Dependabot alerts 用の REST API エンドポイント
REST API を使用して、リポジトリの Dependabot アラートを操作します。
メモ
現在、REST API を使用して Dependabot アラートを管理する機能は パブリック プレビュー 段階であり、変更される可能性があります。
Dependabot alerts
について
REST API を使用して、リポジトリの Dependabot のアラートを表示し、個々のアラートを更新できます。 詳しくは、「Dependabot アラートについて」をご覧ください。
List Dependabot alerts for an enterprise
Lists Dependabot alerts for repositories that are owned by the specified enterprise.
The authenticated user must be a member of the enterprise to use this endpoint.
Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization."
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint.
"List Dependabot alerts for an enterprise" のきめ細かいアクセス トークン
このエンドポイントは、GitHub アプリのユーザー アクセス トークン、GitHub アプリのインストール アクセス トークン、またはきめ細かい個人用アクセス トークンでは機能しません。
"List Dependabot alerts for an enterprise" のパラメーター
| 名前, Type, 説明 | 
|---|
| acceptstringSetting to  | 
| 名前, Type, 説明 | 
|---|
| enterprisestring 必須The slug version of the enterprise name. | 
| 名前, Type, 説明 | 
|---|
| statestringA comma-separated list of states. If specified, only alerts with these states will be returned. Can be:  | 
| severitystringA comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be:  | 
| ecosystemstringA comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be:  | 
| packagestringA comma-separated list of package names. If specified, only alerts for these packages will be returned. | 
| epss_percentagestringCVE Exploit Prediction Scoring System (EPSS) percentage. Can be specified as: 
 Filters the list of alerts based on EPSS percentages. If specified, only alerts with the provided EPSS percentages will be returned. | 
| hasFilters the list of alerts based on whether the alert has the given value. If specified, only alerts meeting this criterion will be returned.
Multiple  | 
| scopestringThe scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. 次のいずれかにできます:  | 
| sortstringThe property by which to sort the results.
 Default:  次のいずれかにできます:  | 
| directionstringThe direction to sort the results by. Default:  次のいずれかにできます:  | 
| beforestringA cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." | 
| afterstringA cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." | 
| firstintegerDeprecated. The number of results per page (max 100), starting from the first matching result.
This parameter must not be used in combination with  Default:  | 
| lastintegerDeprecated. The number of results per page (max 100), starting from the last matching result.
This parameter must not be used in combination with  | 
| per_pageintegerThe number of results per page (max 100). For more information, see "Using pagination in the REST API." Default:  | 
"List Dependabot alerts for an enterprise" の HTTP 応答状態コード
| 状態コード | 説明 | 
|---|---|
| 200 | OK | 
| 304 | Not modified | 
| 403 | Forbidden | 
| 404 | Resource not found | 
| 422 | Validation failed, or the endpoint has been spammed. | 
"List Dependabot alerts for an enterprise" のコード サンプル
要求の例
curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/dependabot/alertsResponse
Status: 200[
  {
    "number": 2,
    "state": "dismissed",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-rf4j-j272-fj86",
      "cve_id": "CVE-2018-6188",
      "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
      "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
          "first_patched_version": {
            "identifier": "2.0.2"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
          "first_patched_version": {
            "identifier": "1.11.10"
          }
        }
      ],
      "severity": "high",
      "cvss": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "score": 7.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
          "score": 8.7
        }
      },
      "epss": [
        {
          "percentage": 0.00045,
          "percentile": "0.16001e0"
        }
      ],
      "cwes": [
        {
          "cwe_id": "CWE-200",
          "name": "Exposure of Sensitive Information to an Unauthorized Actor"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-rf4j-j272-fj86"
        },
        {
          "type": "CVE",
          "value": "CVE-2018-6188"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
        },
        {
          "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
        },
        {
          "url": "https://usn.ubuntu.com/3559-1/"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
        },
        {
          "url": "http://www.securitytracker.com/id/1040422"
        }
      ],
      "published_at": "2018-10-03T21:13:54Z",
      "updated_at": "2022-04-26T18:35:37Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "severity": "high",
      "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
      "first_patched_version": {
        "identifier": "2.0.2"
      }
    },
    "url": "https://HOSTNAME/repos/octo-org/octo-repo/dependabot/alerts/2",
    "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
    "created_at": "2022-06-15T07:43:03Z",
    "updated_at": "2022-08-23T14:29:47Z",
    "dismissed_at": "2022-08-23T14:29:47Z",
