REST API 现在已版本化。 有关更多信息,请参阅 "关于 API 版本控制."
Dependabot 警报的 REST API 端点
使用 REST API 与仓库的 Dependabot 警报进行交互。
注意:目前,使用 REST API 管理 Dependabot 警报的功能处于公开测试阶段,可能会发生变化。
关于 Dependabot 警报
您可以使用 REST API 查看仓库的 Dependabot 警报并更新单个警报。有关更多信息,请参阅 "关于 Dependabot 警报."
列出企业中的 Dependabot 警报
列出指定企业拥有的仓库的 Dependabot 警报。
经过身份验证的用户必须是该企业的成员才能使用此端点。
仅返回您是组织所有者或安全管理员的企业中组织的警报。有关安全管理员的更多信息,请参阅 "在组织中管理安全管理员."
OAuth 应用令牌和个人访问令牌(经典)需要 repo 或 security_events 范围才能使用此端点。
用于“列出企业中的 Dependabot 警报”的细粒度访问令牌
此端点不适用于 GitHub 应用用户访问令牌、GitHub 应用安装访问令牌或细粒度个人访问令牌。
用于“列出企业中的 Dependabot 警报”的参数
| 名称、类型、描述 |
|---|
accept string 建议设置为 |
| 名称、类型、描述 |
|---|
enterprise 字符串 必需企业名称的 slug 版本。您也可以用企业 ID 替换此值。 |
| 名称、类型、描述 |
|---|
state 字符串 以逗号分隔的状态列表。如果指定,则只返回具有这些状态的警报。 可以是: |
severity 字符串 以逗号分隔的严重性列表。如果指定,则只返回具有这些严重性的警报。 可以是: |
ecosystem 字符串 以逗号分隔的生态系统列表。如果指定,则只返回这些生态系统的警报。 可以是: |
package 字符串 以逗号分隔的包名列表。如果指定,则只返回这些包的警报。 |
scope 字符串 易受攻击依赖项的范围。如果指定,则只返回具有此范围的警报。 可以是以下之一: |
sort 字符串 用于对结果进行排序的属性。 默认值: 可以是以下之一: |
direction 字符串 对结果进行排序的方向。 默认值: 可以是以下之一: |
before 字符串 一个游标,如 Link header 中所述。如果指定,则查询仅搜索此游标之前的结果。有关更多信息,请参阅 "在 REST API 中使用分页。"。 |
after string 一个游标,如 Link header 中所述。如果指定,则查询仅搜索此游标之后的结果。有关更多信息,请参阅 "在 REST API 中使用分页。"。 |
first integer 已弃用。每页结果数(最大 100),从第一个匹配结果开始。此参数不能与 默认: |
last integer 已弃用。每页结果数(最大 100),从最后一个匹配结果开始。此参数不能与 |
per_page integer 每页结果数(最大 100)。有关更多信息,请参阅 "在 REST API 中使用分页。"。 默认: |
“列出企业中的 Dependabot 警报”的 HTTP 响应状态码
| 状态码 | 描述 |
|---|---|
200 | OK |
304 | 未修改 |
403 | 禁止 |
404 | 资源未找到 |
422 | 验证失败,或端点已被垃圾邮件攻击。 |
“列出企业中的 Dependabot 警报”的代码示例
请求示例
get/enterprises/{enterprise}/dependabot/alerts
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/dependabot/alerts响应
状态:200[
{
"number": 2,
"state": "dismissed",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-rf4j-j272-fj86",
"cve_id": "CVE-2018-6188",
"summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
"first_patched_version": {
"identifier": "1.11.10"
}
}
],
"severity": "high",
"cvss": {
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"score": 7.5
},
"cwes": [
{
"cwe_id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-rf4j-j272-fj86"
},
{
"type": "CVE",
"value": "CVE-2018-6188"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
},
{
"url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
},
{
"url": "https://usn.ubuntu.com/3559-1/"
},
{
"url": "https://www.django.ac.cn/weblog/2018/feb/01/security-releases/"
},
{
"url": "http://www.securitytracker.com/id/1040422"
}
],
"published_at": "2018-10-03T21:13:54Z",
"updated_at": "2022-04-26T18:35:37Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
"url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2",
"html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
"created_at": "2022-06-15T07:43:03Z",
"updated_at": "2022-08-23T14:29:47Z",
"dismissed_at": "2022-08-23T14:29:47Z",
"dismissed_by": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"dismissed_reason": "tolerable_risk",
"dismissed_comment": "This alert is accurate but we use a sanitizer.",
"fixed_at": null,
"repository": {
"id": 217723378,
"node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
"name": "octo-repo",
"full_name": "octo-org/octo-repo",
"owner": {
"login": "octo-org",
"id": 6811672,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
"avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/octo-org",
"html_url": "https://github.com/octo-org",
"followers_url": "https://api.github.com/users/octo-org/followers",
"following_url": "https://api.github.com/users/octo-org/following{/other_user}",
"gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
"organizations_url": "https://api.github.com/users/octo-org/orgs",
"repos_url": "https://api.github.com/users/octo-org/repos",
"events_url": "https://api.github.com/users/octo-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/octo-org/received_events",
"type": "Organization",
"site_admin": false
},
"private": true,
"html_url": "https://github.com/octo-org/octo-repo",
"description": null,
"fork": false,
"url": "https://api.github.com/repos/octo-org/octo-repo",
"archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}",
"assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}",
"blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}",
"collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}",
"commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}",
"compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}",
"contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors",
"deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments",
"downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads",
"events_url": "https://api.github.com/repos/octo-org/octo-repo/events",
"forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks",
"git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}",
"hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks",
"issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}",
"issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}",
"keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}",
"labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}",
"languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages",
"merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges",
"milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}",
"notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}",
"pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}",
"releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}",
"stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers",
"statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers",
"subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription",
"tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags",
"teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams",
"trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}"
}
},
{
"number": 1,
"state": "open",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-8f4m-hccc-8qph",
"cve_id": "CVE-2021-20191",
"summary": "Insertion of Sensitive Information into Log File in ansible",
"description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.9.0, < 2.9.18",
"first_patched_version": {
"identifier": "2.9.18"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.10.0, < 2.10.7",
"first_patched_version": {
"identifier": "2.10.7"
}
}
],
"severity": "medium",
"cvss": {
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"score": 5.5
},
"cwes": [
{
"cwe_id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-8f4m-hccc-8qph"
},
{
"type": "CVE",
"value": "CVE-2021-20191"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
},
{
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
}
],
"published_at": "2021-06-01T17:38:00Z",
"updated_at": "2021-08-12T23:06:00Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
"url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1",
"html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
"created_at": "2022-06-14T15:21:52Z",
"updated_at": "2022-06-14T15:21:52Z",
"dismissed_at": null,
"dismissed_by": null,
"dismissed_reason": null,
"dismissed_comment": null,
"fixed_at": null,
"repository": {
"id": 664700648,
"node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
"name": "hello-world",
"full_name": "octo-org/hello-world",
"owner": {
"login": "octo-org",
"id": 6811672,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
"avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/octo-org",
"html_url": "https://github.com/octo-org",
"followers_url": "https://api.github.com/users/octo-org/followers",
"following_url": "https://api.github.com/users/octo-org/following{/other_user}",
"gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
"organizations_url": "https://api.github.com/users/octo-org/orgs",
"repos_url": "https://api.github.com/users/octo-org/repos",
"events_url": "https://api.github.com/users/octo-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/octo-org/received_events",
"type": "Organization",
"site_admin": false
},
"private": true,
"html_url": "https://github.com/octo-org/hello-world",
"description": null,
"fork": false,
"url": "https://api.github.com/repos/octo-org/hello-world",
"archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}",
"assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}",
"blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}",
"collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}",
"commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}",
"compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}",
"contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors",
"deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments",
"downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads",
"events_url": "https://api.github.com/repos/octo-org/hello-world/events",
"forks_url": "https://api.github.com/repos/octo-org/hello-world/forks",
"git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}",
"hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks",
"issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}",
"issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}",
"keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}",
"labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}",
"languages_url": "https://api.github.com/repos/octo-org/hello-world/languages",
"merges_url": "https://api.github.com/repos/octo-org/hello-world/merges",
"milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}",
"notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}",
"pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}",
"releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}",
"stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers",
"statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers",
"subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription",
"tags_url": "https://api.github.com/repos/octo-org/hello-world/tags",
"teams_url": "https://api.github.com/repos/octo-org/hello-world/teams",
"trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}"
}
}
]列出组织的 Dependabot 提醒
列出组织的 Dependabot 提醒。
经过身份验证的用户必须是组织的所有者或安全管理员才能使用此端点。
OAuth 应用程序令牌和个人访问令牌(经典)需要 `security_events` 范围才能使用此端点。如果此端点仅与公共存储库一起使用,则令牌可以使用 `public_repo` 范围。
用于“列出组织的 Dependabot 提醒”的细粒度访问令牌
此端点适用于以下细粒度令牌类型
细粒度令牌必须具有以下权限集
- “Dependabot 提醒”存储库权限(读取)
用于“列出组织的 Dependabot 提醒”的参数
| 名称、类型、描述 |
|---|
accept string 建议设置为 |
| 名称、类型、描述 |
|---|
org 字符串 必需组织名称。名称不区分大小写。 |
| 名称、类型、描述 |
|---|
state 字符串 以逗号分隔的状态列表。如果指定,则只返回具有这些状态的警报。 可以是: |
severity 字符串 以逗号分隔的严重性列表。如果指定,则只返回具有这些严重性的警报。 可以是: |
ecosystem 字符串 以逗号分隔的生态系统列表。如果指定,则只返回这些生态系统的警报。 可以是: |
package 字符串 以逗号分隔的包名列表。如果指定,则只返回这些包的警报。 |
scope 字符串 易受攻击依赖项的范围。如果指定,则只返回具有此范围的警报。 可以是以下之一: |
sort 字符串 用于对结果进行排序的属性。 默认值: 可以是以下之一: |
direction 字符串 对结果进行排序的方向。 默认值: 可以是以下之一: |
before 字符串 一个游标,如 Link header 中所述。如果指定,则查询仅搜索此游标之前的结果。有关更多信息,请参阅 "在 REST API 中使用分页。"。 |
after string 一个游标,如 Link header 中所述。如果指定,则查询仅搜索此游标之后的结果。有关更多信息,请参阅 "在 REST API 中使用分页。"。 |
first integer 已弃用。每页结果数(最大 100),从第一个匹配结果开始。此参数不能与 默认: |
last integer 已弃用。每页结果数(最大 100),从最后一个匹配结果开始。此参数不能与 |
per_page integer 每页结果数(最大 100)。有关更多信息,请参阅 "在 REST API 中使用分页。"。 默认: |
用于“列出组织的 Dependabot 提醒”的 HTTP 响应状态代码
| 状态码 | 描述 |
|---|---|
200 | OK |
304 | 未修改 |
400 | 错误请求 |
403 | 禁止 |
404 | 资源未找到 |
422 | 验证失败,或端点已被垃圾邮件攻击。 |
用于“列出组织的 Dependabot 提醒”的代码示例
请求示例
get/orgs/{org}/dependabot/alerts
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/dependabot/alerts响应
状态:200[
{
"number": 2,
"state": "dismissed",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-rf4j-j272-fj86",
"cve_id": "CVE-2018-6188",
"summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
"first_patched_version": {
"identifier": "1.11.10"
}
}
],
"severity": "high",
"cvss": {
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"score": 7.5
},
"cwes": [
{
"cwe_id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-rf4j-j272-fj86"
},
{
"type": "CVE",
"value": "CVE-2018-6188"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
},
{
"url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
},
{
"url": "https://usn.ubuntu.com/3559-1/"
},
{
"url": "https://www.django.ac.cn/weblog/2018/feb/01/security-releases/"
},
{
"url": "http://www.securitytracker.com/id/1040422"
}
],
"published_at": "2018-10-03T21:13:54Z",
