REST API endpoints for code scanning alert dismissal requests

List dismissal requests for code scanning alerts for an organization

Lists dismissal requests for code scanning alerts for all repositories in an organization.

The user must be authorized to review dismissal requests for the organization. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « List dismissal requests for code scanning alerts for an organization »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Organization dismissal requests for code scanning" organization permissions (read)

Paramètres pour « List dismissal requests for code scanning alerts for an organization »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`org` string Obligatoire The organization name. The name is not case sensitive.

Paramètres de requête
Nom, Type, Description
`reviewer` string Filter alert dismissal requests by the handle of the GitHub user who reviewed the dismissal request.
`requester` string Filter alert dismissal requests by the handle of the GitHub user who requested the dismissal.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for insights that occurred in the past 7 days (168 hours). Default: `month` Peut être: `hour`, `day`, `week`, `month`
`request_status` string Filter alert dismissal requests by status. When specified, only requests with this status will be returned. Default: `all` Peut être: `open`, `approved`, `expired`, `denied`, `all`
`repository_name` string The name of the repository to filter on.
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

Codes d’état de la réponse HTTP pour « List dismissal requests for code scanning alerts for an organization »

Code d’état	Description
`200`	A list of alert dismissal requests.
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

Exemples de code pour « List dismissal requests for code scanning alerts for an organization »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/orgs/{org}/dismissal-requests/code-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/dismissal-requests/code-scanning

A list of alert dismissal requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "code_scanning_alert_dismissal",
    "data": [
      {
        "reason": "won't fix",
        "alert_number": 1
      }
    ],
    "resource_identifier": "123/10",
    "status": "denied",
    "requester_comment": "Won't fix",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/1",
    "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "code_scanning_alert_dismissal",
    "data": [
      {
        "reason": "won't fix",
        "alert_number": 2
      }
    ],
    "resource_identifier": "123/12",
    "status": "denied",
    "requester_comment": "Token is already revoked, I'll remove it later",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/2",
    "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/2"
  }
]

List dismissal requests for code scanning alerts for a repository

Lists dismissal requests for code scanning alerts for a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « List dismissal requests for code scanning alerts for a repository »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Organization dismissal requests for code scanning" organization permissions (read) and "Code scanning alerts" repository permissions (read)

Paramètres pour « List dismissal requests for code scanning alerts for a repository »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`owner` string Obligatoire The account owner of the repository. The name is not case sensitive.
`repo` string Obligatoire The name of the repository without the `.git` extension. The name is not case sensitive.

Paramètres de requête
Nom, Type, Description
`reviewer` string Filter alert dismissal requests by the handle of the GitHub user who reviewed the dismissal request.
`requester` string Filter alert dismissal requests by the handle of the GitHub user who requested the dismissal.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for insights that occurred in the past 7 days (168 hours). Default: `month` Peut être: `hour`, `day`, `week`, `month`
`request_status` string Filter alert dismissal requests by status. When specified, only requests with this status will be returned. Default: `all` Peut être: `open`, `approved`, `expired`, `denied`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

Codes d’état de la réponse HTTP pour « List dismissal requests for code scanning alerts for a repository »

Code d’état	Description
`200`	A list of alert dismissal requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

Exemples de code pour « List dismissal requests for code scanning alerts for a repository »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/repos/{owner}/{repo}/dismissal-requests/code-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/code-scanning

A list of alert dismissal requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "code_scanning_alert_dismissal",
    "data": [
      {
        "reason": "won't fix",
        "alert_number": 1
      }
    ],
    "resource_identifier": "123/10",
    "status": "denied",
    "requester_comment": "Won't fix",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/1",
    "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "code_scanning_alert_dismissal",
    "data": [
      {
        "reason": "won't fix",
        "alert_number": 2
      }
    ],
    "resource_identifier": "123/12",
    "status": "denied",
    "requester_comment": "Token is already revoked, I'll remove it later",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/2",
    "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/2"
  }
]

Get a dismissal request for a code scanning alert for a repository

Gets a dismissal request to dismiss a code scanning alert in a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « Get a dismissal request for a code scanning alert for a repository »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Organization dismissal requests for code scanning" organization permissions (read) and "Code scanning alerts" repository permissions (read)

Paramètres pour « Get a dismissal request for a code scanning alert for a repository »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`owner` string Obligatoire The account owner of the repository. The name is not case sensitive.
`repo` string Obligatoire The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Obligatoire The number that identifies the code scanning alert.

Codes d’état de la réponse HTTP pour « Get a dismissal request for a code scanning alert for a repository »

Code d’état	Description
`200`	A single dismissal request.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

Exemples de code pour « Get a dismissal request for a code scanning alert for a repository »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/repos/{owner}/{repo}/dismissal-requests/code-scanning/{alert_number}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/code-scanning/ALERT_NUMBER

A single dismissal request.

Status: 200

{
  "id": 21,
  "number": 42,
  "repository": {
    "id": 1,
    "name": "smile",
    "full_name": "octo-org/smile"
  },
  "organization": {
    "id": 1,
    "name": "octo-org"
  },
  "requester": {
    "actor_id": 12,
    "actor_name": "monalisa"
  },
  "request_type": "code_scanning_alert_dismissal",
  "data": [
    {
      "reason": "won't fix",
      "alert_number": 2
    }
  ],
  "resource_identifier": "1/1",
  "status": "denied",
  "requester_comment": "Won't fix",
  "expires_at": "2024-07-08T08:43:03Z",
  "created_at": "2024-07-01T08:43:03Z",
  "responses": [
    {
      "id": 42,
      "reviewer": {
        "actor_id": 4,
        "actor_name": "octocat"
      },
      "status": "denied",
      "created_at": "2024-07-02T08:43:04Z"
    }
  ],
  "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/code-scanning/1",
  "html_url": "https://github.com/octo-org/smile/code-scanning/alerts/1"
}

Review a dismissal request for a code scanning alert for a repository

Approve or deny a dismissal request to dismiss a code scanning alert in a repository.

Delegated alert dismissal must be enabled on the repository and the user must be a dismissal reviewer to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « Review a dismissal request for a code scanning alert for a repository »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

"Organization dismissal requests for code scanning" organization permissions (write) and "Code scanning alerts" repository permissions (read)

Paramètres pour « Review a dismissal request for a code scanning alert for a repository »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`owner` string Obligatoire The account owner of the repository. The name is not case sensitive.
`repo` string Obligatoire The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Obligatoire The number that identifies the code scanning alert.

Paramètres du corps
Nom, Type, Description
`status` string Obligatoire The review action to perform on the bypass request. Peut être: `approve`, `deny`
`message` string Obligatoire A message to include with the review. Has a maximum character length of 2048.

Codes d’état de la réponse HTTP pour « Review a dismissal request for a code scanning alert for a repository »

Code d’état	Description
`204`	Successful update
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

Exemples de code pour « Review a dismissal request for a code scanning alert for a repository »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

patch/repos/{owner}/{repo}/dismissal-requests/code-scanning/{alert_number}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/code-scanning/ALERT_NUMBER \
  -d '{"status":"approve","message":"Used in tests."}'

Successful update

Status: 204