Dependabot alerts
Use the REST API to interact with Dependabot alerts for a repository.
Примечание. Возможность использовать REST API для управления оповещениями Dependabot в настоящее время находится в общедоступной бета-версии и подлежит изменению.
Сведения о Dependabot alerts
Вы можете просматривать оповещения Dependabot для репозитория и обновлять отдельные оповещения с помощью REST API. Дополнительные сведения см. в разделе «AUTOTITLE».
List Dependabot alerts for an enterprise
Lists Dependabot alerts for repositories that are owned by the specified enterprise.
To use this endpoint, you must be a member of the enterprise, and you must use an
access token with the repo
scope or security_events
scope.
Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization."
Параметры для "List Dependabot alerts for an enterprise"
Имя., Тип, Description |
---|
accept string Setting to |
Имя., Тип, Description |
---|
enterprise string Обязательное полеThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Имя., Тип, Description |
---|
state string A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: |
severity string A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: |
ecosystem string A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: |
package string A comma-separated list of package names. If specified, only alerts for these packages will be returned. |
scope string The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. Возможные значения: |
sort string The property by which to sort the results.
По умолчанию.: Возможные значения: |
direction string The direction to sort the results by. По умолчанию.: Возможные значения: |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. |
first integer Deprecated. The number of results per page (max 100), starting from the first matching result.
This parameter must not be used in combination with По умолчанию.: |
last integer Deprecated. The number of results per page (max 100), starting from the last matching result.
This parameter must not be used in combination with |
per_page integer The number of results per page (max 100). По умолчанию.: |
Коды состояния http-ответа для "List Dependabot alerts for an enterprise"
Код состояния | Описание |
---|---|
200 | OK |
304 | Not modified |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
Примеры кода для "List Dependabot alerts for an enterprise"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/dependabot/alerts
Response
Status: 200
[
{
"number": 2,
"state": "dismissed",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-rf4j-j272-fj86",
"cve_id": "CVE-2018-6188",
"summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
"first_patched_version": {
"identifier": "1.11.10"
}
}
],
"severity": "high",
"cvss": {
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"score": 7.5
},
"cwes": [
{
"cwe_id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-rf4j-j272-fj86"
},
{
"type": "CVE",
"value": "CVE-2018-6188"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
},
{
"url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
},
{
"url": "https://usn.ubuntu.com/3559-1/"
},
{
"url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
},
{
"url": "http://www.securitytracker.com/id/1040422"
}
],
"published_at": "2018-10-03T21:13:54Z",
"updated_at": "2022-04-26T18:35:37Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
"url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2",
"html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
"created_at": "2022-06-15T07:43:03Z",
"updated_at": "2022-08-23T14:29:47Z",
"dismissed_at": "2022-08-23T14:29:47Z",
"dismissed_by": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"dismissed_reason": "tolerable_risk",
"dismissed_comment": "This alert is accurate but we use a sanitizer.",
"fixed_at": null,
"repository": {
"id": 217723378,
"node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
"name": "octo-repo",
"full_name": "octo-org/octo-repo",
"owner": {
"login": "octo-org",
"id": 6811672,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
"avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/octo-org",
"html_url": "https://github.com/octo-org",
"followers_url": "https://api.github.com/users/octo-org/followers",
"following_url": "https://api.github.com/users/octo-org/following{/other_user}",
"gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
"organizations_url": "https://api.github.com/users/octo-org/orgs",
"repos_url": "https://api.github.com/users/octo-org/repos",
"events_url": "https://api.github.com/users/octo-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/octo-org/received_events",
"type": "Organization",
"site_admin": false
},
"private": true,
"html_url": "https://github.com/octo-org/octo-repo",
"description": null,
"fork": false,
"url": "https://api.github.com/repos/octo-org/octo-repo",
"archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}",
"assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}",
"blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}",
"collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}",
"commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}",
"compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}",
"contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors",
"deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments",
"downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads",
"events_url": "https://api.github.com/repos/octo-org/octo-repo/events",
"forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks",
"git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}",
"hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks",
"issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}",
"issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}",
"keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}",
"labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}",
"languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages",
"merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges",
"milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}",
"notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}",
"pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}",
"releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}",
"stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers",
"statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers",
"subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription",
"tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags",
"teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams",
"trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}"
}
},
{
"number": 1,
"state": "open",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-8f4m-hccc-8qph",
"cve_id": "CVE-2021-20191",
"summary": "Insertion of Sensitive Information into Log File in ansible",
"description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.9.0, < 2.9.18",
"first_patched_version": {
"identifier": "2.9.18"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.10.0, < 2.10.7",
"first_patched_version": {
"identifier": "2.10.7"
}
}
],
"severity": "medium",
"cvss": {
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"score": 5.5
},
"cwes": [
{
"cwe_id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-8f4m-hccc-8qph"
},
{
"type": "CVE",
"value": "CVE-2021-20191"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
},
{
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
}
],
"published_at": "2021-06-01T17:38:00Z",
"updated_at": "2021-08-12T23:06:00Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
"url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1",
"html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
"created_at": "2022-06-14T15:21:52Z",
"updated_at": "2022-06-14T15:21:52Z",
"dismissed_at": null,
"dismissed_by": null,
"dismissed_reason": null,
"dismissed_comment": null,
"fixed_at": null,
"repository": {
"id": 664700648,
"node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
"name": "hello-world",
"full_name": "octo-org/hello-world",
"owner": {
"login": "octo-org",
"id": 6811672,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
"avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/octo-org",
"html_url": "https://github.com/octo-org",
"followers_url": "https://api.github.com/users/octo-org/followers",
"following_url": "https://api.github.com/users/octo-org/following{/other_user}",
"gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
"organizations_url": "https://api.github.com/users/octo-org/orgs",
"repos_url": "https://api.github.com/users/octo-org/repos",
"events_url": "https://api.github.com/users/octo-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/octo-org/received_events",
"type": "Organization",
"site_admin": false
},
"private": true,
"html_url": "https://github.com/octo-org/hello-world",
"description": null,
"fork": false,
"url": "https://api.github.com/repos/octo-org/hello-world",
"archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}",
"assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}",
"blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}",
"collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}",
"commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}",
"compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}",
"contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors",
"deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments",
"downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads",
"events_url": "https://api.github.com/repos/octo-org/hello-world/events",
"forks_url": "https://api.github.com/repos/octo-org/hello-world/forks",
"git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}",
"hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks",
"issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}",
"issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}",
"keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}",
"labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}",
"languages_url": "https://api.github.com/repos/octo-org/hello-world/languages",
"merges_url": "https://api.github.com/repos/octo-org/hello-world/merges",
"milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}",
"notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}",
"pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}",
"releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}",
"stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers",
"statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers",
"subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription",
"tags_url": "https://api.github.com/repos/octo-org/hello-world/tags",
"teams_url": "https://api.github.com/repos/octo-org/hello-world/teams",
"trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}"
}
}
]
List Dependabot alerts for an organization
Lists Dependabot alerts for an organization.
To use this endpoint, you must be an owner or security manager for the organization, and you must use an access token with the repo
scope or security_events
scope.
For public repositories, you may instead use the public_repo
scope.
GitHub Apps must have Dependabot alerts read permission to use this endpoint.
Параметры для "List Dependabot alerts for an organization"
Имя., Тип, Description |
---|
accept string Setting to |
Имя., Тип, Description |
---|
org string Обязательное полеThe organization name. The name is not case sensitive. |
Имя., Тип, Description |
---|
state string A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: |
severity string A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: |
ecosystem string A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: |
package string A comma-separated list of package names. If specified, only alerts for these packages will be returned. |
scope string The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. Возможные значения: |
sort string The property by which to sort the results.
По умолчанию.: Возможные значения: |
direction string The direction to sort the results by. По умолчанию.: Возможные значения: |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. |
first integer Deprecated. The number of results per page (max 100), starting from the first matching result.
This parameter must not be used in combination with По умолчанию.: |
last integer Deprecated. The number of results per page (max 100), starting from the last matching result.
