": "dismissed", "dependency": { "package": { "ecosystem": "pip", "name": "django" }, "manifest_path": "path/to/requirements.txt", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-rf4j-j272-fj86", "cve_id": "CVE-2018-6188", "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", "vulnerabilities": [ { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 1.11.8, < 1.11.10", "first_patched_version": { "identifier": "1.11.10" } } ], "severity": "high", "cvss": { "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 7.5 }, "cwes": [ { "cwe_id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" } ], "identifiers": [ { "type": "GHSA", "value": "GHSA-rf4j-j272-fj86" }, { "type": "CVE", "value": "CVE-2018-6188" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" }, { "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" }, { "url": "https://usn.ubuntu.com/3559-1/" }, { "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" }, { "url": "http://www.securitytracker.com/id/1040422" } ], "published_at": "2018-10-03T21:13:54Z", "updated_at": "2022-04-26T18:35:37Z", "withdrawn_at": null }, "security_vulnerability": { "package": { "ecosystem": "pip", "name": "django" }, "severity": "high", "vulnerable_version_range": ">= 2.0.0, < 2.0.2", "first_patched_version": { "identifier": "2.0.2" } }, "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", "created_at": "2022-06-15T07:43:03Z", "updated_at": "2022-08-23T14:29:47Z", "dismissed_at": "2022-08-23T14:29:47Z", "dismissed_by": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_reason": "tolerable_risk", "dismissed_comment": "This alert is accurate but we use a sanitizer.", "fixed_at": null }