REST-API-Endpunkte für die Abhängigkeitsüberprüfung

Verwende die REST-API, um mit Abhängigkeitsänderungen zu interagieren.

Informationen zur Abhängigkeitsüberprüfung

Du kannst die REST-API zum Anzeigen von Abhängigkeitsänderungen und deren Auswirkungen auf die Sicherheit verwenden, bevor du sie deiner Umgebung hinzufügst. Du kannst den Unterschied der Abhängigkeiten zwischen zwei Commits eines Repositorys anzeigen, einschließlich Daten zu Sicherheitsanfälligkeiten für jegliche Versionsupdates mit bekannten Sicherheitsanfälligkeiten. Weitere Informationen zur Abhängigkeitsbewertung findest du unter Informationen zur Abhängigkeitsüberprüfung.

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

Fine-grained access tokens for "Get a diff of the dependencies between commits"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Contents" repository permissions (read)

This endpoint can be used without authentication or the aforementioned permissions if only public resources are requested.

Parameter für "Get a diff of the dependencies between commits"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`owner` string Erforderlich The account owner of the repository. The name is not case sensitive.
`repo` string Erforderlich The name of the repository without the `.git` extension. The name is not case sensitive.
`basehead` string Erforderlich The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format `{base}...{head}`.

Abfrageparameter
Name, Typ, BESCHREIBUNG
`name` string The full path, relative to the repository root, of the dependency manifest file.

HTTP response status codes for "Get a diff of the dependencies between commits"

Status code	BESCHREIBUNG
`200`	OK
`403`	Response for a private repository when GitHub Advanced Security is not enabled, or if used against a fork
`404`	Resource not found

Code samples for "Get a diff of the dependencies between commits"

Request example

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200

[
  {
    "change_type": "removed",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "4.6.0",
    "package_url": "pkg:npm/helmet@4.6.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "5.0.0",
    "package_url": "pkg:npm/helmet@5.0.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "Gemfile",
    "ecosystem": "rubygems",
    "name": "ruby-openid",
    "version": "2.7.0",
    "package_url": "pkg:gem/ruby-openid@2.7.0",
    "license": null,
    "source_repository_url": "https://github.com/openid/ruby-openid",
    "vulnerabilities": [
      {
        "severity": "critical",
        "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
        "advisory_summary": "Ruby OpenID",
        "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
      }
    ]
  }
]