This parameter must not be used in combination with |
per_page integer The number of results per page (max 100). По умолчанию.: |
Коды состояния http-ответа для "List Dependabot alerts for an organization"
Код состояния | Описание |
---|---|
200 | OK |
304 | Not modified |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
Примеры кода для "List Dependabot alerts for an organization"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/dependabot/alerts
Response
Status: 200
[
{
"number": 2,
"state": "dismissed",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-rf4j-j272-fj86",
"cve_id": "CVE-2018-6188",
"summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
"first_patched_version": {
"identifier": "1.11.10"
}
}
],
"severity": "high",
"cvss": {
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"score": 7.5
},
"cwes": [
{
"cwe_id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-rf4j-j272-fj86"
},
{
"type": "CVE",
"value": "CVE-2018-6188"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
},
{
"url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
},
{
"url": "https://usn.ubuntu.com/3559-1/"
},
{
"url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
},
{
"url": "http://www.securitytracker.com/id/1040422"
}
],
"published_at": "2018-10-03T21:13:54Z",
"updated_at": "2022-04-26T18:35:37Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
"url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2",
"html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
"created_at": "2022-06-15T07:43:03Z",
"updated_at": "2022-08-23T14:29:47Z",
"dismissed_at": "2022-08-23T14:29:47Z",
"dismissed_by": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"dismissed_reason": "tolerable_risk",
"dismissed_comment": "This alert is accurate but we use a sanitizer.",
"fixed_at": null,
"repository": {
"id": 217723378,
"node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
"name": "octo-repo",
"full_name": "octo-org/octo-repo",
"owner": {
"login": "octo-org",
"id": 6811672,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
"avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/octo-org",
"html_url": "https://github.com/octo-org",
"followers_url": "https://api.github.com/users/octo-org/followers",
"following_url": "https://api.github.com/users/octo-org/following{/other_user}",
"gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
"organizations_url": "https://api.github.com/users/octo-org/orgs",
"repos_url": "https://api.github.com/users/octo-org/repos",
"events_url": "https://api.github.com/users/octo-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/octo-org/received_events",
"type": "Organization",
"site_admin": false
},
"private": true,
"html_url": "https://github.com/octo-org/octo-repo",
"description": null,
"fork": false,
"url": "https://api.github.com/repos/octo-org/octo-repo",
"archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}",
"assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}",
"blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}",
"collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}",
"commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}",
"compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}",
"contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors",
"deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments",
"downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads",
"events_url": "https://api.github.com/repos/octo-org/octo-repo/events",
"forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks",
"git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}",
"hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks",
"issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}",
"issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}",
"keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}",
"labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}",
"languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages",
"merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges",
"milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}",
"notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}",
"pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}",
"releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}",
"stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers",
"statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers",
"subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription",
"tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags",
"teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams",
"trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}"
}
},
{
"number": 1,
"state": "open",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-8f4m-hccc-8qph",
"cve_id": "CVE-2021-20191",
"summary": "Insertion of Sensitive Information into Log File in ansible",
"description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.9.0, < 2.9.18",
"first_patched_version": {
"identifier": "2.9.18"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.10.0, < 2.10.7",
"first_patched_version": {
"identifier": "2.10.7"
}
}
],
"severity": "medium",
"cvss": {
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"score": 5.5
},
"cwes": [
{
"cwe_id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-8f4m-hccc-8qph"
},
{
"type": "CVE",
"value": "CVE-2021-20191"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
},
{
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
}
],
"published_at": "2021-06-01T17:38:00Z",
"updated_at": "2021-08-12T23:06:00Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
"url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1",
"html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
"created_at": "2022-06-14T15:21:52Z",
"updated_at": "2022-06-14T15:21:52Z",
"dismissed_at": null,
"dismissed_by": null,
"dismissed_reason": null,
"dismissed_comment": null,
"fixed_at": null,
"repository": {
"id": 664700648,
"node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
"name": "hello-world",
"full_name": "octo-org/hello-world",
"owner": {
"login": "octo-org",
"id": 6811672,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
"avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/octo-org",
"html_url": "https://github.com/octo-org",
"followers_url": "https://api.github.com/users/octo-org/followers",
"following_url": "https://api.github.com/users/octo-org/following{/other_user}",
"gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
"organizations_url": "https://api.github.com/users/octo-org/orgs",
"repos_url": "https://api.github.com/users/octo-org/repos",
"events_url": "https://api.github.com/users/octo-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/octo-org/received_events",
"type": "Organization",
"site_admin": false
},
"private": true,
"html_url": "https://github.com/octo-org/hello-world",
"description": null,
"fork": false,
"url": "https://api.github.com/repos/octo-org/hello-world",
"archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}",
"assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}",
"blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}",
"collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}",
"commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}",
"compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}",
"contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors",
"deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments",
"downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads",
"events_url": "https://api.github.com/repos/octo-org/hello-world/events",
"forks_url": "https://api.github.com/repos/octo-org/hello-world/forks",
"git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}",
"hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks",
"issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}",
"issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}",
"keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}",
"labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}",
"languages_url": "https://api.github.com/repos/octo-org/hello-world/languages",
"merges_url": "https://api.github.com/repos/octo-org/hello-world/merges",
"milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}",
"notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}",
"pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}",
"releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}",
"stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers",
"statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers",
"subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription",
"tags_url": "https://api.github.com/repos/octo-org/hello-world/tags",
"teams_url": "https://api.github.com/repos/octo-org/hello-world/teams",
"trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}"
}
}
]
List Dependabot alerts for a repository
You must use an access token with the security_events
scope to use this endpoint with private repositories.