    "dismissed_by": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://HOSTNAME/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://HOSTNAME/users/octocat/followers",
      "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
      "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
      "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
      "organizations_url": "https://HOSTNAME/users/octocat/orgs",
      "repos_url": "https://HOSTNAME/users/octocat/repos",
      "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
      "received_events_url": "https://HOSTNAME/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "dismissed_reason": "tolerable_risk",
    "dismissed_comment": "This alert is accurate but we use a sanitizer.",
    "fixed_at": null,
    "repository": {
      "id": 217723378,
      "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
      "name": "octo-repo",
      "full_name": "octo-org/octo-repo",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://HOSTNAME/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://HOSTNAME/users/octo-org/followers",
        "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octo-org/orgs",
        "repos_url": "https://HOSTNAME/users/octo-org/repos",
        "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/octo-repo",
      "description": null,
      "fork": false,
      "url": "https://HOSTNAME/repos/octo-org/octo-repo",
      "archive_url": "https://HOSTNAME/repos/octo-org/octo-repo/{archive_format}{/ref}",
      "assignees_url": "https://HOSTNAME/repos/octo-org/octo-repo/assignees{/user}",
      "blobs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/blobs{/sha}",
      "branches_url": "https://HOSTNAME/repos/octo-org/octo-repo/branches{/branch}",
      "collaborators_url": "https://HOSTNAME/repos/octo-org/octo-repo/collaborators{/collaborator}",
      "comments_url": "https://HOSTNAME/repos/octo-org/octo-repo/comments{/number}",
      "commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/commits{/sha}",
      "compare_url": "https://HOSTNAME/repos/octo-org/octo-repo/compare/{base}...{head}",
      "contents_url": "https://HOSTNAME/repos/octo-org/octo-repo/contents/{+path}",
      "contributors_url": "https://HOSTNAME/repos/octo-org/octo-repo/contributors",
      "deployments_url": "https://HOSTNAME/repos/octo-org/octo-repo/deployments",
      "downloads_url": "https://HOSTNAME/repos/octo-org/octo-repo/downloads",
      "events_url": "https://HOSTNAME/repos/octo-org/octo-repo/events",
      "forks_url": "https://HOSTNAME/repos/octo-org/octo-repo/forks",
      "git_commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/commits{/sha}",
      "git_refs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/refs{/sha}",
      "git_tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/tags{/sha}",
      "hooks_url": "https://HOSTNAME/repos/octo-org/octo-repo/hooks",
      "issue_comment_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/comments{/number}",
      "issue_events_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/events{/number}",
      "issues_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues{/number}",
      "keys_url": "https://HOSTNAME/repos/octo-org/octo-repo/keys{/key_id}",
      "labels_url": "https://HOSTNAME/repos/octo-org/octo-repo/labels{/name}",
      "languages_url": "https://HOSTNAME/repos/octo-org/octo-repo/languages",
      "merges_url": "https://HOSTNAME/repos/octo-org/octo-repo/merges",
      "milestones_url": "https://HOSTNAME/repos/octo-org/octo-repo/milestones{/number}",
      "notifications_url": "https://HOSTNAME/repos/octo-org/octo-repo/notifications{?since,all,participating}",
      "pulls_url": "https://HOSTNAME/repos/octo-org/octo-repo/pulls{/number}",
      "releases_url": "https://HOSTNAME/repos/octo-org/octo-repo/releases{/id}",
      "stargazers_url": "https://HOSTNAME/repos/octo-org/octo-repo/stargazers",
      "statuses_url": "https://HOSTNAME/repos/octo-org/octo-repo/statuses/{sha}",
      "subscribers_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscribers",
      "subscription_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscription",
      "tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/tags",
      "teams_url": "https://HOSTNAME/repos/octo-org/octo-repo/teams",
      "trees_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/trees{/sha}"
    }
  },
  {
    "number": 1,
    "state": "open",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-8f4m-hccc-8qph",
      "cve_id": "CVE-2021-20191",
      "summary": "Insertion of Sensitive Information into Log File in ansible",
      "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
          "first_patched_version": {
            "identifier": "2.9.18"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": "< 2.8.19",
          "first_patched_version": {
            "identifier": "2.8.19"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
          "first_patched_version": {
            "identifier": "2.10.7"