"updated_at": "2022-04-26T18:35:37Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
"url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2",
"html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
"created_at": "2022-06-15T07:43:03Z",
"updated_at": "2022-08-23T14:29:47Z",
"dismissed_at": "2022-08-23T14:29:47Z",
"dismissed_by": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"dismissed_reason": "tolerable_risk",
"dismissed_comment": "This alert is accurate but we use a sanitizer.",
"fixed_at": null,
"repository": {
"id": 217723378,
"node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
"name": "octo-repo",
"full_name": "octo-org/octo-repo",
"owner": {
"login": "octo-org",
"id": 6811672,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
"avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/octo-org",
"html_url": "https://github.com/octo-org",
"followers_url": "https://api.github.com/users/octo-org/followers",
"following_url": "https://api.github.com/users/octo-org/following{/other_user}",
"gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
"organizations_url": "https://api.github.com/users/octo-org/orgs",
"repos_url": "https://api.github.com/users/octo-org/repos",
"events_url": "https://api.github.com/users/octo-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/octo-org/received_events",
"type": "Organization",
"site_admin": false
},
"private": true,
"html_url": "https://github.com/octo-org/octo-repo",
"description": null,
"fork": false,
"url": "https://api.github.com/repos/octo-org/octo-repo",
"archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}",
"assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}",
"blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}",
"collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}",
"commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}",
"compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}",
"contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors",
"deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments",
"downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads",
"events_url": "https://api.github.com/repos/octo-org/octo-repo/events",
"forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks",
"git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}",
"hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks",
"issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}",
"issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}",
"keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}",
"labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}",
"languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages",
"merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges",
"milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}",
"notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}",
"pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}",
"releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}",
"stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers",
"statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers",
"subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription",
"tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags",
"teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams",
"trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}"
}
},
{
"number": 1,
"state": "open",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-8f4m-hccc-8qph",
"cve_id": "CVE-2021-20191",
"summary": "Insertion of Sensitive Information into Log File in ansible",
"description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.9.0, < 2.9.18",
"first_patched_version": {
"identifier": "2.9.18"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.10.0, < 2.10.7",
"first_patched_version": {
"identifier": "2.10.7"
}
}
],
"severity": "medium",
"cvss": {
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"score": 5.5
},
"cwes": [
{
"cwe_id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-8f4m-hccc-8qph"
},
{
"type": "CVE",
"value": "CVE-2021-20191"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
