Конечные точки REST API для глобальных рекомендаций по безопасности

Примечание. Чтобы использовать эти конечные точки, администратор должен включить GitHub Connect для ваш экземпляр GitHub Enterprise Server. Дополнительные сведения см. в разделе Просмотр рекомендаций по безопасности в базе данных рекомендаций по GitHub.

List global security advisories

Lists all global security advisories that match the specified parameters. If no other parameters are defined, the request will return only GitHub-reviewed advisories that are not malware.

By default, all responses will exclude advisories for malware, because malware are not standard vulnerabilities. To list advisories for malware, you must include the type parameter in your request, with the value malware. For more information about the different types of security advisories, see "About the GitHub Advisory database."

Подробные маркеры доступа для "List global security advisories

Эта конечная точка работает со следующими точными типами маркеров:

Для тонкого маркера не требуются разрешения.

Эту конечную точку можно использовать без проверки подлинности, если запрашиваются только общедоступные ресурсы.

Параметры для "List global security advisories"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры запроса
Имя., Тип, Description
`ghsa_id` string If specified, only advisories with this GHSA (GitHub Security Advisory) identifier will be returned.
`type` string If specified, only advisories of this type will be returned. By default, a request with no other parameters defined will only return reviewed advisories that are not malware. По умолчанию.: `reviewed` Возможные значения: `reviewed`, `malware`, `unreviewed`
`cve_id` string If specified, only advisories with this CVE (Common Vulnerabilities and Exposures) identifier will be returned.
`ecosystem` string If specified, only advisories for these ecosystems will be returned. Возможные значения: `rubygems`, `npm`, `pip`, `maven`, `nuget`, `composer`, `go`, `rust`, `erlang`, `actions`, `pub`, `other`, `swift`
`severity` string If specified, only advisories with these severities will be returned. Возможные значения: `unknown`, `low`, `medium`, `high`, `critical`
`cwes` If specified, only advisories with these Common Weakness Enumerations (CWEs) will be returned. Example: `cwes=79,284,22` or `cwes[]=79&cwes[]=284&cwes[]=22`
`is_withdrawn` boolean Whether to only return advisories that have been withdrawn.
`affects` If specified, only return advisories that affect any of `package` or `package@version`. A maximum of 1000 packages can be specified. If the query parameter causes the URL to exceed the maximum URL length supported by your client, you must specify fewer packages. Example: `affects=package1,package2@1.0.0,package3@^2.0.0` or `affects[]=package1&affects[]=package2@1.0.0`
`published` string If specified, only return advisories that were published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax."
`updated` string If specified, only return advisories that were updated on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax."
`modified` string If specified, only show advisories that were updated or published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax."
`epss_percentage` string If specified, only return advisories that have an EPSS percentage score that matches the provided value. The EPSS percentage represents the likelihood of a CVE being exploited.
`epss_percentile` string If specified, only return advisories that have an EPSS percentile score that matches the provided value. The EPSS percentile represents the relative rank of the CVE's likelihood of being exploited compared to other CVEs.
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."
`direction` string The direction to sort the results by. По умолчанию.: `desc` Возможные значения: `asc`, `desc`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." По умолчанию.: `30`
`sort` string The property to sort the results by. По умолчанию.: `published` Возможные значения: `updated`, `published`, `epss_percentage`, `epss_percentile`

Коды состояния http-ответа для "List global security advisories"

Код состояния	Описание
`200`	OK
`422`	Validation failed, or the endpoint has been spammed.
`429`	Too many requests

Примеры кода для "List global security advisories"

