配置

Get code security configurations for an organization

Lists all code security configurations available in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Get code security configurations for an organization”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Get code security configurations for an organization”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.

查询参数
名称, 类型, 说明
`target_type` string The target type of the code security configuration 默认: `all` 可以是以下选项之一: `global`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." 默认: `30`
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

“Get code security configurations for an organization”的 HTTP 响应状态代码

状态代码	说明
`200`	OK
`403`	Forbidden
`404`	Resource not found

“Get code security configurations for an organization”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

get/orgs/{org}/code-security/configurations

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations

Response

Status: 200

[
  {
    "id": 17,
    "target_type": "global",
    "name": "GitHub recommended",
    "description": "Suggested settings for Dependabot, secret scanning, and code scanning.",
    "advanced_security": "enabled",
    "dependency_graph": "enabled",
    "dependency_graph_autosubmit_action": "not_set",
    "dependency_graph_autosubmit_action_options": {
      "labeled_runners": false
    },
    "dependabot_alerts": "enabled",
    "dependabot_security_updates": "not_set",
    "code_scanning_default_setup": "enabled",
    "secret_scanning": "enabled",
    "secret_scanning_push_protection": "enabled",
    "secret_scanning_delegated_bypass": "enabled",
    "secret_scanning_delegated_bypass_options": {
      "reviewers": [
        {
          "security_configuration_id": 17,
          "reviewer_id": 5678,
          "reviewer_type": "TEAM"
        }
      ]
    },
    "secret_scanning_validity_checks": "enabled",
    "secret_scanning_non_provider_patterns": "enabled",
    "private_vulnerability_reporting": "enabled",
    "enforcement": "enforced",
    "url": "https://api.github.com/orgs/octo-org/code-security/configurations/17",
    "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/view",
    "created_at": "2023-12-04T15:58:07Z",
    "updated_at": "2023-12-04T15:58:07Z"
  },
  {
    "id": 1326,
    "target_type": "organization",
    "name": "High risk settings",
    "description": "This is a code security configuration for octo-org high risk repositories",
    "advanced_security": "enabled",
    "dependency_graph": "enabled",
    "dependency_graph_autosubmit_action": "enabled",
    "dependency_graph_autosubmit_action_options": {
      "labeled_runners": false
    },
    "dependabot_alerts": "enabled",
    "dependabot_security_updates": "enabled",
    "code_scanning_default_setup": "enabled",
    "secret_scanning": "enabled",
    "secret_scanning_push_protection": "enabled",
    "secret_scanning_delegated_bypass": "disabled",
    "secret_scanning_validity_checks": "disabled",
    "secret_scanning_non_provider_patterns": "disabled",
    "private_vulnerability_reporting": "enabled",
    "enforcement": "enforced",
    "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1326",
    "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1326",
    "created_at": "2024-05-10T00:00:00Z",
    "updated_at": "2024-05-10T00:00:00Z"
  }
]

Create a code security configuration

Creates a code security configuration in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Create a code security configuration”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Create a code security configuration”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.

名称, 类型, 说明

name string 必须

The name of the code security configuration. Must be unique within the organization.

description string 必须

A description of the code security configuration

advanced_security string

The enablement status of GitHub Advanced Security

默认: disabled

可以是以下选项之一: enabled, disabled

dependency_graph string

The enablement status of Dependency Graph

默认: enabled

可以是以下选项之一: enabled, disabled, not_set

dependency_graph_autosubmit_action string

The enablement status of Automatic dependency submission

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

dependency_graph_autosubmit_action_options object

Feature options for Automatic dependency submission

Properties of dependency_graph_autosubmit_action_options

名称, 类型, 说明
`labeled_runners` boolean Whether to use runners labeled with 'dependency-submission' or standard GitHub runners. 默认: `false`

dependabot_alerts string

The enablement status of Dependabot alerts

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

dependabot_security_updates string

The enablement status of Dependabot security updates

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

code_scanning_default_setup string

The enablement status of code scanning default setup

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

secret_scanning string

The enablement status of secret scanning

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

secret_scanning_push_protection string

The enablement status of secret scanning push protection

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

secret_scanning_delegated_bypass string

The enablement status of secret scanning delegated bypass

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

secret_scanning_delegated_bypass_options object

Feature options for secret scanning delegated bypass

Properties of secret_scanning_delegated_bypass_options

名称, 类型, 说明

reviewers array of objects

The bypass reviewers for secret scanning delegated bypass

Properties of reviewers

名称, 类型, 说明
`reviewer_id` integer 必须 The ID of the team or role selected as a bypass reviewer
`reviewer_type` string 必须 The type of the bypass reviewer 可以是以下选项之一: `TEAM`, `ROLE`

