适用于依赖项评审的 REST API 终结点

关于依赖项评审

在将依赖项更改添加到环境之前，可使用 REST API 查看这些更改以及它们的安全影响。可以查看存储库的两次提交之间的依赖项差异，包括具有已知漏洞的任何版本更新的漏洞数据。有关依赖项评审的详细信息，请参阅“关于依赖项评审”。

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

Fine-grained access tokens for "Get a diff of the dependencies between commits"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Contents" repository permissions (read)

This endpoint can be used without authentication or the aforementioned permissions if only public resources are requested.

“”Get a diff of the dependencies between commits 的参数

标头
名称, 类型, 说明
`accept` string Setting to `application/vnd.github+json` is recommended.

路径参数
名称, 类型, 说明
`owner` string 必须 The account owner of the repository. The name is not case sensitive.
`repo` string 必须 The name of the repository without the `.git` extension. The name is not case sensitive.
`basehead` string 必须 The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format `{base}...{head}`.

查询参数
名称, 类型, 说明
`name` string The full path, relative to the repository root, of the dependency manifest file.

HTTP response status codes for "Get a diff of the dependencies between commits"

Status code	说明
`200`	OK
`403`	Response for a private repository when GitHub Advanced Security is not enabled, or if used against a fork
`404`	Resource not found

Code samples for "Get a diff of the dependencies between commits"

Request example

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200

[
  {
    "change_type": "removed",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "4.6.0",
    "package_url": "pkg:npm/helmet@4.6.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "5.0.0",
    "package_url": "pkg:npm/helmet@5.0.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "Gemfile",
    "ecosystem": "rubygems",
    "name": "ruby-openid",
    "version": "2.7.0",
    "package_url": "pkg:gem/ruby-openid@2.7.0",
    "license": null,
    "source_repository_url": "https://github.com/openid/ruby-openid",
    "vulnerabilities": [
      {
        "severity": "critical",
        "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
        "advisory_summary": "Ruby OpenID",
        "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
      }
    ]
  }
]