          }
        }
      ],
      "severity": "medium",
      "cvss": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "score": 5.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "score": 8.5
        }
      },
      "cwes": [
        {
          "cwe_id": "CWE-532",
          "name": "Insertion of Sensitive Information into Log File"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-8f4m-hccc-8qph"
        },
        {
          "type": "CVE",
          "value": "CVE-2021-20191"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2021-20191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
        }
      ],
      "published_at": "2021-06-01T17:38:00Z",
      "updated_at": "2021-08-12T23:06:00Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "severity": "medium",
      "vulnerable_version_range": "< 2.8.19",
      "first_patched_version": {
        "identifier": "2.8.19"
      }
    },
    "url": "https://HOSTNAME/repos/octo-org/hello-world/dependabot/alerts/1",
    "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
    "created_at": "2022-06-14T15:21:52Z",
    "updated_at": "2022-06-14T15:21:52Z",
    "dismissed_at": null,
    "dismissed_by": null,
    "dismissed_reason": null,
    "dismissed_comment": null,
    "fixed_at": null,
    "repository": {
      "id": 664700648,
      "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
      "name": "hello-world",
      "full_name": "octo-org/hello-world",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://HOSTNAME/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://HOSTNAME/users/octo-org/followers",
        "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octo-org/orgs",
        "repos_url": "https://HOSTNAME/users/octo-org/repos",
        "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/hello-world",
      "description": null,
      "fork": false,
      "url": "https://HOSTNAME/repos/octo-org/hello-world",
      "archive_url": "https://HOSTNAME/repos/octo-org/hello-world/{archive_format}{/ref}",
      "assignees_url": "https://HOSTNAME/repos/octo-org/hello-world/assignees{/user}",
      "blobs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/blobs{/sha}",
      "branches_url": "https://HOSTNAME/repos/octo-org/hello-world/branches{/branch}",
      "collaborators_url": "https://HOSTNAME/repos/octo-org/hello-world/collaborators{/collaborator}",
      "comments_url": "https://HOSTNAME/repos/octo-org/hello-world/comments{/number}",
      "commits_url": "https://HOSTNAME/repos/octo-org/hello-world/commits{/sha}",
      "compare_url": "https://HOSTNAME/repos/octo-org/hello-world/compare/{base}...{head}",
      "contents_url": "https://HOSTNAME/repos/octo-org/hello-world/contents/{+path}",
      "contributors_url": "https://HOSTNAME/repos/octo-org/hello-world/contributors",
      "deployments_url": "https://HOSTNAME/repos/octo-org/hello-world/deployments",
      "downloads_url": "https://HOSTNAME/repos/octo-org/hello-world/downloads",
      "events_url": "https://HOSTNAME/repos/octo-org/hello-world/events",
      "forks_url": "https://HOSTNAME/repos/octo-org/hello-world/forks",
      "git_commits_url": "https://HOSTNAME/repos/octo-org/hello-world/git/commits{/sha}",
      "git_refs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/refs{/sha}",
      "git_tags_url": "https://HOSTNAME/repos/octo-org/hello-world/git/tags{/sha}",
      "hooks_url": "https://HOSTNAME/repos/octo-org/hello-world/hooks",
      "issue_comment_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/comments{/number}",
      "issue_events_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/events{/number}",
      "issues_url": "https://HOSTNAME/repos/octo-org/hello-world/issues{/number}",
      "keys_url": "https://HOSTNAME/repos/octo-org/hello-world/keys{/key_id}",
      "labels_url": "https://HOSTNAME/repos/octo-org/hello-world/labels{/name}",
      "languages_url": "https://HOSTNAME/repos/octo-org/hello-world/languages",
      "merges_url": "https://HOSTNAME/repos/octo-org/hello-world/merges",
      "milestones_url": "https://HOSTNAME/repos/octo-org/hello-world/milestones{/number}",
      "notifications_url": "https://HOSTNAME/repos/octo-org/hello-world/notifications{?since,all,participating}",
      "pulls_url": "https://HOSTNAME/repos/octo-org/hello-world/pulls{/number}",
      "releases_url": "https://HOSTNAME/repos/octo-org/hello-world/releases{/id}",
      "stargazers_url": "https://HOSTNAME/repos/octo-org/hello-world/stargazers",
      "statuses_url": "https://HOSTNAME/repos/octo-org/hello-world/statuses/{sha}",
      "subscribers_url": "https://HOSTNAME/repos/octo-org/hello-world/subscribers",
      "subscription_url": "https://HOSTNAME/repos/octo-org/hello-world/subscription",
      "tags_url": "https://HOSTNAME/repos/octo-org/hello-world/tags",
      "teams_url": "https://HOSTNAME/repos/octo-org/hello-world/teams",
      "trees_url": "https://HOSTNAME/repos/octo-org/hello-world/git/trees{/sha}"
    }
  }
]List Dependabot alerts for an organization
Lists Dependabot alerts for an organization.
