Puntos de conexión de api REST para metadatos de artefacto
Usa estos puntos de conexión para recuperar y administrar los metadatos de los artefactos de la organización. Los metadatos de artefactos proporcionan información sobre los artefactos de compilación, su proveniencia y detalles relacionados.
When you view Dependabot or code scanning alerts for an organization, you can use artifact metadata to filter and prioritize alerts, see Prioritizing Dependabot and code scanning alerts using production context.
Create an artifact deployment record
Create or update deployment records for an artifact associated with an organization. This endpoint allows you to record information about a specific artifact, such as its name, digest, environments, cluster, and deployment.
Tokens de acceso específicos para "Create an artifact deployment record"
Este punto de conexión funciona con los siguientes tipos de token pormenorizados:
- Tokens de acceso de usuario de la aplicación de GitHub
- Token de acceso a la instalación de la aplicación de GitHub
- Tokens de acceso personal específico
El token pormenorizado debe tener al menos uno de los siguientes conjuntos de permisos:
- "Contents" repository permissions (write)
- "Artifact metadata" repository permissions (write)
Parámetros para "Create an artifact deployment record"
| Nombre, Tipo, Descripción |
|---|
accept string Setting to |
| Nombre, Tipo, Descripción |
|---|
org string ObligatorioThe organization name. The name is not case sensitive. |
| Nombre, Tipo, Descripción |
|---|
name string ObligatorioThe name of the artifact. |
digest string ObligatorioThe hex encoded digest of the artifact. |
version string The artifact version. |
status string ObligatorioThe status of the artifact. Can be either deployed or decommissioned. Puede ser uno de los siguientes: |
logical_environment string ObligatorioThe stage of the deployment. |
physical_environment string The physical region of the deployment. |
cluster string The deployment cluster. |
deployment_name string ObligatorioThe name of the deployment. |
tags object The tags associated with the deployment. |
runtime_risks array of strings A list of runtime risks associated with the deployment.
Supported values are: |
github_repository string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter. |
Códigos de estado de respuesta HTTP para "Create an artifact deployment record"
| status code | Descripción |
|---|---|
200 | Artifact deployment record stored successfully. |
Ejemplos de código para "Create an artifact deployment record"
Ejemplo de solicitud
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record \
-d '{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","status":"deployed","logical_environment":"prod","physical_environment":"pacific-east","cluster":"moda-1","deployment_name":"deployment-pod","tags":{"data-access":"sensitive"}}'Artifact deployment record stored successfully.
Status: 200{
"total_count": 1,
"deployment_records": [
{
"id": 123,
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"logical_environment": "prod",
"physical_environment": "pacific-east",
"cluster": "moda-1",
"deployment_name": "prod-deployment",
"tags": {
"data": "sensitive"
},
"created": "2011-01-26T19:14:43Z",
"updated_at": "2011-01-26T19:14:43Z",
"attestation_id": 456
}
]
}Set cluster deployment records
Set deployment records for a given cluster.
Tokens de acceso específicos para "Set cluster deployment records"
Este punto de conexión funciona con los siguientes tipos de token pormenorizados:
- Tokens de acceso de usuario de la aplicación de GitHub
- Token de acceso a la instalación de la aplicación de GitHub
- Tokens de acceso personal específico
El token pormenorizado debe tener al menos uno de los siguientes conjuntos de permisos:
- "Contents" repository permissions (write)
- "Artifact metadata" repository permissions (write)
Parámetros para "Set cluster deployment records"
| Nombre, Tipo, Descripción |
|---|
accept string Setting to |
| Nombre, Tipo, Descripción |
|---|
org string ObligatorioThe organization name. The name is not case sensitive. |
cluster string ObligatorioThe cluster name. |
| Nombre, Tipo, Descripción | |||||||||
|---|---|---|---|---|---|---|---|---|---|
logical_environment string ObligatorioThe stage of the deployment. | |||||||||
physical_environment string The physical region of the deployment. | |||||||||
deployments array of objects ObligatorioThe list of deployments to record. | |||||||||
Properties of |
| Nombre, Tipo, Descripción |
|---|
name string ObligatorioThe name of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name parameter must also be identical across all entries. |
digest string ObligatorioThe hex encoded digest of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name and version parameters must also be identical across all entries. |
version string The artifact version. Note that if multiple deployments have identical 'digest' parameter values, the version parameter must also be identical across all entries. |
status string The deployment status of the artifact. Puede ser uno de los siguientes: |
deployment_name string ObligatorioThe unique identifier for the deployment represented by the new record. To accommodate differing containers and namespaces within a record set, the following format is recommended: {namespaceName}-{deploymentName}-{containerName} |
github_repository string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter. |
tags object Key-value pairs to tag the deployment record. |
runtime_risks array of strings A list of runtime risks associated with the deployment.
Supported values are: |
Códigos de estado de respuesta HTTP para "Set cluster deployment records"
| status code | Descripción |
|---|---|
200 | Artifact deployment record stored successfully. |
Ejemplos de código para "Set cluster deployment records"
Ejemplo de solicitud
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record/cluster/CLUSTER \
-d '{"logical_environment":"prod","physical_environment":"pacific-east","deployments":[{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","version":"2.1.0","status":"deployed","deployment_name":"deployment-pod","tags":{"runtime-risk":"sensitive-data"}}]}'Artifact deployment record stored successfully.