You can also use tokens with the public_repo
scope for public repositories only.
GitHub Apps must have Dependabot alerts read permission to use this endpoint.
Параметры для "List Dependabot alerts for a repository"
Имя., Тип, Description |
---|
accept string Setting to |
Имя., Тип, Description |
---|
owner string Обязательное полеThe account owner of the repository. The name is not case sensitive. |
repo string Обязательное полеThe name of the repository without the |
Имя., Тип, Description |
---|
state string A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: |
severity string A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: |
ecosystem string A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: |
package string A comma-separated list of package names. If specified, only alerts for these packages will be returned. |
manifest string A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned. |
scope string The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. Возможные значения: |
sort string The property by which to sort the results.
По умолчанию.: Возможные значения: |
direction string The direction to sort the results by. По умолчанию.: Возможные значения: |
page integer Deprecated. Page number of the results to fetch. Use cursor-based pagination with По умолчанию.: |
per_page integer The number of results per page (max 100). По умолчанию.: |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. |
first integer Deprecated. The number of results per page (max 100), starting from the first matching result.
This parameter must not be used in combination with По умолчанию.: |
last integer Deprecated. The number of results per page (max 100), starting from the last matching result.
This parameter must not be used in combination with |
Коды состояния http-ответа для "List Dependabot alerts for a repository"
Код состояния | Описание |
---|---|
200 | OK |
304 | Not modified |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
Примеры кода для "List Dependabot alerts for a repository"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dependabot/alerts
Response
Status: 200
[
{
"number": 2,
"state": "dismissed",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-rf4j-j272-fj86",
"cve_id": "CVE-2018-6188",
"summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
"first_patched_version": {
"identifier": "1.11.10"
}
}
],
"severity": "high",
"cvss": {
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"score": 7.5
},
"cwes": [
{
"cwe_id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-rf4j-j272-fj86"
},
{
"type": "CVE",
"value": "CVE-2018-6188"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
},
{
"url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
},
{
"url": "https://usn.ubuntu.com/3559-1/"
},
{
"url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
},
{
"url": "http://www.securitytracker.com/id/1040422"
}
],
"published_at": "2018-10-03T21:13:54Z",
"updated_at": "2022-04-26T18:35:37Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
"url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2",
"html_url": "https://github.com/octocat/hello-world/security/dependabot/2",
"created_at": "2022-06-15T07:43:03Z",
"updated_at": "2022-08-23T14:29:47Z",
"dismissed_at": "2022-08-23T14:29:47Z",
"dismissed_by": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"dismissed_reason": "tolerable_risk",
"dismissed_comment": "This alert is accurate but we use a sanitizer.",
"fixed_at": null
},
{
"number": 1,
"state": "open",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-8f4m-hccc-8qph",
"cve_id": "CVE-2021-20191",
"summary": "Insertion of Sensitive Information into Log File in ansible",
"description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.9.0, < 2.9.18",
"first_patched_version": {
"identifier": "2.9.18"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.10.0, < 2.10.7",
"first_patched_version": {
"identifier": "2.10.7"
}
}
],
"severity": "medium",
"cvss": {
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"score": 5.5
},
"cwes": [
{
"cwe_id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-8f4m-hccc-8qph"
},
{
"type": "CVE",
"value": "CVE-2021-20191"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
},
{
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
}
],
"published_at": "2021-06-01T17:38:00Z",
"updated_at": "2021-08-12T23:06:00Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
"url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1",
"html_url": "https://github.com/octocat/hello-world/security/dependabot/1",
"created_at": "2022-06-14T15:21:52Z",
"updated_at": "2022-06-14T15:21:52Z",
"dismissed_at": null,
"dismissed_by": null,
"dismissed_reason": null,
"dismissed_comment": null,
"fixed_at": null
}
]
Get a Dependabot alert
You must use an access token with the security_events
scope to use this endpoint with private repositories.
