用于安全活动的 REST API 终结点

注意

这些终结点仅与已发布的活动进行交互。当前无法通过 API 查看或管理草稿活动。

List campaigns for an organization

Lists campaigns in an organization.

The authenticated user must be an owner or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

“List campaigns for an organization”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Campaigns" organization permissions (read)

“List campaigns for an organization”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.

查询参数
名称, 类型, 说明
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." 默认: `1`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." 默认: `30`
`direction` string The direction to sort the results by. 默认: `desc` 可以是以下选项之一: `asc`, `desc`
`state` string If specified, only campaigns with this state will be returned. 可以是以下选项之一: `open`, `closed`
`sort` string The property by which to sort the results. 默认: `created` 可以是以下选项之一: `created`, `updated`, `ends_at`, `published`

“List campaigns for an organization”的 HTTP 响应状态代码

状态代码	说明
`200`	OK
`404`	Resource not found
`503`	Service unavailable

“List campaigns for an organization”的示例代码

如果你通过 GHE.com 访问 GitHub，请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

get/orgs/{org}/campaigns

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/campaigns

Response

Status: 200

[
  {
    "number": 3,
    "created_at": "2024-02-14T12:29:18Z",
    "updated_at": "2024-02-14T12:29:18Z",
    "name": "Critical CodeQL alert",
    "description": "Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.",
    "managers": [
      {
        "login": "octocat",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octocat_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octocat",
        "html_url": "https://github.com/octocat",
        "followers_url": "https://api.github.com/users/octocat/followers",
        "following_url": "https://api.github.com/users/octocat/following{/other_user}",
        "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
        "organizations_url": "https://api.github.com/users/octocat/orgs",
        "repos_url": "https://api.github.com/users/octocat/repos",
        "events_url": "https://api.github.com/users/octocat/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octocat/received_events",
        "type": "User",
        "site_admin": false
      }
    ],
    "ends_at": "2024-03-14T12:29:18Z",
    "closed_at": null,
    "state": "open"
  },
  {
    "number": 4,
    "created_at": "2024-03-30T12:29:18Z",
    "updated_at": "2024-03-30T12:29:18Z",
    "name": "Mitre top 10 KEV",
    "description": "Remediate the MITRE Top 10 KEV (Known Exploited Vulnerabilities) to enhance security by addressing vulnerabilities actively exploited by attackers. This reduces risk, prevents breaches and can help protect sensitive data.",
    "managers": [
      {
        "login": "octocat",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octocat_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octocat",
        "html_url": "https://github.com/octocat",
        "followers_url": "https://api.github.com/users/octocat/followers",
        "following_url": "https://api.github.com/users/octocat/following{/other_user}",
        "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
        "organizations_url": "https://api.github.com/users/octocat/orgs",
        "repos_url": "https://api.github.com/users/octocat/repos",
        "events_url": "https://api.github.com/users/octocat/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octocat/received_events",
        "type": "User",
        "site_admin": false
      }
    ],
    "ends_at": "2024-04-30T12:29:18Z",
    "closed_at": null,
    "state": "open"
  }
]

Create a campaign for an organization

Create a campaign for an organization.

The authenticated user must be an owner or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained tokens must have the "Code scanning alerts" repository permissions (read) on all repositories included in the campaign.

“Create a campaign for an organization”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Campaigns" organization permissions (write)

“Create a campaign for an organization”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.

“Create a campaign for an organization”的 HTTP 响应状态代码

状态代码	说明
`200`	OK
`400`	Bad Request
`404`	Resource not found
`422`	Unprocessable Entity
`429`	Too Many Requests
`503`	Service unavailable

“Create a campaign for an organization”的示例代码

如果你通过 GHE.com 访问 GitHub，请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

post/orgs/{org}/campaigns

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/campaigns \
  -d '{"name":"Critical CodeQL alerts","description":"Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.","managers":["octocat"],"ends_at":"2024-03-14T00:00:00Z","code_scanning_alerts":[{"repository_id":1296269,"alert_numbers":[1,2]}]}'

Response

Status: 200

{
  "number": 3,
  "created_at": "2024-02-14T12:29:18Z",
  "updated_at": "2024-02-14T12:29:18Z",
  "name": "Critical CodeQL alert",
  "description": "Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.",
  "managers": [
    {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    }
  ],
  "published_at": "2024-02-14T12:29:18Z",
  "ends_at": "2024-03-14T12:29:18Z",
  "closed_at": null,
  "state": "open",
  "alert_stats": {
    "open_count": 10,
    "closed_count": 3,
    "in_progress_count": 3
  }
}

Get a campaign for an organization

Gets a campaign for an organization.