Status: 200{
"total_count": 1,
"deployment_records": [
{
"id": 123,
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"logical_environment": "prod",
"physical_environment": "pacific-east",
"cluster": "moda-1",
"deployment_name": "prod-deployment",
"tags": {
"data": "sensitive"
},
"created": "2011-01-26T19:14:43Z",
"updated_at": "2011-01-26T19:14:43Z",
"attestation_id": 456
}
]
}Create artifact metadata storage record
Create metadata storage records for artifacts associated with an organization. This endpoint will create a new artifact storage record on behalf of any artifact matching the provided digest and associated with a repository owned by the organization.
Tokens de acceso específicos para "Create artifact metadata storage record"
Este punto de conexión funciona con los siguientes tipos de token pormenorizados:
- Tokens de acceso de usuario de la aplicación de GitHub
- Token de acceso a la instalación de la aplicación de GitHub
- Tokens de acceso personal específico
El token pormenorizado debe tener al menos uno de los siguientes conjuntos de permisos:
- "Contents" repository permissions (write)
- "Artifact metadata" repository permissions (write)
Parámetros para "Create artifact metadata storage record"
| Nombre, Tipo, Descripción |
|---|
accept string Setting to |
| Nombre, Tipo, Descripción |
|---|
org string ObligatorioThe organization name. The name is not case sensitive. |
| Nombre, Tipo, Descripción |
|---|
name string ObligatorioThe name of the artifact. |
digest string ObligatorioThe digest of the artifact (algorithm:hex-encoded-digest). |
version string The artifact version. |
artifact_url string The URL where the artifact is stored. |
path string The path of the artifact. |
registry_url string ObligatorioThe base URL of the artifact registry. |
repository string The repository name within the registry. |
status string The status of the artifact (e.g., active, inactive). Valor predeterminado: Puede ser uno de los siguientes: |
github_repository string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter. |
Códigos de estado de respuesta HTTP para "Create artifact metadata storage record"
| status code | Descripción |
|---|---|
200 | Artifact metadata storage record stored successfully. |
Ejemplos de código para "Create artifact metadata storage record"
Ejemplo de solicitud
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/metadata/storage-record \
-d '{"name":"libfoo","version":"1.2.3","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","artifact_url":"https://reg.example.com/artifactory/bar/libfoo-1.2.3","registry_url":"https://reg.example.com/artifactory/","repository":"bar","status":"active"}'Artifact metadata storage record stored successfully.
Status: 200{
"total_count": 1,
"storage_records": [
{
"name": "libfoo",
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
"registry_url": "https://reg.example.com/artifactory/",
"repository": "bar",
"status": "active",
"created_at": "2023-10-01T12:00:00Z",
"updated_at": "2023-10-01T12:00:00Z"
}
]
}List artifact deployment records
List deployment records for an artifact metadata associated with an organization.
Tokens de acceso específicos para "List artifact deployment records"
Este punto de conexión funciona con los siguientes tipos de token pormenorizados:
- Tokens de acceso de usuario de la aplicación de GitHub
- Token de acceso a la instalación de la aplicación de GitHub
- Tokens de acceso personal específico
El token pormenorizado debe tener al menos uno de los siguientes conjuntos de permisos:
- "Contents" repository permissions (read)
- "Artifact metadata" repository permissions (read)
Parámetros para "List artifact deployment records"
| Nombre, Tipo, Descripción |
|---|
accept string Setting to |
| Nombre, Tipo, Descripción |
|---|
org string ObligatorioThe organization name. The name is not case sensitive. |
subject_digest string ObligatorioThe SHA256 digest of the artifact, in the form |
Códigos de estado de respuesta HTTP para "List artifact deployment records"
| status code | Descripción |
|---|---|
200 | Successful response |
Ejemplos de código para "List artifact deployment records"
Ejemplo de solicitud
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/deployment-recordsSuccessful response
Status: 200{
"total_count": 1,
"deployment_records": [
{
"id": 123,
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"logical_environment": "prod",
"physical_environment": "pacific-east",
"cluster": "moda-1",
"deployment_name": "prod-deployment",
"tags": {
"data": "sensitive"
},
"created": "2011-01-26T19:14:43Z",
"updated_at": "2011-01-26T19:14:43Z",
"attestation_id": 456
}
]
}List artifact storage records
List a collection of artifact storage records with a given subject digest that are associated with repositories owned by an organization.
The collection of storage records returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the content:read permission is required.
Tokens de acceso específicos para "List artifact storage records"
Este punto de conexión funciona con los siguientes tipos de token pormenorizados:
- Tokens de acceso de usuario de la aplicación de GitHub
- Token de acceso a la instalación de la aplicación de GitHub
- Tokens de acceso personal específico
El token pormenorizado debe tener al menos uno de los siguientes conjuntos de permisos:
- "Contents" repository permissions (read)
- "Artifact metadata" repository permissions (read)
Parámetros para "List artifact storage records"
| Nombre, Tipo, Descripción |
|---|
accept string Setting to |
| Nombre, Tipo, Descripción |
|---|
org string ObligatorioThe organization name. The name is not case sensitive. |
subject_digest string ObligatorioThe parameter should be set to the attestation's subject's SHA256 digest, in the form |
Códigos de estado de respuesta HTTP para "List artifact storage records"
| status code | Descripción |
|---|---|
200 | OK |
Ejemplos de código para "List artifact storage records"
Ejemplo de solicitud
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/storage-recordsResponse
Status: 200{
"storage_records": [
{
"name": "libfoo-1.2.3",
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
"registry_url": "https://reg.example.com/artifactory/",
"repository": "bar",
"status": "active",
"created_at": "2023-10-01T12:00:00Z",
"updated_at": "2023-10-01T12:00:00Z"
}
]
}