You can also use tokens with the public_repo
scope for public repositories only.
GitHub Apps must have Dependabot alerts read permission to use this endpoint.
Параметры для "Get a Dependabot alert"
Имя., Тип, Description |
---|
accept string Setting to |
Имя., Тип, Description |
---|
owner string Обязательное полеThe account owner of the repository. The name is not case sensitive. |
repo string Обязательное полеThe name of the repository without the |
alert_number integer Обязательное полеThe number that identifies a Dependabot alert in its repository.
You can find this at the end of the URL for a Dependabot alert within GitHub,
or in |
Коды состояния http-ответа для "Get a Dependabot alert"
Код состояния | Описание |
---|---|
200 | OK |
304 | Not modified |
403 | Forbidden |
404 | Resource not found |
Примеры кода для "Get a Dependabot alert"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER
Response
Status: 200
{
"number": 1,
"state": "open",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-8f4m-hccc-8qph",
"cve_id": "CVE-2021-20191",
"summary": "Insertion of Sensitive Information into Log File in ansible",
"description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.9.0, < 2.9.18",
"first_patched_version": {
"identifier": "2.9.18"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.10.0, < 2.10.7",
"first_patched_version": {
"identifier": "2.10.7"
}
}
],
"severity": "medium",
"cvss": {
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"score": 5.5
},
"cwes": [
{
"cwe_id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-8f4m-hccc-8qph"
},
{
"type": "CVE",
"value": "CVE-2021-20191"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
},
{
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
}
],
"published_at": "2021-06-01T17:38:00Z",
"updated_at": "2021-08-12T23:06:00Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
"url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1",
"html_url": "https://github.com/octocat/hello-world/security/dependabot/1",
"created_at": "2022-06-14T15:21:52Z",
"updated_at": "2022-06-14T15:21:52Z",
"dismissed_at": null,
"dismissed_by": null,
"dismissed_reason": null,
"dismissed_comment": null,
"fixed_at": null
}
Update a Dependabot alert
You must use an access token with the security_events
scope to use this endpoint with private repositories.
You can also use tokens with the public_repo
scope for public repositories only.
GitHub Apps must have Dependabot alerts write permission to use this endpoint.
To use this endpoint, you must have access to security alerts for the repository. For more information, see "Granting access to security alerts."
Параметры для "Update a Dependabot alert"
Имя., Тип, Description |
---|
accept string Setting to |
Имя., Тип, Description |
---|
owner string Обязательное полеThe account owner of the repository. The name is not case sensitive. |
repo string Обязательное полеThe name of the repository without the |
alert_number integer Обязательное полеThe number that identifies a Dependabot alert in its repository.
You can find this at the end of the URL for a Dependabot alert within GitHub,
or in |
Имя., Тип, Description |
---|
state string Обязательное полеThe state of the Dependabot alert.
A Возможные значения: |
dismissed_reason string Required when Возможные значения: |
dismissed_comment string An optional comment associated with dismissing the alert. |
Коды состояния http-ответа для "Update a Dependabot alert"
Код состояния | Описание |
---|---|
200 | OK |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
409 | Conflict |
422 | Validation failed, or the endpoint has been spammed. |
Примеры кода для "Update a Dependabot alert"
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \
-d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'
Response
Status: 200
{
"number": 2,
"state": "dismissed",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-rf4j-j272-fj86",
"cve_id": "CVE-2018-6188",
"summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
"first_patched_version": {
"identifier": "1.11.10"
}
}
],
"severity": "high",
"cvss": {
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"score": 7.5
},
"cwes": [
{
"cwe_id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-rf4j-j272-fj86"
},
{
"type": "CVE",
"value": "CVE-2018-6188"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
},
{
"url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
},
{
"url": "https://usn.ubuntu.com/3559-1/"
},
{
"url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
},
{
"url": "http://www.securitytracker.com/id/1040422"
}
],
"published_at": "2018-10-03T21:13:54Z",
"updated_at": "2022-04-26T18:35:37Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
"url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2",
"html_url": "https://github.com/octocat/hello-world/security/dependabot/2",
"created_at": "2022-06-15T07:43:03Z",
"updated_at": "2022-08-23T14:29:47Z",
"dismissed_at": "2022-08-23T14:29:47Z",
"dismissed_by": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"dismissed_reason": "tolerable_risk",
"dismissed_comment": "This alert is accurate but we use a sanitizer.",
"fixed_at": null
}