The authenticated user must be an owner or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
"List Dependabot alerts for an organization" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Dependabot alerts" repository permissions (read)
"List Dependabot alerts for an organization" のパラメーター
| 名前, Type, 説明 | 
|---|
| acceptstringSetting to  | 
| 名前, Type, 説明 | 
|---|
| orgstring 必須The organization name. The name is not case sensitive. | 
| 名前, Type, 説明 | 
|---|
| statestringA comma-separated list of states. If specified, only alerts with these states will be returned. Can be:  | 
| severitystringA comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be:  | 
| ecosystemstringA comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be:  | 
| packagestringA comma-separated list of package names. If specified, only alerts for these packages will be returned. | 
| epss_percentagestringCVE Exploit Prediction Scoring System (EPSS) percentage. Can be specified as: 
 Filters the list of alerts based on EPSS percentages. If specified, only alerts with the provided EPSS percentages will be returned. | 
| artifact_registry_urlstringA comma-separated list of artifact registry URLs. If specified, only alerts for repositories with storage records matching these URLs will be returned. | 
| artifact_registrystringA comma-separated list of Artifact Registry name strings. If specified, only alerts for repositories with storage records matching these registries will be returned. Can be:  | 
| hasFilters the list of alerts based on whether the alert has the given value. If specified, only alerts meeting this criterion will be returned.
Multiple  | 
| runtime_riskstringA comma-separated list of runtime risk strings. If specified, only alerts for repositories with deployment records matching these risks will be returned. Can be:  | 
| scopestringThe scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. 次のいずれかにできます:  | 
| sortstringThe property by which to sort the results.
 Default:  次のいずれかにできます:  | 
| directionstringThe direction to sort the results by. Default:  次のいずれかにできます:  | 
| beforestringA cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." | 
| afterstringA cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." | 
| firstintegerDeprecated. The number of results per page (max 100), starting from the first matching result.
This parameter must not be used in combination with  Default:  | 
| lastintegerDeprecated. The number of results per page (max 100), starting from the last matching result.
This parameter must not be used in combination with  | 
| per_pageintegerThe number of results per page (max 100). For more information, see "Using pagination in the REST API." Default:  | 
"List Dependabot alerts for an organization" の HTTP 応答状態コード
| 状態コード | 説明 | 
|---|---|
| 200 | OK | 
| 304 | Not modified | 
| 400 | Bad Request | 
| 403 | Forbidden | 
| 404 | Resource not found | 
| 422 | Validation failed, or the endpoint has been spammed. | 
"List Dependabot alerts for an organization" のコード サンプル
要求の例
curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/orgs/ORG/dependabot/alertsResponse
Status: 200[
  {
    "number": 2,
    "state": "dismissed",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-rf4j-j272-fj86",
      "cve_id": "CVE-2018-6188",
      "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
      "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
          "first_patched_version": {
            "identifier": "2.0.2"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
          "first_patched_version": {
            "identifier": "1.11.10"
          }
        }
      ],
      "severity": "high",
      "cvss": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "score": 7.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
          "score": 8.7
        }
      },
      "epss": [
        {
          "percentage": 0.00045,
          "percentile": "0.16001e0"
        }
      ],
      "cwes": [
        {
          "cwe_id": "CWE-200",
          "name": "Exposure of Sensitive Information to an Unauthorized Actor"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-rf4j-j272-fj86"
        },
        {
          "type": "CVE",
          "value": "CVE-2018-6188"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
        },
        {
          "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
        },
        {
          "url": "https://usn.ubuntu.com/3559-1/"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
        },
        {
          "url": "http://www.securitytracker.com/id/1040422"
        }
      ],
      "published_at": "2018-10-03T21:13:54Z",
      "updated_at": "2022-04-26T18:35:37Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "severity": "high",
      "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
      "first_patched_version": {
        "identifier": "2.0.2"
      }
    },
    "url": "https://HOSTNAME/repos/octo-org/octo-repo/dependabot/alerts/2",
    "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
    "created_at": "2022-06-15T07:43:03Z",
    "updated_at": "2022-08-23T14:29:47Z",
    "dismissed_at": "2022-08-23T14:29:47Z",
    "dismissed_by": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://HOSTNAME/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://HOSTNAME/users/octocat/followers",
      "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
      "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
      "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
      "organizations_url": "https://HOSTNAME/users/octocat/orgs",