secret_scanning_validity_checks string

The enablement status of secret scanning validity checks

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

secret_scanning_non_provider_patterns string

The enablement status of secret scanning non provider patterns

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

private_vulnerability_reporting string

The enablement status of private vulnerability reporting

默认: disabled

可以是以下选项之一: enabled, disabled, not_set

enforcement string

The enforcement status for a security configuration

默认: enforced

可以是以下选项之一: enforced, unenforced

“Create a code security configuration”的 HTTP 响应状态代码

状态代码	说明
`201`	Successfully created code security configuration

“Create a code security configuration”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

post/orgs/{org}/code-security/configurations

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations \
  -d '{"name":"octo-org recommended settings","description":"This is a code security configuration for octo-org","advanced_security":"enabled","dependabot_alerts":"enabled","dependabot_security_updates":"not_set","secret_scanning":"enabled"}'

Successfully created code security configuration

Status: 201

{
  "id": 1325,
  "target_type": "organization",
  "name": "octo-org recommended settings",
  "description": "This is a code security configuration for octo-org",
  "advanced_security": "enabled",
  "dependency_graph": "enabled",
  "dependency_graph_autosubmit_action": "enabled",
  "dependency_graph_autosubmit_action_options": {
    "labeled_runners": false
  },
  "dependabot_alerts": "enabled",
  "dependabot_security_updates": "not_set",
  "code_scanning_default_setup": "disabled",
  "secret_scanning": "enabled",
  "secret_scanning_push_protection": "disabled",
  "secret_scanning_delegated_bypass": "disabled",
  "secret_scanning_validity_checks": "disabled",
  "secret_scanning_non_provider_patterns": "disabled",
  "private_vulnerability_reporting": "disabled",
  "enforcement": "enforced",
  "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
  "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
  "created_at": "2024-05-01T00:00:00Z",
  "updated_at": "2024-05-01T00:00:00Z"
}

Get default code security configurations

Lists the default code security configurations for an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Get default code security configurations”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Get default code security configurations”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.

“Get default code security configurations”的 HTTP 响应状态代码

状态代码	说明
`200`	OK
`304`	Not modified
`403`	Forbidden
`404`	Resource not found

“Get default code security configurations”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

get/orgs/{org}/code-security/configurations/defaults

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/defaults

Response

Status: 200

[
  {
    "default_for_new_repos": "public",
    "configuration": {
      "id": 1325,
      "target_type": "organization",
      "name": "octo-org recommended settings",
      "description": "This is a code security configuration for octo-org",
      "advanced_security": "enabled",
      "dependency_graph": "enabled",
      "dependency_graph_autosubmit_action": "not_set",
      "dependency_graph_autosubmit_action_options": {
        "labeled_runners": false
      },
      "dependabot_alerts": "enabled",
      "dependabot_security_updates": "not_set",
      "code_scanning_default_setup": "enabled",
      "secret_scanning": "enabled",
      "secret_scanning_push_protection": "enabled",
      "secret_scanning_delegated_bypass": "enabled",
      "secret_scanning_delegated_bypass_options": {
        "reviewers": [
          {
            "security_configuration_id": 1325,
            "reviewer_id": 5678,
            "reviewer_type": "TEAM"
          }
        ]
      },
      "secret_scanning_validity_checks": "enabled",
      "secret_scanning_non_provider_patterns": "enabled",
      "private_vulnerability_reporting": "enabled",
      "enforcement": "enforced",
      "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
      "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
      "created_at": "2024-05-01T00:00:00Z",
      "updated_at": "2024-05-01T00:00:00Z"
    }
  },
  {
    "default_for_new_repos": "private_and_internal",
    "configuration": {
      "id": 17,
      "target_type": "global",
      "name": "GitHub recommended",
      "description": "Suggested settings for Dependabot, secret scanning, and code scanning.",
      "advanced_security": "enabled",
      "dependency_graph": "enabled",
      "dependency_graph_autosubmit_action": "not_set",
      "dependency_graph_autosubmit_action_options": {
        "labeled_runners": false
      },
      "dependabot_alerts": "enabled",
      "dependabot_security_updates": "not_set",
      "code_scanning_default_setup": "enabled",
      "secret_scanning": "enabled",
      "secret_scanning_push_protection": "enabled",
      "secret_scanning_delegated_bypass": "disabled",
      "secret_scanning_validity_checks": "disabled",
      "private_vulnerability_reporting": "enabled",
      "enforcement": "enforced",
      "url": "https://api.github.com/orgs/octo-org/code-security/configurations/17",
      "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/view",
      "created_at": "2023-12-04T15:58:07Z",
      "updated_at": "2023-12-04T15:58:07Z"
    }
  }
]