The authenticated user must be an owner or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

“Get a campaign for an organization”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Campaigns" organization permissions (read)

“Get a campaign for an organization”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.
`campaign_number` integer 必须 The campaign number.

“Get a campaign for an organization”的 HTTP 响应状态代码

状态代码	说明
`200`	OK
`404`	Resource not found
`422`	Unprocessable Entity
`503`	Service unavailable

“Get a campaign for an organization”的示例代码

如果你通过 GHE.com 访问 GitHub，请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

get/orgs/{org}/campaigns/{campaign_number}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/campaigns/CAMPAIGN_NUMBER

Response

Status: 200

{
  "number": 3,
  "created_at": "2024-02-14T12:29:18Z",
  "updated_at": "2024-02-14T12:29:18Z",
  "name": "Critical CodeQL alert",
  "description": "Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.",
  "managers": [
    {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    }
  ],
  "published_at": "2024-02-14T12:29:18Z",
  "ends_at": "2024-03-14T12:29:18Z",
  "closed_at": null,
  "state": "open",
  "alert_stats": {
    "open_count": 10,
    "closed_count": 3,
    "in_progress_count": 3
  }
}

Update a campaign

Updates a campaign in an organization.

The authenticated user must be an owner or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

“Update a campaign”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Campaigns" organization permissions (write)

“Update a campaign”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.
`campaign_number` integer 必须 The campaign number.

正文参数
名称, 类型, 说明
`name` string The name of the campaign
`description` string A description for the campaign
`managers` array of strings The logins of the users to set as the campaign managers. At this time, only a single manager can be supplied.
`team_managers` array of strings The slugs of the teams to set as the campaign managers.
`ends_at` string The end date and time of the campaign, in ISO 8601 format':' YYYY-MM-DDTHH:MM:SSZ.
`contact_link` string or null The contact link of the campaign. Must be a URI.
`state` string Indicates whether a campaign is open or closed 可以是以下选项之一: `open`, `closed`

“Update a campaign”的 HTTP 响应状态代码

状态代码	说明
`200`	OK
`400`	Bad Request
`404`	Resource not found
`422`	Unprocessable Entity
`503`	Service unavailable

“Update a campaign”的示例代码

如果你通过 GHE.com 访问 GitHub，请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

patch/orgs/{org}/campaigns/{campaign_number}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/campaigns/CAMPAIGN_NUMBER \
  -d '{"name":"Critical CodeQL alerts"}'

Response

Status: 200

{
  "number": 3,
  "created_at": "2024-02-14T12:29:18Z",
  "updated_at": "2024-02-14T12:29:18Z",
  "name": "Critical CodeQL alert",
  "description": "Address critical alerts before they are exploited to prevent breaches, protect sensitive data, and mitigate financial and reputational damage.",
  "managers": [
    {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    }
  ],
  "published_at": "2024-02-14T12:29:18Z",
  "ends_at": "2024-03-14T12:29:18Z",
  "closed_at": null,
  "state": "open",
  "alert_stats": {
    "open_count": 10,
    "closed_count": 3,
    "in_progress_count": 3
  }
}

Delete a campaign for an organization

Deletes a campaign in an organization.

The authenticated user must be an owner or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

“Delete a campaign for an organization”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Campaigns" organization permissions (write)

“Delete a campaign for an organization”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.
`campaign_number` integer 必须 The campaign number.

“Delete a campaign for an organization”的 HTTP 响应状态代码

状态代码	说明
`204`	Deletion successful
`404`	Resource not found
`503`	Service unavailable

“Delete a campaign for an organization”的示例代码

如果你通过 GHE.com 访问 GitHub，请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

delete/orgs/{org}/campaigns/{campaign_number}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/campaigns/CAMPAIGN_NUMBER

Deletion successful

Status: 204