Пример запроса

get/advisories

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/advisories

Response

Status: 200

[
  {
    "id": 1,
    "ghsa_id": "GHSA-abcd-1234-efgh",
    "cve_id": "CVE-2050-00000",
    "url": "https://HOSTNAME/advisories/GHSA-abcd-1234-efgh",
    "html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh",
    "repository_advisory_url": "https://HOSTNAME/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh",
    "summary": "Heartbleed security advisory",
    "description": "This bug allows an attacker to read portions of the affected server’s memory, potentially disclosing sensitive information.",
    "type": "reviewed",
    "severity": "high",
    "source_code_location": "https://github.com/project/a-package",
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-abcd-1234-efgh"
      },
      {
        "type": "CVE",
        "value": "CVE-2050-00000"
      }
    ],
    "references": [
      "https://nvd.nist.gov/vuln/detail/CVE-2050-00000"
    ],
    "published_at": "2023-03-23T02:30:56Z",
    "updated_at": "2023-03-24T02:30:56Z",
    "github_reviewed_at": "2023-03-23T02:30:56Z",
    "nvd_published_at": "2023-03-25T02:30:56Z",
    "withdrawn_at": null,
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "npm",
          "name": "a-package"
        },
        "first_patched_version": "1.0.3",
        "vulnerable_version_range": "<=1.0.2",
        "vulnerable_functions": [
          "a_function"
        ]
      }
    ],
    "cvss": {
      "vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "score": 7.6
    },
    "cvss_severities": {
      "cvss_v3": {
        "vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
        "score": 7.6
      },
      "cvss_v4": {
        "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "score": 9.3
      }
    },
    "cwes": [
      {
        "cwe_id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      }
    ],
    "epss": [
      {
        "percentage": 0.00045,
        "percentile": "0.16001e0"
      }
    ],
    "credits": [
      {
        "user": {
          "login": "octocat",
          "id": 1,
          "node_id": "MDQ6VXNlcjE=",
          "avatar_url": "https://github.com/images/error/octocat_happy.gif",
          "gravatar_id": "",
          "url": "https://HOSTNAME/users/octocat",
          "html_url": "https://github.com/octocat",
          "followers_url": "https://HOSTNAME/users/octocat/followers",
          "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
          "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
          "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
          "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
          "organizations_url": "https://HOSTNAME/users/octocat/orgs",
          "repos_url": "https://HOSTNAME/users/octocat/repos",
          "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
          "received_events_url": "https://HOSTNAME/users/octocat/received_events",
          "type": "User",
          "site_admin": false
        },
        "type": "analyst"
      }
    ]
  }
]

Get a global security advisory

Gets a global security advisory using its GitHub Security Advisory (GHSA) identifier.

Подробные маркеры доступа для "Get a global security advisory

Эта конечная точка работает со следующими точными типами маркеров:

Для тонкого маркера не требуются разрешения.

Эту конечную точку можно использовать без проверки подлинности, если запрашиваются только общедоступные ресурсы.

Параметры для "Get a global security advisory"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`ghsa_id` string Обязательное поле The GHSA (GitHub Security Advisory) identifier of the advisory.

Коды состояния http-ответа для "Get a global security advisory"

Код состояния	Описание
`200`	OK
`404`	Resource not found

Примеры кода для "Get a global security advisory"

Пример запроса

get/advisories/{ghsa_id}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/advisories/GHSA_ID

Response

Status: 200

{
  "ghsa_id": "GHSA-abcd-1234-efgh",
  "cve_id": "CVE-2050-00000",
  "url": "https://HOSTNAME/advisories/GHSA-abcd-1234-efgh",
  "html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh",
  "repository_advisory_url": "https://HOSTNAME/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh",
  "summary": "A short summary of the advisory.",
  "description": "A detailed description of what the advisory entails.",
  "type": "reviewed",
  "severity": "high",
  "source_code_location": "https://github.com/project/a-package",
  "identifiers": [
    {
      "type": "GHSA",
      "value": "GHSA-abcd-1234-efgh"
    },
    {
      "type": "CVE",
      "value": "CVE-2050-00000"
    }
  ],
  "references": [
    "https://nvd.nist.gov/vuln/detail/CVE-2050-00000"
  ],
  "published_at": "2023-03-23T02:30:56Z",
  "updated_at": "2023-03-24T02:30:56Z",
  "github_reviewed_at": "2023-03-23T02:30:56Z",
  "nvd_published_at": "2023-03-25T02:30:56Z",
  "withdrawn_at": null,
  "vulnerabilities": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "a-package"
      },
      "first_patched_version": "1.0.3",
      "vulnerable_version_range": "<=1.0.2",
      "vulnerable_functions": [
        "a_function"
      ]
    }
  ],
  "cvss": {
    "vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
    "score": 7.6
  },
  "cvss_severities": {
    "cvss_v3": {
      "vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "score": 7.6
    },
    "cvss_v4": {
      "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "score": 9.3
    }
  },
  "cwes": [
    {
      "cwe_id": "CWE-400",
      "name": "Uncontrolled Resource Consumption"
    }
  ],
  "credits": [
    {
      "user": {
        "login": "octocat",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octocat_happy.gif",
        "gravatar_id": "",
        "url": "https://HOSTNAME/users/octocat",
        "html_url": "https://github.com/octocat",
        "followers_url": "https://HOSTNAME/users/octocat/followers",
        "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octocat/orgs",
        "repos_url": "https://HOSTNAME/users/octocat/repos",
        "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octocat/received_events",
        "type": "User",
        "site_admin": false
      },
      "type": "analyst"
    }
  ]
}