REST-API-Endpunkte für Dependabot Anforderungen zur Schließung von Warnungen
Verwenden Sie die REST-API, um Anforderungen zur Schließung von Warnungen Dependabot für ein Repository zu verwalten.
List dismissal requests for Dependabot alerts for an organization
Lists dismissal requests for Dependabot alerts in an organization.
Delegated alert dismissal must be enabled on repositories in the org and the user must be an org admin, security manager,
or have the appropriate permission to access this endpoint.
Personal access tokens (classic) need the security_events scope to use this endpoint.
Differenzierte Zugriffstoken für "List dismissal requests for Dependabot alerts for an organization"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Organization dismissal requests for Dependabot" organization permissions (read)
Parameter für „List dismissal requests for Dependabot alerts for an organization“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
| Name, type, BESCHREIBUNG |
|---|
repository_name string The name of the repository to filter on. |
reviewer string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request. |
requester string Filter bypass requests by the handle of the GitHub user who requested the bypass. |
time_period string The time period to filter by. For example, Standard: Kann eine der Folgenden sein: |
request_status string The status of the dismissal request to filter on. When specified, only requests with this status will be returned. Standard: Kann eine der Folgenden sein: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Standard: |
HTTP-Antwortstatuscodes für „List dismissal requests for Dependabot alerts for an organization“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | A list of alert dismissal requests. |
403 | Forbidden |
404 | Resource not found |
500 | Internal Error |
Codebeispiele für „List dismissal requests for Dependabot alerts for an organization“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/dismissal-requests/dependabotA list of alert dismissal requests.
Status: 200[
{
"id": 21,
"number": 42,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "no_bandwidth",
"alert_number": "1",
"alert_title": "lodash - GHSA-1234-abcd-5678"
}
],
"resource_identifier": "1",
"status": "denied",
"requester_comment": "No bandwidth to fix this right now",
"expires_at": "2024-07-08T08:43:03Z",
"created_at": "2024-07-01T08:43:03Z",
"responses": [
{
"id": 42,
"reviewer": {
"actor_id": 4,
"actor_name": "octocat"
},
"status": "denied",
"created_at": "2024-07-02T08:43:04Z"
}
],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
"html_url": "https://github.com/octo-org/smile/security/dependabot/1"
},
{
"id": 12,
"number": 24,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "tolerable_risk",
"alert_number": "2",
"alert_title": "axios - GHSA-5678-efgh-9012"
}
],
"resource_identifier": "2",
"status": "approved",
"requester_comment": "Risk is acceptable for this internal tool",
"expires_at": "2024-07-08T07:43:03Z",
"created_at": "2024-07-01T07:43:03Z",
"responses": [
{
"id": 43,
"reviewer": {
"actor_id": 4,
"actor_name": "octocat"
},
"status": "approved",
"created_at": "2024-07-02T08:43:04Z"
}
],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/2",
"html_url": "https://github.com/octo-org/smile/security/dependabot/2"
}
]List dismissal requests for Dependabot alerts for a repository
Lists dismissal requests for Dependabot alerts for a repository.
Delegated alert dismissal must be enabled on the repository.
Personal access tokens (classic) need the security_events scope to use this endpoint.
Differenzierte Zugriffstoken für "List dismissal requests for Dependabot alerts for a repository"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Dependabot alerts" repository permissions (read)
Parameter für „List dismissal requests for Dependabot alerts for a repository“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
owner string ErforderlichThe account owner of the repository. The name is not case sensitive. |
repo string ErforderlichThe name of the repository without the |
| Name, type, BESCHREIBUNG |
|---|
reviewer string Filter alert dismissal requests by the handle of the GitHub user who reviewed the dismissal request. |
requester string Filter alert dismissal requests by the handle of the GitHub user who requested the dismissal. |
time_period string The time period to filter by. For example, Standard: Kann eine der Folgenden sein: |
request_status string Filter alert dismissal requests by status. When specified, only requests with this status will be returned. Standard: Kann eine der Folgenden sein: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Standard: |
HTTP-Antwortstatuscodes für „List dismissal requests for Dependabot alerts for a repository“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | A list of alert dismissal requests. |
403 | Forbidden |
404 | Resource not found |
500 | Internal Error |
Codebeispiele für „List dismissal requests for Dependabot alerts for a repository“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabotA list of alert dismissal requests.
