REST API endpoints for Dependabot repository access

About Dependabot repository access

You can list repositories that Dependabot already has access to and set a default repository access level for Dependabot.

Lists repositories that organization admins have allowed Dependabot to access when updating dependencies.

Note

This operation supports both server-to-server and user-to-server access. Unauthorized users will not see the existence of this endpoint.

Fine-grained access tokens for "Lists repositories that organization admins have allowed Dependabot to access when updating dependencies."

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (read)

Parameters for "Lists repositories that organization admins have allowed Dependabot to access when updating dependencies."

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

HTTP response status codes for "Lists repositories that organization admins have allowed Dependabot to access when updating dependencies."

Status code	Description
`200`	OK
`403`	Forbidden
`404`	Resource not found

Code samples for "Lists repositories that organization admins have allowed Dependabot to access when updating dependencies."

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/organizations/{org}/dependabot/repository-access

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/organizations/ORG/dependabot/repository-access

Response

Status: 200

{
  "default_level": "public",
  "accessible_repositories": [
    {
      "id": 123456,
      "node_id": "MDEwOlJlcG9zaXRvcnkxMjM0NTY=",
      "name": "example-repo",
      "full_name": "octocat/example-repo",
      "owner": {
        "name": "octocat",
        "email": "octo@github.com",
        "login": "octocat",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://avatars.githubusercontent.com/u/1?v=4",
        "gravatar_id": 1,
        "url": "https://api.github.com/users/octocat",
        "html_url": "https://github.com/octocat/example-repo",
        "followers_url": "https://api.github.com/users/octocat/followers",
        "following_url": "https://api.github.com/users/octocat/following{/other_user}",
        "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
        "organizations_url": "https://api.github.com/users/octocat/orgs",
        "repos_url": "https://api.github.com/users/octocat/repos",
        "events_url": "https://api.github.com/users/octocat/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octocat/received_events",
        "type": "User",
        "site_admin": false,
        "starred_at": "\"2020-07-09T00:17:55Z\"",
        "user_view_type": "default"
      },
      "private": false,
      "html_url": "https://github.com/octocat/example-repo",
      "description": "This is an example repository.",
      "fork": false,
      "url": "https://api.github.com/repos/octocat/example-repo",
      "archive_url": "https://api.github.com/repos/octocat/example-repo/{archive_format}{/ref}",
      "assignees_url": "https://api.github.com/repos/octocat/example-repo/assignees{/user}",
      "blobs_url": "https://api.github.com/repos/octocat/example-repo/git/blobs{/sha}",
      "branches_url": "https://api.github.com/repos/octocat/example-repo/branches{/branch}",
      "collaborators_url": "https://api.github.com/repos/octocat/example-repo/collaborators{/collaborator}",
      "comments_url": "https://api.github.com/repos/octocat/example-repo/comments{/number}",
      "commits_url": "https://api.github.com/repos/octocat/example-repo/commits{/sha}",
      "compare_url": "https://api.github.com/repos/octocat/example-repo/compare/{base}...{head}",
      "contents_url": "https://api.github.com/repos/octocat/example-repo/contents/{+path}",
      "contributors_url": "https://api.github.com/repos/octocat/example-repo/contributors",
      "deployments_url": "https://api.github.com/repos/octocat/example-repo/deployments",
      "downloads_url": "https://api.github.com/repos/octocat/example-repo/downloads",
      "events_url": "https://api.github.com/repos/octocat/example-repo/events",
      "forks_url": "https://api.github.com/repos/octocat/example-repo/forks",
      "git_commits_url": "https://api.github.com/repos/octocat/example-repo/git/commits{/sha}",
      "git_refs_url": "https://api.github.com/repos/octocat/example-repo/git/refs{/sha}",
      "git_tags_url": "https://api.github.com/repos/octocat/example-repo/git/tags{/sha}",
      "issue_comment_url": "https://api.github.com/repos/octocat/example-repo/issues/comments{/number}",
      "issue_events_url": "https://api.github.com/repos/octocat/example-repo/issues/events{/number}",
      "issues_url": "https://api.github.com/repos/octocat/example-repo/issues{/number}",
      "keys_url": "https://api.github.com/repos/octocat/example-repo/keys{/key_id}",
      "labels_url": "https://api.github.com/repos/octocat/example-repo/labels{/name}",
      "languages_url": "https://api.github.com/repos/octocat/example-repo/languages",
      "merges_url": "https://api.github.com/repos/octocat/example-repo/merges",
      "milestones_url": "https://api.github.com/repos/octocat/example-repo/milestones{/number}",
      "notifications_url": "https://api.github.com/repos/octocat/example-repo/notifications{?since,all,participating}",
      "pulls_url": "https://api.github.com/repos/octocat/example-repo/pulls{/number}",
      "releases_url": "https://api.github.com/repos/octocat/example-repo/releases{/id}",
      "stargazers_url": "https://api.github.com/repos/octocat/example-repo/stargazers",
      "statuses_url": "https://api.github.com/repos/octocat/example-repo/statuses/{sha}",
      "subscribers_url": "https://api.github.com/repos/octocat/example-repo/subscribers",
      "subscription_url": "https://api.github.com/repos/octocat/example-repo/subscription",
      "tags_url": "https://api.github.com/repos/octocat/example-repo/tags",
      "teams_url": "https://api.github.com/repos/octocat/example-repo/teams",
      "trees_url": "https://api.github.com/repos/octocat/example-repo/git/trees{/sha}",
      "hooks_url": "https://api.github.com/repos/octocat/example-repo/hooks"
    }
  ]
}

Updates repositories to the list of repositories that organization admins have allowed Dependabot to access when updating dependencies.

Note

This operation supports both server-to-server and user-to-server access. Unauthorized users will not see the existence of this endpoint.

Fine-grained access tokens for "Updates repositories to the list of repositories that organization admins have allowed Dependabot to access when updating dependencies."

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Updates repositories to the list of repositories that organization admins have allowed Dependabot to access when updating dependencies."

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

HTTP response status codes for "Updates repositories to the list of repositories that organization admins have allowed Dependabot to access when updating dependencies."

Status code	Description
`204`	No Content
`403`	Forbidden
`404`	Resource not found

Code samples for "Updates repositories to the list of repositories that organization admins have allowed Dependabot to access when updating dependencies."

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

patch/organizations/{org}/dependabot/repository-access

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/organizations/ORG/dependabot/repository-access

Response

Status: 204

Set the default repository access level for Dependabot

Note

This operation supports both server-to-server and user-to-server access. Sets the default level of repository access Dependabot will have while performing an update. Available values are:

'public' - Dependabot will only have access to public repositories, unless access is explicitly granted to non-public repositories.
'internal' - Dependabot will only have access to public and internal repositories, unless access is explicitly granted to private repositories.

Unauthorized users will not see the existence of this endpoint.

Fine-grained access tokens for "Set the default repository access level for Dependabot"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Administration" organization permissions (write)

Parameters for "Set the default repository access level for Dependabot"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Body parameters
Name, Type, Description
`default_level` string Required The default repository access level for Dependabot updates. Can be one of: `public`, `internal`

HTTP response status codes for "Set the default repository access level for Dependabot"

Status code	Description
`204`	No Content
`403`	Forbidden
`404`	Resource not found

Code samples for "Set the default repository access level for Dependabot"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

put/organizations/{org}/dependabot/repository-access/default-level

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/organizations/ORG/dependabot/repository-access/default-level \
  -d '{"default_level":"public"}'

Response

Status: 204