Проверка зависимостей
Используйте REST API для взаимодействия с изменениями зависимостей.
Сведения о проверке зависимостей
Вы можете использовать REST API для просмотра изменений зависимостей и влияния этих изменений на безопасность перед их добавлением в среду. Вы можете просматривать различия в зависимостях между двумя фиксациями репозитория, включая данные об уязвимостях в любых обновлениях версий с известными уязвимостями. Дополнительные сведения о проверке зависимостей см. в разделе Сведения о проверке зависимостей.
Get a diff of the dependencies between commits
Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.
Параметры для "Get a diff of the dependencies between commits"
Заголовки |
---|
Имя, Тип, Описание |
accept string Setting to |
Параметры пути |
Имя, Тип, Описание |
owner string ОбязательноThe account owner of the repository. The name is not case sensitive. |
repo string ОбязательноThe name of the repository. The name is not case sensitive. |
basehead string ОбязательноThe base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format |
Параметры запроса |
Имя, Тип, Описание |
name string The full path, relative to the repository root, of the dependency manifest file. |
Коды состояния HTTP-ответа для "Get a diff of the dependencies between commits"
Код состояния | Описание |
---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Примеры кода для "Get a diff of the dependencies between commits"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD
Response
Status: 200
[
{
"change_type": "removed",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "4.6.0",
"package_url": "pkg:npm/helmet@4.6.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "5.0.0",
"package_url": "pkg:npm/helmet@5.0.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "Gemfile",
"ecosystem": "rubygems",
"name": "ruby-openid",
"version": "2.7.0",
"package_url": "pkg:gem/ruby-openid@2.7.0",
"license": null,
"source_repository_url": "https://github.com/openid/ruby-openid",
"vulnerabilities": [
{
"severity": "critical",
"advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
"advisory_summary": "Ruby OpenID",
"advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
}
]
}
]