},
{
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
}
],
"published_at": "2021-06-01T17:38:00Z",
"updated_at": "2021-08-12T23:06:00Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
"url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1",
"html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
"created_at": "2022-06-14T15:21:52Z",
"updated_at": "2022-06-14T15:21:52Z",
"dismissed_at": null,
"dismissed_by": null,
"dismissed_reason": null,
"dismissed_comment": null,
"fixed_at": null,
"repository": {
"id": 664700648,
"node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
"name": "hello-world",
"full_name": "octo-org/hello-world",
"owner": {
"login": "octo-org",
"id": 6811672,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
"avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/octo-org",
"html_url": "https://github.com/octo-org",
"followers_url": "https://api.github.com/users/octo-org/followers",
"following_url": "https://api.github.com/users/octo-org/following{/other_user}",
"gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
"organizations_url": "https://api.github.com/users/octo-org/orgs",
"repos_url": "https://api.github.com/users/octo-org/repos",
"events_url": "https://api.github.com/users/octo-org/events{/privacy}",
"received_events_url": "https://api.github.com/users/octo-org/received_events",
"type": "Organization",
"site_admin": false
},
"private": true,
"html_url": "https://github.com/octo-org/hello-world",
"description": null,
"fork": false,
"url": "https://api.github.com/repos/octo-org/hello-world",
"archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}",
"assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}",
"blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}",
"collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}",
"commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}",
"compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}",
"contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors",
"deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments",
"downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads",
"events_url": "https://api.github.com/repos/octo-org/hello-world/events",
"forks_url": "https://api.github.com/repos/octo-org/hello-world/forks",
"git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}",
"hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks",
"issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}",
"issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}",
"keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}",
"labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}",
"languages_url": "https://api.github.com/repos/octo-org/hello-world/languages",
"merges_url": "https://api.github.com/repos/octo-org/hello-world/merges",
"milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}",
"notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}",
"pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}",
"releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}",
"stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers",
"statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers",
"subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription",
"tags_url": "https://api.github.com/repos/octo-org/hello-world/tags",
"teams_url": "https://api.github.com/repos/octo-org/hello-world/teams",
"trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}"
}
}
]列出存储库的 Dependabot 提醒
OAuth 应用程序令牌和个人访问令牌(经典)需要 `security_events` 范围才能使用此端点。如果此端点仅与公共存储库一起使用,则令牌可以使用 `public_repo` 范围。
用于“列出存储库的 Dependabot 提醒”的细粒度访问令牌
此端点适用于以下细粒度令牌类型
细粒度令牌必须具有以下权限集
- “Dependabot 提醒”存储库权限(读取)
用于“列出存储库的 Dependabot 提醒”的参数
| 名称、类型、描述 |
|---|
accept string 建议设置为 |
| 名称、类型、描述 |
|---|
owner 字符串 必需存储库的帐户所有者。名称不区分大小写。 |
repo 字符串 必需仓库名称,不包括 |
| 名称、类型、描述 |
|---|
state 字符串 以逗号分隔的状态列表。如果指定,则只返回具有这些状态的警报。 可以是: |
severity 字符串 以逗号分隔的严重性列表。如果指定,则只返回具有这些严重性的警报。 可以是: |
ecosystem 字符串 以逗号分隔的生态系统列表。如果指定,则只返回这些生态系统的警报。 可以是: |
package 字符串 以逗号分隔的包名列表。如果指定,则只返回这些包的警报。 |
manifest 字符串 以逗号分隔的完整清单路径列表。如果指定,则仅返回这些清单的警报。 |
