The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for code scanning alert dismissal requests

Use the REST API to interact with code scanning alert dismissal requests from a repository.

List dismissal requests for code scanning alerts for an organization

Lists dismissal requests for code scanning alerts for all repositories in an organization.

The user must be authorized to review dismissal requests for the organization. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "List dismissal requests for code scanning alerts for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization dismissal requests for code scanning" organization permissions (read)

Parameters for "List dismissal requests for code scanning alerts for an organization"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
org string Required

The organization name. The name is not case sensitive.

Query parameters
reviewer string

Filter alert dismissal requests by the handle of the GitHub user who reviewed the dismissal request.

requester string

Filter alert dismissal requests by the handle of the GitHub user who requested the dismissal.

time_period string

The time period to filter by.

For example, day will filter for rule suites that occurred in the past 24 hours, and week will filter for insights that occurred in the past 7 days (168 hours).

Default: month

Can be one of: hour, day, week, month

request_status string

Filter alert dismissal requests by status. When specified, only requests with this status will be returned.

Default: all

Can be one of: open, approved, expired, denied, all

repository_name string

The name of the repository to filter on.

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Default: 1

HTTP response status codes for "List dismissal requests for code scanning alerts for an organization"

Status codeDescription
200

A list of alert dismissal requests.

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

500

Internal Error

Code samples for "List dismissal requests for code scanning alerts for an organization"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/dismissal-requests/code-scanning
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/dismissal-requests/code-scanning

A list of alert dismissal requests.

Status: 200
[ { "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "code_scanning_alert_dismissal", "data": [ { "reason": "won't fix", "alert_number": 1 } ], "resource_identifier": "123/10", "status": "denied", "requester_comment": "Won't fix", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/1", "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/1" }, { "id": 12, "number": 24, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "code_scanning_alert_dismissal", "data": [ { "reason": "won't fix", "alert_number": 2 } ], "resource_identifier": "123/12", "status": "denied", "requester_comment": "Token is already revoked, I'll remove it later", "expires_at": "2024-07-08T07:43:03Z", "created_at": "2024-07-01T07:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/2", "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/2" } ]

List dismissal requests for code scanning alerts for a repository

Lists dismissal requests for code scanning alerts for a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "List dismissal requests for code scanning alerts for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization dismissal requests for code scanning" organization permissions (read) and "Code scanning alerts" repository permissions (read)

Parameters for "List dismissal requests for code scanning alerts for a repository"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

Query parameters
reviewer string

Filter alert dismissal requests by the handle of the GitHub user who reviewed the dismissal request.

requester string

Filter alert dismissal requests by the handle of the GitHub user who requested the dismissal.

time_period string

The time period to filter by.

For example, day will filter for rule suites that occurred in the past 24 hours, and week will filter for insights that occurred in the past 7 days (168 hours).

Default: month

Can be one of: hour, day, week, month

request_status string

Filter alert dismissal requests by status. When specified, only requests with this status will be returned.

Default: all

Can be one of: open, approved, expired, denied, all

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Default: 1

HTTP response status codes for "List dismissal requests for code scanning alerts for a repository"

Status codeDescription
200

A list of alert dismissal requests.

403

Forbidden

404

Resource not found

500

Internal Error

Code samples for "List dismissal requests for code scanning alerts for a repository"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/repos/{owner}/{repo}/dismissal-requests/code-scanning
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dismissal-requests/code-scanning

A list of alert dismissal requests.

Status: 200
[ { "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "code_scanning_alert_dismissal", "data": [ { "reason": "won't fix", "alert_number": 1 } ], "resource_identifier": "123/10", "status": "denied", "requester_comment": "Won't fix", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/1", "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/1" }, { "id": 12, "number": 24, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "code_scanning_alert_dismissal", "data": [ { "reason": "won't fix", "alert_number": 2 } ], "resource_identifier": "123/12", "status": "denied", "requester_comment": "Token is already revoked, I'll remove it later", "expires_at": "2024-07-08T07:43:03Z", "created_at": "2024-07-01T07:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/2", "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/2" } ]

Get a dismissal request for a code scanning alert for a repository

Gets a dismissal request to dismiss a code scanning alert in a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "Get a dismissal request for a code scanning alert for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization dismissal requests for code scanning" organization permissions (read) and "Code scanning alerts" repository permissions (read)

Parameters for "Get a dismissal request for a code scanning alert for a repository"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

alert_number integer Required

The number that identifies the code scanning alert.

HTTP response status codes for "Get a dismissal request for a code scanning alert for a repository"

Status codeDescription
200

A single dismissal request.

403

Forbidden

404

Resource not found

500

Internal Error

Code samples for "Get a dismissal request for a code scanning alert for a repository"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/repos/{owner}/{repo}/dismissal-requests/code-scanning/{alert_number}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dismissal-requests/code-scanning/ALERT_NUMBER

A single dismissal request.

Status: 200
{ "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "code_scanning_alert_dismissal", "data": [ { "reason": "won't fix", "alert_number": 2 } ], "resource_identifier": "1/1", "status": "denied", "requester_comment": "Won't fix", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/1", "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/1" }

Review a dismissal request for a code scanning alert for a repository

Approve or deny a dismissal request to dismiss a code scanning alert in a repository.

Delegated alert dismissal must be enabled on the repository and the user must be a dismissal reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Fine-grained access tokens for "Review a dismissal request for a code scanning alert for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization dismissal requests for code scanning" organization permissions (write) and "Code scanning alerts" repository permissions (read)

Parameters for "Review a dismissal request for a code scanning alert for a repository"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

alert_number integer Required

The number that identifies the code scanning alert.

Body parameters
status string Required

The review action to perform on the bypass request.

Can be one of: approve, deny

message string Required

A message to include with the review. Has a maximum character length of 2048.

HTTP response status codes for "Review a dismissal request for a code scanning alert for a repository"

Status codeDescription
204

Successful update

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

500

Internal Error

Code samples for "Review a dismissal request for a code scanning alert for a repository"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

patch/repos/{owner}/{repo}/dismissal-requests/code-scanning/{alert_number}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/dismissal-requests/code-scanning/ALERT_NUMBER \ -d '{"status":"approve","message":"Used in tests."}'

Successful update

Status: 204