Detach configurations from repositories

Detach code security configuration(s) from a set of repositories. Repositories will retain their settings but will no longer be associated with the configuration.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Detach configurations from repositories”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Detach configurations from repositories”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.

正文参数
名称, 类型, 说明
`selected_repository_ids` array of integers An array of repository IDs to detach from configurations.

“Detach configurations from repositories”的 HTTP 响应状态代码

状态代码	说明
`204`	A header with no content is returned.
`400`	Bad Request
`403`	Forbidden
`404`	Resource not found
`409`	Conflict

“Detach configurations from repositories”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

delete/orgs/{org}/code-security/configurations/detach

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/detach \
  -d '{"selected_repository_ids":[32,91]}'

A header with no content is returned.

Status: 204

Get a code security configuration

Gets a code security configuration available in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Get a code security configuration”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Get a code security configuration”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.
`configuration_id` integer 必须 The unique identifier of the code security configuration.

“Get a code security configuration”的 HTTP 响应状态代码

状态代码	说明
`200`	OK
`304`	Not modified
`403`	Forbidden
`404`	Resource not found

“Get a code security configuration”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

get/orgs/{org}/code-security/configurations/{configuration_id}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID

Response

Status: 200

{
  "id": 1325,
  "target_type": "organization",
  "name": "octo-org recommended settings",
  "description": "This is a code security configuration for octo-org",
  "advanced_security": "enabled",
  "dependency_graph": "enabled",
  "dependency_graph_autosubmit_action": "enabled",
  "dependency_graph_autosubmit_action_options": {
    "labeled_runners": false
  },
  "dependabot_alerts": "enabled",
  "dependabot_security_updates": "not_set",
  "code_scanning_default_setup": "disabled",
  "secret_scanning": "enabled",
  "secret_scanning_push_protection": "disabled",
  "secret_scanning_delegated_bypass": "disabled",
  "secret_scanning_validity_checks": "disabled",
  "secret_scanning_non_provider_patterns": "disabled",
  "private_vulnerability_reporting": "disabled",
  "enforcement": "enforced",
  "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
  "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
  "created_at": "2024-05-01T00:00:00Z",
  "updated_at": "2024-05-01T00:00:00Z"
}

Update a code security configuration

Updates a code security configuration in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Update a code security configuration”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Update a code security configuration”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.
`configuration_id` integer 必须 The unique identifier of the code security configuration.

名称, 类型, 说明

name string

The name of the code security configuration. Must be unique within the organization.

description string

A description of the code security configuration

advanced_security string

The enablement status of GitHub Advanced Security

可以是以下选项之一: enabled, disabled

dependency_graph string

The enablement status of Dependency Graph

可以是以下选项之一: enabled, disabled, not_set

dependency_graph_autosubmit_action string

The enablement status of Automatic dependency submission

可以是以下选项之一: enabled, disabled, not_set

dependency_graph_autosubmit_action_options object

Feature options for Automatic dependency submission

Properties of dependency_graph_autosubmit_action_options

名称, 类型, 说明
`labeled_runners` boolean Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.