scope 字符串 易受攻击依赖项的范围。如果指定,则只返回具有此范围的警报。 可以是以下之一: |
sort 字符串 用于对结果进行排序的属性。 默认值: 可以是以下之一: |
direction 字符串 对结果进行排序的方向。 默认值: 可以是以下之一: |
page 整数 已弃用。要获取的结果的页码。请使用 默认: |
per_page integer 每页结果数(最大 100)。有关更多信息,请参阅 "在 REST API 中使用分页。"。 默认: |
before 字符串 一个游标,如 Link header 中所述。如果指定,则查询仅搜索此游标之前的结果。有关更多信息,请参阅 "在 REST API 中使用分页。"。 |
after string 一个游标,如 Link header 中所述。如果指定,则查询仅搜索此游标之后的结果。有关更多信息,请参阅 "在 REST API 中使用分页。"。 |
first integer 已弃用。每页结果数(最大 100),从第一个匹配结果开始。此参数不能与 默认: |
last integer 已弃用。每页结果数(最大 100),从最后一个匹配结果开始。此参数不能与 |
“列出仓库的 Dependabot 警报”的 HTTP 响应状态代码
| 状态码 | 描述 |
|---|---|
200 | OK |
304 | 未修改 |
400 | 错误请求 |
403 | 禁止 |
404 | 资源未找到 |
422 | 验证失败,或端点已被垃圾邮件攻击。 |
“列出仓库的 Dependabot 警报”的代码示例
请求示例
get/repos/{owner}/{repo}/dependabot/alerts
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dependabot/alerts响应
状态:200[
{
"number": 2,
"state": "dismissed",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-rf4j-j272-fj86",
"cve_id": "CVE-2018-6188",
"summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
"first_patched_version": {
"identifier": "1.11.10"
}
}
],
"severity": "high",
"cvss": {
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"score": 7.5
},
"cwes": [
{
"cwe_id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-rf4j-j272-fj86"
},
{
"type": "CVE",
"value": "CVE-2018-6188"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
},
{
"url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
},
{
"url": "https://usn.ubuntu.com/3559-1/"
},
{
"url": "https://www.django.ac.cn/weblog/2018/feb/01/security-releases/"
},
{
"url": "http://www.securitytracker.com/id/1040422"
}
],
"published_at": "2018-10-03T21:13:54Z",
"updated_at": "2022-04-26T18:35:37Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
"url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2",
"html_url": "https://github.com/octocat/hello-world/security/dependabot/2",
"created_at": "2022-06-15T07:43:03Z",
"updated_at": "2022-08-23T14:29:47Z",
"dismissed_at": "2022-08-23T14:29:47Z",
"dismissed_by": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"dismissed_reason": "tolerable_risk",
"dismissed_comment": "This alert is accurate but we use a sanitizer.",
"fixed_at": null
},
{
"number": 1,
"state": "open",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-8f4m-hccc-8qph",
"cve_id": "CVE-2021-20191",
"summary": "Insertion of Sensitive Information into Log File in ansible",
"description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.9.0, < 2.9.18",
"first_patched_version": {
"identifier": "2.9.18"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.10.0, < 2.10.7",
"first_patched_version": {
"identifier": "2.10.7"
}
}
],
"severity": "medium",
"cvss": {
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"score": 5.5
},
"cwes": [
{
"cwe_id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-8f4m-hccc-8qph"
},
{
"type": "CVE",
"value": "CVE-2021-20191"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
},
{
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
}
],
"published_at": "2021-06-01T17:38:00Z",
"updated_at": "2021-08-12T23:06:00Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
"url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1",
"html_url": "https://github.com/octocat/hello-world/security/dependabot/1",
"created_at": "2022-06-14T15:21:52Z",
"updated_at": "2022-06-14T15:21:52Z",
"dismissed_at": null,
"dismissed_by": null,
"dismissed_reason": null,
"dismissed_comment": null,
"fixed_at": null
}
]获取 Dependabot 警报
OAuth 应用程序令牌和个人访问令牌(经典)需要 `security_events` 范围才能使用此端点。如果此端点仅与公共存储库一起使用,则令牌可以使用 `public_repo` 范围。
“获取 Dependabot 警报”的细粒度访问令牌
此端点适用于以下细粒度令牌类型
细粒度令牌必须具有以下权限集
- “Dependabot 提醒”存储库权限(读取)
“获取 Dependabot 警报”的参数
| 名称、类型、描述 |
|---|
accept string 建议设置为 |
| 名称、类型、描述 |
|---|
owner 字符串 必需存储库的帐户所有者。名称不区分大小写。 |
repo 字符串 必需仓库名称,不包括 |
alert_number 整数 必需标识 Dependabot 警报在其仓库中的编号。您可以在 GitHub 中 Dependabot 警报的 URL 末尾找到它,或者在 |
“获取 Dependabot 警报”的 HTTP 响应状态代码
| 状态码 | 描述 |
|---|---|
200 | OK |
304 | 未修改 |
403 | 禁止 |
404 | 资源未找到 |
“获取 Dependabot 警报”的代码示例
请求示例
get/repos/{owner}/{repo}/dependabot/alerts/{alert_number}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER响应
