Dependabot アラート無視要求の REST API エンドポイント

List dismissal requests for Dependabot alerts for an organization

Lists dismissal requests for Dependabot alerts in an organization.

Delegated alert dismissal must be enabled on repositories in the org and the user must be an org admin, security manager, or have the appropriate permission to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

"List dismissal requests for Dependabot alerts for an organization" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:

"Organization dismissal requests for Dependabot" organization permissions (read)

"List dismissal requests for Dependabot alerts for an organization" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`org` string 必須 The organization name. The name is not case sensitive.

クエリパラメーター
名前, タイプ, 説明
`repository_name` string The name of the repository to filter on.
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for rule suites that occurred in the past 7 days (168 hours). Default: `day` 次のいずれかにできます: `hour`, `day`, `week`, `month`
`request_status` string The status of the dismissal request to filter on. When specified, only requests with this status will be returned. Default: `all` 次のいずれかにできます: `completed`, `cancelled`, `approved`, `expired`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

"List dismissal requests for Dependabot alerts for an organization" の HTTP 応答状態コード

状態コード	説明
`200`	A list of alert dismissal requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

"List dismissal requests for Dependabot alerts for an organization" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

get/orgs/{org}/dismissal-requests/dependabot

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/dismissal-requests/dependabot

A list of alert dismissal requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "dependabot_alert_dismissal",
    "data": [
      {
        "reason": "no_bandwidth",
        "alert_number": "1",
        "alert_title": "lodash - GHSA-1234-abcd-5678"
      }
    ],
    "resource_identifier": "1",
    "status": "denied",
    "requester_comment": "No bandwidth to fix this right now",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
    "html_url": "https://github.com/octo-org/smile/security/dependabot/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "dependabot_alert_dismissal",
    "data": [
      {
        "reason": "tolerable_risk",
        "alert_number": "2",
        "alert_title": "axios - GHSA-5678-efgh-9012"
      }
    ],
    "resource_identifier": "2",
    "status": "approved",
    "requester_comment": "Risk is acceptable for this internal tool",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 43,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "approved",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/2",
    "html_url": "https://github.com/octo-org/smile/security/dependabot/2"
  }
]

List dismissal requests for Dependabot alerts for a repository

Lists dismissal requests for Dependabot alerts for a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

"List dismissal requests for Dependabot alerts for a repository" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:

"Dependabot alerts" repository permissions (read)

"List dismissal requests for Dependabot alerts for a repository" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.

クエリパラメーター
名前, タイプ, 説明
`reviewer` string Filter alert dismissal requests by the handle of the GitHub user who reviewed the dismissal request.
`requester` string Filter alert dismissal requests by the handle of the GitHub user who requested the dismissal.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for insights that occurred in the past 7 days (168 hours). Default: `month` 次のいずれかにできます: `hour`, `day`, `week`, `month`
`request_status` string Filter alert dismissal requests by status. When specified, only requests with this status will be returned. Default: `all` 次のいずれかにできます: `open`, `approved`, `expired`, `denied`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

"List dismissal requests for Dependabot alerts for a repository" の HTTP 応答状態コード

状態コード	説明
`200`	A list of alert dismissal requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

"List dismissal requests for Dependabot alerts for a repository" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

get/repos/{owner}/{repo}/dismissal-requests/dependabot

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot

A list of alert dismissal requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "dependabot_alert_dismissal",
    "data": [
      {
        "reason": "no_bandwidth",
        "alert_number": "1",
        "alert_title": "lodash - GHSA-1234-abcd-5678"
      }
    ],
    "resource_identifier": "1",
    "status": "denied",
    "requester_comment": "No bandwidth to fix this right now",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
    "html_url": "https://github.com/octo-org/smile/security/dependabot/1"
  },
  {
    "id": 12,
    "number": 24,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "dependabot_alert_dismissal",
    "data": [
      {
        "reason": "tolerable_risk",
        "alert_number": "2",
        "alert_title": "axios - GHSA-5678-efgh-9012"
      }
    ],
    "resource_identifier": "2",
    "status": "approved",
    "requester_comment": "Risk is acceptable for this internal tool",
    "expires_at": "2024-07-08T07:43:03Z",
    "created_at": "2024-07-01T07:43:03Z",
    "responses": [
      {
        "id": 43,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "approved",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/2",
    "html_url": "https://github.com/octo-org/smile/security/dependabot/2"
  }
]

Get a dismissal request for a Dependabot alert for a repository

Gets a dismissal request to dismiss a Dependabot alert in a repository.

Delegated alert dismissal must be enabled on the repository. Personal access tokens (classic) need the security_events scope to use this endpoint.

"Get a dismissal request for a Dependabot alert for a repository" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:

"Dependabot alerts" repository permissions (read)

"Get a dismissal request for a Dependabot alert for a repository" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer 必須 The number that identifies the Dependabot alert.

"Get a dismissal request for a Dependabot alert for a repository" の HTTP 応答状態コード

状態コード	説明
`200`	A single dismissal request.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

"Get a dismissal request for a Dependabot alert for a repository" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

get/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER

A single dismissal request.

Status: 200

{
  "id": 21,
  "number": 42,
  "repository": {
    "id": 1,
    "name": "smile",
    "full_name": "octo-org/smile"
  },
  "organization": {
    "id": 1,
    "name": "octo-org"
  },
  "requester": {
    "actor_id": 12,
    "actor_name": "monalisa"
  },
  "request_type": "dependabot_alert_dismissal",
  "data": [
    {
      "reason": "no_bandwidth",
      "alert_number": "1",
      "alert_title": "lodash - GHSA-1234-abcd-5678"
    }
  ],
  "resource_identifier": "1",
  "status": "pending",
  "requester_comment": "No bandwidth to fix this right now",
  "expires_at": "2024-07-08T08:43:03Z",
  "created_at": "2024-07-01T08:43:03Z",
  "responses": [],
  "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
  "html_url": "https://github.com/octo-org/smile/security/dependabot/1"
}

Review a dismissal request for a Dependabot alert for a repository

Approve or deny a dismissal request to dismiss a Dependabot alert in a repository.

Delegated alert dismissal must be enabled on the repository and the user must be a dismissal reviewer to access this endpoint. OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.

"Review a dismissal request for a Dependabot alert for a repository" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:

"Organization dismissal requests for Dependabot" organization permissions (write) and "Dependabot alerts" repository permissions (read)

"Review a dismissal request for a Dependabot alert for a repository" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer 必須 The number that identifies the Dependabot alert.

本文のパラメーター
名前, タイプ, 説明
`status` string 必須 The review action to perform on the dismissal request. 次のいずれかにできます: `approve`, `deny`
`message` string 必須 A message to include with the review. Has a maximum character length of 2048.

"Review a dismissal request for a Dependabot alert for a repository" の HTTP 応答状態コード

状態コード	説明
`200`	The review of the dismissal request.
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

"Review a dismissal request for a Dependabot alert for a repository" のコードサンプル

GHE.com で GitHub にアクセスする場合は、api.github.com を api.SUBDOMAIN.ghe.com にあるエンタープライズの専用サブドメインに置き換えます。

要求の例

patch/repos/{owner}/{repo}/dismissal-requests/dependabot/{alert_number}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER \
  -d '{"status":"approve","message":"Used in tests."}'

The review of the dismissal request.

Status: 200

{
  "dismissal_review_id": 1
}