dependabot_alerts string

The enablement status of Dependabot alerts

可以是以下选项之一: enabled, disabled, not_set

dependabot_security_updates string

The enablement status of Dependabot security updates

可以是以下选项之一: enabled, disabled, not_set

code_scanning_default_setup string

The enablement status of code scanning default setup

可以是以下选项之一: enabled, disabled, not_set

secret_scanning string

The enablement status of secret scanning

可以是以下选项之一: enabled, disabled, not_set

secret_scanning_push_protection string

The enablement status of secret scanning push protection

可以是以下选项之一: enabled, disabled, not_set

secret_scanning_delegated_bypass string

The enablement status of secret scanning delegated bypass

可以是以下选项之一: enabled, disabled, not_set

secret_scanning_delegated_bypass_options object

Feature options for secret scanning delegated bypass

Properties of secret_scanning_delegated_bypass_options

名称, 类型, 说明

reviewers array of objects

The bypass reviewers for secret scanning delegated bypass

Properties of reviewers

名称, 类型, 说明
`reviewer_id` integer 必须 The ID of the team or role selected as a bypass reviewer
`reviewer_type` string 必须 The type of the bypass reviewer 可以是以下选项之一: `TEAM`, `ROLE`

secret_scanning_validity_checks string

The enablement status of secret scanning validity checks

可以是以下选项之一: enabled, disabled, not_set

secret_scanning_non_provider_patterns string

The enablement status of secret scanning non-provider patterns

可以是以下选项之一: enabled, disabled, not_set

private_vulnerability_reporting string

The enablement status of private vulnerability reporting

可以是以下选项之一: enabled, disabled, not_set

enforcement string

The enforcement status for a security configuration

可以是以下选项之一: enforced, unenforced

“Update a code security configuration”的 HTTP 响应状态代码

状态代码	说明
`200`	Response when a configuration is updated
`204`	Response when no new updates are made

“Update a code security configuration”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

patch/orgs/{org}/code-security/configurations/{configuration_id}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID \
  -d '{"name":"octo-org recommended settings v2","secret_scanning":"disabled","code_scanning_default_setup":"enabled"}'

Response when a configuration is updated

Status: 200

{
  "id": 1325,
  "target_type": "organization",
  "name": "octo-org recommended settings v2",
  "description": "This is a code security configuration for octo-org",
  "advanced_security": "enabled",
  "dependency_graph": "enabled",
  "dependency_graph_autosubmit_action": "enabled",
  "dependency_graph_autosubmit_action_options": {
    "labeled_runners": false
  },
  "dependabot_alerts": "enabled",
  "dependabot_security_updates": "not_set",
  "code_scanning_default_setup": "enabled",
  "secret_scanning": "disabled",
  "secret_scanning_push_protection": "disabled",
  "secret_scanning_delegated_bypass": "disabled",
  "secret_scanning_validity_checks": "disabled",
  "secret_scanning_non_provider_patterns": "disabled",
  "private_vulnerability_reporting": "disabled",
  "enforcement": "enforced",
  "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
  "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
  "created_at": "2024-05-01T00:00:00Z",
  "updated_at": "2024-05-01T00:00:00Z"
}

Delete a code security configuration

Deletes the desired code security configuration from an organization. Repositories attached to the configuration will retain their settings but will no longer be associated with the configuration.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Delete a code security configuration”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Delete a code security configuration”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.
`configuration_id` integer 必须 The unique identifier of the code security configuration.

“Delete a code security configuration”的 HTTP 响应状态代码

状态代码	说明
`204`	A header with no content is returned.
`400`	Bad Request
`403`	Forbidden
`404`	Resource not found
`409`	Conflict

“Delete a code security configuration”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

delete/orgs/{org}/code-security/configurations/{configuration_id}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID

A header with no content is returned.

Status: 204

Attach a configuration to repositories

Attach a code security configuration to a set of repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.

If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Attach a configuration to repositories”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Attach a configuration to repositories”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.
`configuration_id` integer 必须 The unique identifier of the code security configuration.

正文参数
名称, 类型, 说明
`scope` string 必须 The type of repositories to attach the configuration to. `selected` means the configuration will be attached to only the repositories specified by `selected_repository_ids` 可以是以下选项之一: `all`, `all_without_configurations`, `public`, `private_or_internal`, `selected`
`selected_repository_ids` array of integers An array of repository IDs to attach the configuration to. You can only provide a list of repository ids when the `scope` is set to `selected`.

“Attach a configuration to repositories”的 HTTP 响应状态代码

状态代码	说明
`202`	Accepted

“Attach a configuration to repositories”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

post/orgs/{org}/code-security/configurations/{configuration_id}/attach

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/attach \
  -d '{"scope":"selected","selected_repository_ids":[32,91]}'

Accepted

Status: 202

Set a code security configuration as a default for an organization

Sets a code security configuration as a default to be applied to new repositories in your organization.