状态:200{
"number": 1,
"state": "open",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-8f4m-hccc-8qph",
"cve_id": "CVE-2021-20191",
"summary": "Insertion of Sensitive Information into Log File in ansible",
"description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.9.0, < 2.9.18",
"first_patched_version": {
"identifier": "2.9.18"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
{
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": ">= 2.10.0, < 2.10.7",
"first_patched_version": {
"identifier": "2.10.7"
}
}
],
"severity": "medium",
"cvss": {
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"score": 5.5
},
"cwes": [
{
"cwe_id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-8f4m-hccc-8qph"
},
{
"type": "CVE",
"value": "CVE-2021-20191"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
},
{
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
}
],
"published_at": "2021-06-01T17:38:00Z",
"updated_at": "2021-08-12T23:06:00Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "ansible"
},
"severity": "medium",
"vulnerable_version_range": "< 2.8.19",
"first_patched_version": {
"identifier": "2.8.19"
}
},
"url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1",
"html_url": "https://github.com/octocat/hello-world/security/dependabot/1",
"created_at": "2022-06-14T15:21:52Z",
"updated_at": "2022-06-14T15:21:52Z",
"dismissed_at": null,
"dismissed_by": null,
"dismissed_reason": null,
"dismissed_comment": null,
"fixed_at": null
}更新 Dependabot 警报
经过身份验证的用户必须具有对仓库的安全警报的访问权限才能使用此端点。有关更多信息,请参阅“授予安全警报访问权限”。
OAuth 应用程序令牌和个人访问令牌(经典)需要 `security_events` 范围才能使用此端点。如果此端点仅与公共存储库一起使用,则令牌可以使用 `public_repo` 范围。
“更新 Dependabot 警报”的细粒度访问令牌
此端点适用于以下细粒度令牌类型
细粒度令牌必须具有以下权限集
- “Dependabot 警报”仓库权限(写入)
更新 Dependabot 提醒的参数
| 名称、类型、描述 |
|---|
accept string 建议设置为 |
| 名称、类型、描述 |
|---|
owner 字符串 必需存储库的帐户所有者。名称不区分大小写。 |
repo 字符串 必需仓库名称,不包括 |
alert_number 整数 必需标识 Dependabot 警报在其仓库中的编号。您可以在 GitHub 中 Dependabot 警报的 URL 末尾找到它,或者在 |
| 名称、类型、描述 |
|---|
state 字符串 必填Dependabot 提醒的状态。将状态设置为 可以是以下之一:: |
dismissed_reason 字符串 当 可以是以下之一:: |
dismissed_comment 字符串 与驳回提醒相关的可选注释。 |
更新 Dependabot 提醒的 HTTP 响应状态码
| 状态码 | 描述 |
|---|---|
200 | OK |
400 | 错误请求 |
403 | 禁止 |
404 | 资源未找到 |
409 | 冲突 |
422 | 验证失败,或端点已被垃圾邮件攻击。 |
更新 Dependabot 提醒的代码示例
请求示例
补丁/repos/{owner}/{repo}/dependabot/alerts/{alert_number}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \ -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'响应
状态:200{
"number": 2,
"state": "dismissed",
"dependency": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"manifest_path": "path/to/requirements.txt",
"scope": "runtime"
},
"security_advisory": {
"ghsa_id": "GHSA-rf4j-j272-fj86",
"cve_id": "CVE-2018-6188",
"summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
"first_patched_version": {
"identifier": "1.11.10"
}
}
],
"severity": "high",
"cvss": {
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"score": 7.5
},
"cwes": [
{
"cwe_id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-rf4j-j272-fj86"
},
{
"type": "CVE",
"value": "CVE-2018-6188"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
},
{
"url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
},
{
"url": "https://usn.ubuntu.com/3559-1/"
},
{
"url": "https://www.django.ac.cn/weblog/2018/feb/01/security-releases/"
},
{
"url": "http://www.securitytracker.com/id/1040422"
}
],
"published_at": "2018-10-03T21:13:54Z",
"updated_at": "2022-04-26T18:35:37Z",
"withdrawn_at": null
},
"security_vulnerability": {
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "high",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
"url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2",
"html_url": "https://github.com/octocat/hello-world/security/dependabot/2",
"created_at": "2022-06-15T07:43:03Z",
"updated_at": "2022-08-23T14:29:47Z",
"dismissed_at": "2022-08-23T14:29:47Z",
"dismissed_by": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"dismissed_reason": "tolerable_risk",
"dismissed_comment": "This alert is accurate but we use a sanitizer.",
"fixed_at": null
}