Status: 200[
{
"id": 21,
"number": 42,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "no_bandwidth",
"alert_number": "1",
"alert_title": "lodash - GHSA-1234-abcd-5678"
}
],
"resource_identifier": "1",
"status": "denied",
"requester_comment": "No bandwidth to fix this right now",
"expires_at": "2024-07-08T08:43:03Z",
"created_at": "2024-07-01T08:43:03Z",
"responses": [
{
"id": 42,
"reviewer": {
"actor_id": 4,
"actor_name": "octocat"
},
"status": "denied",
"created_at": "2024-07-02T08:43:04Z"
}
],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
"html_url": "https://github.com/octo-org/smile/security/dependabot/1"
},
{
"id": 12,
"number": 24,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "tolerable_risk",
"alert_number": "2",
"alert_title": "axios - GHSA-5678-efgh-9012"
}
],
"resource_identifier": "2",
"status": "approved",
"requester_comment": "Risk is acceptable for this internal tool",
"expires_at": "2024-07-08T07:43:03Z",
"created_at": "2024-07-01T07:43:03Z",
"responses": [
{
"id": 43,
"reviewer": {
"actor_id": 4,
"actor_name": "octocat"
},
"status": "approved",
"created_at": "2024-07-02T08:43:04Z"
}
],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/2",
"html_url": "https://github.com/octo-org/smile/security/dependabot/2"
}
]Get a dismissal request for a Dependabot alert for a repository
Gets a dismissal request to dismiss a Dependabot alert in a repository.
Delegated alert dismissal must be enabled on the repository.
Personal access tokens (classic) need the security_events scope to use this endpoint.
Differenzierte Zugriffstoken für "Get a dismissal request for a Dependabot alert for a repository"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Dependabot alerts" repository permissions (read)
Parameter für „Get a dismissal request for a Dependabot alert for a repository“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
owner string ErforderlichThe account owner of the repository. The name is not case sensitive. |
repo string ErforderlichThe name of the repository without the |
alert_number integer ErforderlichThe number that identifies the Dependabot alert. |
HTTP-Antwortstatuscodes für „Get a dismissal request for a Dependabot alert for a repository“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | A single dismissal request. |
403 | Forbidden |
404 | Resource not found |
500 | Internal Error |
Codebeispiele für „Get a dismissal request for a Dependabot alert for a repository“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBERA single dismissal request.
Status: 200{
"id": 21,
"number": 42,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "no_bandwidth",
"alert_number": "1",
"alert_title": "lodash - GHSA-1234-abcd-5678"
}
],
"resource_identifier": "1",
"status": "pending",
"requester_comment": "No bandwidth to fix this right now",
"expires_at": "2024-07-08T08:43:03Z",
"created_at": "2024-07-01T08:43:03Z",
"responses": [],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
"html_url": "https://github.com/octo-org/smile/security/dependabot/1"
}Review a dismissal request for a Dependabot alert for a repository
Approve or deny a dismissal request to dismiss a Dependabot alert in a repository.
Delegated alert dismissal must be enabled on the repository and the user must be a dismissal reviewer to access this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.
Differenzierte Zugriffstoken für "Review a dismissal request for a Dependabot alert for a repository"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Organization dismissal requests for Dependabot" organization permissions (write) and "Dependabot alerts" repository permissions (read)
Parameter für „Review a dismissal request for a Dependabot alert for a repository“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
owner string ErforderlichThe account owner of the repository. The name is not case sensitive. |
repo string ErforderlichThe name of the repository without the |
alert_number integer ErforderlichThe number that identifies the Dependabot alert. |
| Name, type, BESCHREIBUNG |
|---|
status string ErforderlichThe review action to perform on the dismissal request. Kann eine der Folgenden sein: |
message string ErforderlichA message to include with the review. Has a maximum character length of 2048. |
HTTP-Antwortstatuscodes für „Review a dismissal request for a Dependabot alert for a repository“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | The review of the dismissal request. |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
500 | Internal Error |
Codebeispiele für „Review a dismissal request for a Dependabot alert for a repository“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER \
-d '{"status":"approve","message":"Used in tests."}'The review of the dismissal request.
Status: 200{
"dismissal_review_id": 1
}