L’API REST est maintenant versionnée. Pour plus d’informations, consultez « À propos des versions de l’API ».

Points de terminaison de l’API REST pour les demandes de fermeture des alertes Dependabot

Utilisez l’API REST pour gérer les demandes de fermeture des alertes Dependabot d’un référentiel.

List dismissal requests for Dependabot alerts for an organization

Lists dismissal requests for Dependabot alerts in an organization.

Delegated alert dismissal must be enabled on repositories in the org and the user must be an org admin, security manager, or have the appropriate permission to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « List dismissal requests for Dependabot alerts for an organization »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

  • "Organization dismissal requests for Dependabot" organization permissions (read)

Paramètres pour « List dismissal requests for Dependabot alerts for an organization »

En-têtes
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
org string Requis

The organization name. The name is not case sensitive.

Paramètres de requête
repository_name string

The name of the repository to filter on.

reviewer string

Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.

requester string

Filter bypass requests by the handle of the GitHub user who requested the bypass.

time_period string

The time period to filter by.

For example, day will filter for rule suites that occurred in the past 24 hours, and week will filter for rule suites that occurred in the past 7 days (168 hours).

Default: day

Peut être: hour, day, week, month

request_status string

The status of the dismissal request to filter on. When specified, only requests with this status will be returned.

Default: all

Peut être: completed, cancelled, approved, expired, denied, open, all

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Default: 1

Codes d’état de la réponse HTTP pour « List dismissal requests for Dependabot alerts for an organization »

Code d’étatDescription
200

A list of alert dismissal requests.

403

Forbidden

404

Resource not found

500

Internal Error

Exemples de code pour « List dismissal requests for Dependabot alerts for an organization »

Exemple de requête

get/orgs/{org}/dismissal-requests/dependabot
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/orgs/ORG/dismissal-requests/dependabot

A list of alert dismissal requests.

Status: 200
[ { "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "dependabot_alert_dismissal", "data": [ { "reason": "no_bandwidth", "alert_number": "1", "alert_title": "lodash - GHSA-1234-abcd-5678" } ], "resource_identifier": "1", "status": "denied", "requester_comment": "No bandwidth to fix this right now", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/dismissal-requests/dependabot/1", "html_url": "https://github.com/octo-org/smile/security/dependabot/1" }, { "id": 12, "number": 24, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "dependabot_alert_dismissal", "data": [ { "reason": "tolerable_risk", "alert_number": "2", "alert_title": "axios - GHSA-5678-efgh-9012" } ], "resource_identifier": "2", "status": "approved", "requester_comment": "Risk is acceptable for this internal tool", "expires_at": "2024-07-08T07:43:03Z", "created_at": "2024-07-01T07:43:03Z", "responses": [ { "id": 43, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "approved", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/dismissal-requests/dependabot/2", "html_url": "https://github.com/octo-org/smile/security/dependabot/2" } ]

List dismissal requests for Dependabot alerts for a repository

Lists dismissal requests for Dependabot alerts for a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « List dismissal requests for Dependabot alerts for a repository »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

  • "Dependabot alerts" repository permissions (read)

Paramètres pour « List dismissal requests for Dependabot alerts for a repository »

En-têtes
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
owner string Requis

The account owner of the repository. The name is not case sensitive.

repo string Requis

The name of the repository without the .git extension. The name is not case sensitive.

Paramètres de requête
reviewer string

Filter alert dismissal requests by the handle of the GitHub user who reviewed the dismissal request.

requester string

Filter alert dismissal requests by the handle of the GitHub user who requested the dismissal.

time_period string

The time period to filter by.

For example, day will filter for rule suites that occurred in the past 24 hours, and week will filter for insights that occurred in the past 7 days (168 hours).

Default: month

Peut être: hour, day, week, month

request_status string

Filter alert dismissal requests by status. When specified, only requests with this status will be returned.

Default: all

Peut être: open, approved, expired, denied, all

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Default: 1

Codes d’état de la réponse HTTP pour « List dismissal requests for Dependabot alerts for a repository »

Code d’étatDescription
200

A list of alert dismissal requests.

403

Forbidden

404

Resource not found

500

Internal Error

Exemples de code pour « List dismissal requests for Dependabot alerts for a repository »

Exemple de requête

get/repos/{owner}/{repo}/dismissal-requests/dependabot
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dismissal-requests/dependabot

A list of alert dismissal requests.

