适用于依赖项评审的 REST API 终结点
使用 REST API 与依赖项更改交互。
关于依赖项评审
在将依赖项更改添加到环境之前,可使用 REST API 查看这些更改以及它们的安全影响。 可以查看存储库的两次提交之间的依赖项差异,包括具有已知漏洞的任何版本更新的漏洞数据。 有关依赖项评审的详细信息,请参阅 关于依赖项评审。
Get a diff of the dependencies between commits
Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.
“Get a diff of the dependencies between commits”的细粒度访问令牌
此端点支持以下精细令牌类型:
精细令牌必须具有以下权限集:
- "Contents" repository permissions (read)
如果仅请求公共资源,则无需身份验证或上述权限即可使用此终结点。
“Get a diff of the dependencies between commits”的参数
名称, 类型, 说明 |
---|
accept string Setting to |
名称, 类型, 说明 |
---|
owner string 必须The account owner of the repository. The name is not case sensitive. |
repo string 必须The name of the repository without the |
basehead string 必须The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format |
名称, 类型, 说明 |
---|
name string The full path, relative to the repository root, of the dependency manifest file. |
“Get a diff of the dependencies between commits”的 HTTP 响应状态代码
状态代码 | 说明 |
---|---|
200 | OK |
403 | Response if GitHub Advanced Security is not enabled for this repository |
404 | Resource not found |
“Get a diff of the dependencies between commits”的示例代码
请求示例
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD
Response
Status: 200
[
{
"change_type": "removed",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "4.6.0",
"package_url": "pkg:npm/helmet@4.6.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "5.0.0",
"package_url": "pkg:npm/helmet@5.0.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "Gemfile",
"ecosystem": "rubygems",
"name": "ruby-openid",
"version": "2.7.0",
"package_url": "pkg:gem/ruby-openid@2.7.0",
"license": null,
"source_repository_url": "https://github.com/openid/ruby-openid",
"vulnerabilities": [
{
"severity": "critical",
"advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
"advisory_summary": "Ruby OpenID",
"advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
}
]
}
]