This configuration will be applied to the matching repository type (all, none, public, private and internal) by default when they are created.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Set a code security configuration as a default for an organization”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Set a code security configuration as a default for an organization”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.
`configuration_id` integer 必须 The unique identifier of the code security configuration.

正文参数
名称, 类型, 说明
`default_for_new_repos` string Specify which types of repository this security configuration should be applied to by default. 可以是以下选项之一: `all`, `none`, `private_and_internal`, `public`

“Set a code security configuration as a default for an organization”的 HTTP 响应状态代码

状态代码	说明
`200`	Default successfully changed.
`403`	Forbidden
`404`	Resource not found

“Set a code security configuration as a default for an organization”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

put/orgs/{org}/code-security/configurations/{configuration_id}/defaults

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/defaults \
  -d '{"default_for_new_repos":"all"}'

Default successfully changed.

Status: 200

{
  "default_for_new_repos": "all",
  "configuration": {
    "value": {
      "id": 1325,
      "target_type": "organization",
      "name": "octo-org recommended settings",
      "description": "This is a code security configuration for octo-org",
      "advanced_security": "enabled",
      "dependency_graph": "enabled",
      "dependency_graph_autosubmit_action": "enabled",
      "dependency_graph_autosubmit_action_options": {
        "labeled_runners": false
      },
      "dependabot_alerts": "enabled",
      "dependabot_security_updates": "not_set",
      "code_scanning_default_setup": "disabled",
      "secret_scanning": "enabled",
      "secret_scanning_push_protection": "disabled",
      "secret_scanning_delegated_bypass": "disabled",
      "secret_scanning_validity_checks": "disabled",
      "secret_scanning_non_provider_patterns": "disabled",
      "private_vulnerability_reporting": "disabled",
      "enforcement": "enforced",
      "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
      "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
      "created_at": "2024-05-01T00:00:00Z",
      "updated_at": "2024-05-01T00:00:00Z"
    }
  }
}

Get repositories associated with a code security configuration

Lists the repositories associated with a code security configuration in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

“Get repositories associated with a code security configuration”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" organization permissions (write)

“Get repositories associated with a code security configuration”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`org` string 必须 The organization name. The name is not case sensitive.
`configuration_id` integer 必须 The unique identifier of the code security configuration.

查询参数
名称, 类型, 说明
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." 默认: `30`
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."
`status` string A comma-separated list of statuses. If specified, only repositories with these attachment statuses will be returned. Can be: `all`, `attached`, `attaching`, `detached`, `removed`, `enforced`, `failed`, `updating`, `removed_by_enterprise` 默认: `all`

“Get repositories associated with a code security configuration”的 HTTP 响应状态代码

状态代码	说明
`200`	OK
`403`	Forbidden
`404`	Resource not found

“Get repositories associated with a code security configuration”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