Status: 200
[ { "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "dependabot_alert_dismissal", "data": [ { "reason": "no_bandwidth", "alert_number": "1", "alert_title": "lodash - GHSA-1234-abcd-5678" } ], "resource_identifier": "1", "status": "denied", "requester_comment": "No bandwidth to fix this right now", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [ { "id": 42, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "denied", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/dismissal-requests/dependabot/1", "html_url": "https://github.com/octo-org/smile/security/dependabot/1" }, { "id": 12, "number": 24, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "dependabot_alert_dismissal", "data": [ { "reason": "tolerable_risk", "alert_number": "2", "alert_title": "axios - GHSA-5678-efgh-9012" } ], "resource_identifier": "2", "status": "approved", "requester_comment": "Risk is acceptable for this internal tool", "expires_at": "2024-07-08T07:43:03Z", "created_at": "2024-07-01T07:43:03Z", "responses": [ { "id": 43, "reviewer": { "actor_id": 4, "actor_name": "octocat" }, "status": "approved", "created_at": "2024-07-02T08:43:04Z" } ], "url": "https://HOSTNAME/repos/octo-org/smile/dismissal-requests/dependabot/2", "html_url": "https://github.com/octo-org/smile/security/dependabot/2" } ]

Get a dismissal request for a Dependabot alert for a repository

Gets a dismissal request to dismiss a Dependabot alert in a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « Get a dismissal request for a Dependabot alert for a repository »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

  • "Dependabot alerts" repository permissions (read)

Paramètres pour « Get a dismissal request for a Dependabot alert for a repository »

En-têtes
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
owner string Requis

The account owner of the repository. The name is not case sensitive.

repo string Requis

The name of the repository without the .git extension. The name is not case sensitive.

alert_number integer Requis

The number that identifies the Dependabot alert.

Codes d’état de la réponse HTTP pour « Get a dismissal request for a Dependabot alert for a repository »

Code d’étatDescription
200

A single dismissal request.

403

Forbidden

404

Resource not found

500

Internal Error

Exemples de code pour « Get a dismissal request for a Dependabot alert for a repository »

Exemple de requête

get/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER

A single dismissal request.

Status: 200
{ "id": 21, "number": 42, "repository": { "id": 1, "name": "smile", "full_name": "octo-org/smile" }, "organization": { "id": 1, "name": "octo-org" }, "requester": { "actor_id": 12, "actor_name": "monalisa" }, "request_type": "dependabot_alert_dismissal", "data": [ { "reason": "no_bandwidth", "alert_number": "1", "alert_title": "lodash - GHSA-1234-abcd-5678" } ], "resource_identifier": "1", "status": "pending", "requester_comment": "No bandwidth to fix this right now", "expires_at": "2024-07-08T08:43:03Z", "created_at": "2024-07-01T08:43:03Z", "responses": [], "url": "https://HOSTNAME/repos/octo-org/smile/dismissal-requests/dependabot/1", "html_url": "https://github.com/octo-org/smile/security/dependabot/1" }

Review a dismissal request for a Dependabot alert for a repository

Approve or deny a dismissal request to dismiss a Dependabot alert in a repository.

Delegated alert dismissal must be enabled on the repository and the user must be a dismissal reviewer to access this endpoint. OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

Jetons d’accès affinés pour « Review a dismissal request for a Dependabot alert for a repository »

Ce point de terminaison fonctionne avec les types de jetons précis suivants:

Le jeton précis doit avoir l’ensemble d’autorisations suivant:

  • "Organization dismissal requests for Dependabot" organization permissions (write) and "Dependabot alerts" repository permissions (read)

Paramètres pour « Review a dismissal request for a Dependabot alert for a repository »

En-têtes
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
owner string Requis

The account owner of the repository. The name is not case sensitive.

repo string Requis

The name of the repository without the .git extension. The name is not case sensitive.

alert_number integer Requis

The number that identifies the Dependabot alert.

Paramètres du corps
status string Requis

The review action to perform on the dismissal request.

Peut être: approve, deny

message string Requis

A message to include with the review. Has a maximum character length of 2048.

Codes d’état de la réponse HTTP pour « Review a dismissal request for a Dependabot alert for a repository »

Code d’étatDescription
200

The review of the dismissal request.

403

Forbidden

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

500

Internal Error

Exemples de code pour « Review a dismissal request for a Dependabot alert for a repository »

Exemple de requête

patch/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER \ -d '{"status":"approve","message":"Used in tests."}'

The review of the dismissal request.

Status: 200
{ "dismissal_review_id": 1 }