Skip to main content

此版本的 GitHub Enterprise Server 已于以下日期停止服务 2024-03-26. 即使针对重大安全问题,也不会发布补丁。 为了获得更好的性能、更高的安全性和新功能,请升级到最新版本的 GitHub Enterprise。 如需升级帮助,请联系 GitHub Enterprise 支持

站点管理员将企业服务器实例升级为 Enterprise Server 3.9 或更高版本后,REST API 将进行版本控制。 若要了解如何查找实例的版本,请参阅“关于 GitHub Docs 的版本”。 有关详细信息,请参阅“关于 API 版本控制”。

适用于依赖项评审的 REST API 终结点

使用 REST API 与依赖项更改交互。

关于依赖项评审

在将依赖项更改添加到环境之前,可使用 REST API 查看这些更改以及它们的安全影响。 可以查看存储库的两次提交之间的依赖项差异,包括具有已知漏洞的任何版本更新的漏洞数据。 有关依赖项评审的详细信息,请参阅“关于依赖项评审”。

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

“Get a diff of the dependencies between commits”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
owner string 必须

The account owner of the repository. The name is not case sensitive.

repo string 必须

The name of the repository without the .git extension. The name is not case sensitive.

basehead string 必须

The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format {base}...{head}.

查询参数
名称, 类型, 说明
name string

The full path, relative to the repository root, of the dependency manifest file.

“Get a diff of the dependencies between commits”的 HTTP 响应状态代码

状态代码说明
200

OK

403

Response if GitHub Advanced Security is not enabled for this repository

404

Resource not found

“Get a diff of the dependencies between commits”的示例代码

请求示例

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200
[ { "change_type": "removed", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "4.6.0", "package_url": "pkg:npm/helmet@4.6.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "5.0.0", "package_url": "pkg:npm/helmet@5.0.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "Gemfile", "ecosystem": "rubygems", "name": "ruby-openid", "version": "2.7.0", "package_url": "pkg:gem/ruby-openid@2.7.0", "license": null, "source_repository_url": "https://github.com/openid/ruby-openid", "vulnerabilities": [ { "severity": "critical", "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49", "advisory_summary": "Ruby OpenID", "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49" } ] } ]