get/orgs/{org}/code-security/configurations/{configuration_id}/repositories

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/repositories

Example of code security configuration repositories

Status: 200

[
  {
    "status": "attached",
    "repository": {
      "value": {
        "id": 1296269,
        "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
        "name": "Hello-World",
        "full_name": "octocat/Hello-World",
        "owner": {
          "login": "octocat",
          "id": 1,
          "node_id": "MDQ6VXNlcjE=",
          "avatar_url": "https://github.com/images/error/octocat_happy.gif",
          "gravatar_id": "",
          "url": "https://api.github.com/users/octocat",
          "html_url": "https://github.com/octocat",
          "followers_url": "https://api.github.com/users/octocat/followers",
          "following_url": "https://api.github.com/users/octocat/following{/other_user}",
          "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
          "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
          "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
          "organizations_url": "https://api.github.com/users/octocat/orgs",
          "repos_url": "https://api.github.com/users/octocat/repos",
          "events_url": "https://api.github.com/users/octocat/events{/privacy}",
          "received_events_url": "https://api.github.com/users/octocat/received_events",
          "type": "User",
          "site_admin": false
        },
        "private": false,
        "html_url": "https://github.com/octocat/Hello-World",
        "description": "This your first repo!",
        "fork": false,
        "url": "https://api.github.com/repos/octocat/Hello-World",
        "archive_url": "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
        "assignees_url": "https://api.github.com/repos/octocat/Hello-World/assignees{/user}",
        "blobs_url": "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
        "branches_url": "https://api.github.com/repos/octocat/Hello-World/branches{/branch}",
        "collaborators_url": "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
        "comments_url": "https://api.github.com/repos/octocat/Hello-World/comments{/number}",
        "commits_url": "https://api.github.com/repos/octocat/Hello-World/commits{/sha}",
        "compare_url": "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
        "contents_url": "https://api.github.com/repos/octocat/Hello-World/contents/{+path}",
        "contributors_url": "https://api.github.com/repos/octocat/Hello-World/contributors",
        "deployments_url": "https://api.github.com/repos/octocat/Hello-World/deployments",
        "downloads_url": "https://api.github.com/repos/octocat/Hello-World/downloads",
        "events_url": "https://api.github.com/repos/octocat/Hello-World/events",
        "forks_url": "https://api.github.com/repos/octocat/Hello-World/forks",
        "git_commits_url": "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
        "git_refs_url": "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
        "git_tags_url": "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
        "git_url": "git:github.com/octocat/Hello-World.git",
        "issue_comment_url": "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
        "issue_events_url": "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
        "issues_url": "https://api.github.com/repos/octocat/Hello-World/issues{/number}",
        "keys_url": "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
        "labels_url": "https://api.github.com/repos/octocat/Hello-World/labels{/name}",
        "languages_url": "https://api.github.com/repos/octocat/Hello-World/languages",
        "merges_url": "https://api.github.com/repos/octocat/Hello-World/merges",
        "milestones_url": "https://api.github.com/repos/octocat/Hello-World/milestones{/number}",
        "notifications_url": "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
        "pulls_url": "https://api.github.com/repos/octocat/Hello-World/pulls{/number}",
        "releases_url": "https://api.github.com/repos/octocat/Hello-World/releases{/id}",
        "ssh_url": "git@github.com:octocat/Hello-World.git",
        "stargazers_url": "https://api.github.com/repos/octocat/Hello-World/stargazers",
        "statuses_url": "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
        "subscribers_url": "https://api.github.com/repos/octocat/Hello-World/subscribers",
        "subscription_url": "https://api.github.com/repos/octocat/Hello-World/subscription",
        "tags_url": "https://api.github.com/repos/octocat/Hello-World/tags",
        "teams_url": "https://api.github.com/repos/octocat/Hello-World/teams",
        "trees_url": "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
        "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks"
      }
    }
  }
]

Get the code security configuration associated with a repository

Get the code security configuration that manages a repository's code security settings.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.

“Get the code security configuration associated with a repository”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

"Administration" repository permissions (read)

“Get the code security configuration associated with a repository”的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`owner` string 必须 The account owner of the repository. The name is not case sensitive.
`repo` string 必须 The name of the repository without the `.git` extension. The name is not case sensitive.

“Get the code security configuration associated with a repository”的 HTTP 响应状态代码

状态代码	说明
`200`	OK
`204`	A header with no content is returned.
`304`	Not modified
`403`	Forbidden
`404`	Resource not found

“Get the code security configuration associated with a repository”的示例代码

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

请求示例

get/repos/{owner}/{repo}/code-security-configuration

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/code-security-configuration

Response

Status: 200

{
  "status": "attached",
  "configuration": {
    "id": 1325,
    "target_type": "organization",
    "name": "octo-org recommended settings",
    "description": "This is a code security configuration for octo-org",
    "advanced_security": "enabled",
    "dependency_graph": "enabled",
    "dependency_graph_autosubmit_action": "enabled",
    "dependency_graph_autosubmit_action_options": {
      "labeled_runners": false
    },
    "dependabot_alerts": "enabled",
    "dependabot_security_updates": "not_set",
    "code_scanning_default_setup": "disabled",
    "secret_scanning": "enabled",
    "secret_scanning_push_protection": "disabled",
    "secret_scanning_delegated_bypass": "disabled",
    "secret_scanning_validity_checks": "disabled",
    "secret_scanning_non_provider_patterns": "disabled",
    "private_vulnerability_reporting": "disabled",
    "enforcement": "enforced",
    "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
    "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
    "created_at": "2024-05-01T00:00:00Z",
    "updated_at": "2024-05-01T00:00:00Z"
  }
}