      "repos_url": "https://HOSTNAME/users/octocat/repos",
      "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
      "received_events_url": "https://HOSTNAME/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "dismissed_reason": "tolerable_risk",
    "dismissed_comment": "This alert is accurate but we use a sanitizer.",
    "fixed_at": null,
    "repository": {
      "id": 217723378,
      "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
      "name": "octo-repo",
      "full_name": "octo-org/octo-repo",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://HOSTNAME/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://HOSTNAME/users/octo-org/followers",
        "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octo-org/orgs",
        "repos_url": "https://HOSTNAME/users/octo-org/repos",
        "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/octo-repo",
      "description": null,
      "fork": false,
      "url": "https://HOSTNAME/repos/octo-org/octo-repo",
      "archive_url": "https://HOSTNAME/repos/octo-org/octo-repo/{archive_format}{/ref}",
      "assignees_url": "https://HOSTNAME/repos/octo-org/octo-repo/assignees{/user}",
      "blobs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/blobs{/sha}",
      "branches_url": "https://HOSTNAME/repos/octo-org/octo-repo/branches{/branch}",
      "collaborators_url": "https://HOSTNAME/repos/octo-org/octo-repo/collaborators{/collaborator}",
      "comments_url": "https://HOSTNAME/repos/octo-org/octo-repo/comments{/number}",
      "commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/commits{/sha}",
      "compare_url": "https://HOSTNAME/repos/octo-org/octo-repo/compare/{base}...{head}",
      "contents_url": "https://HOSTNAME/repos/octo-org/octo-repo/contents/{+path}",
      "contributors_url": "https://HOSTNAME/repos/octo-org/octo-repo/contributors",
      "deployments_url": "https://HOSTNAME/repos/octo-org/octo-repo/deployments",
      "downloads_url": "https://HOSTNAME/repos/octo-org/octo-repo/downloads",
      "events_url": "https://HOSTNAME/repos/octo-org/octo-repo/events",
      "forks_url": "https://HOSTNAME/repos/octo-org/octo-repo/forks",
      "git_commits_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/commits{/sha}",
      "git_refs_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/refs{/sha}",
      "git_tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/tags{/sha}",
      "hooks_url": "https://HOSTNAME/repos/octo-org/octo-repo/hooks",
      "issue_comment_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/comments{/number}",
      "issue_events_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues/events{/number}",
      "issues_url": "https://HOSTNAME/repos/octo-org/octo-repo/issues{/number}",
      "keys_url": "https://HOSTNAME/repos/octo-org/octo-repo/keys{/key_id}",
      "labels_url": "https://HOSTNAME/repos/octo-org/octo-repo/labels{/name}",
      "languages_url": "https://HOSTNAME/repos/octo-org/octo-repo/languages",
      "merges_url": "https://HOSTNAME/repos/octo-org/octo-repo/merges",
      "milestones_url": "https://HOSTNAME/repos/octo-org/octo-repo/milestones{/number}",
      "notifications_url": "https://HOSTNAME/repos/octo-org/octo-repo/notifications{?since,all,participating}",
      "pulls_url": "https://HOSTNAME/repos/octo-org/octo-repo/pulls{/number}",
      "releases_url": "https://HOSTNAME/repos/octo-org/octo-repo/releases{/id}",
      "stargazers_url": "https://HOSTNAME/repos/octo-org/octo-repo/stargazers",
      "statuses_url": "https://HOSTNAME/repos/octo-org/octo-repo/statuses/{sha}",
      "subscribers_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscribers",
      "subscription_url": "https://HOSTNAME/repos/octo-org/octo-repo/subscription",
      "tags_url": "https://HOSTNAME/repos/octo-org/octo-repo/tags",
      "teams_url": "https://HOSTNAME/repos/octo-org/octo-repo/teams",
      "trees_url": "https://HOSTNAME/repos/octo-org/octo-repo/git/trees{/sha}"
    }
  },
  {
    "number": 1,
    "state": "open",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-8f4m-hccc-8qph",
      "cve_id": "CVE-2021-20191",
      "summary": "Insertion of Sensitive Information into Log File in ansible",
      "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
          "first_patched_version": {
            "identifier": "2.9.18"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": "< 2.8.19",
          "first_patched_version": {
            "identifier": "2.8.19"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
          "first_patched_version": {
            "identifier": "2.10.7"
          }
        }
      ],
      "severity": "medium",
      "cvss": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "score": 5.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "score": 8.5
        }
      },
      "cwes": [
        {
          "cwe_id": "CWE-532",
          "name": "Insertion of Sensitive Information into Log File"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-8f4m-hccc-8qph"
        },
        {
          "type": "CVE",
          "value": "CVE-2021-20191"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2021-20191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
        }
      ],
      "published_at": "2021-06-01T17:38:00Z",
      "updated_at": "2021-08-12T23:06:00Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "severity": "medium",
      "vulnerable_version_range": "< 2.8.19",
      "first_patched_version": {
        "identifier": "2.8.19"
      }
    },
    "url": "https://HOSTNAME/repos/octo-org/hello-world/dependabot/alerts/1",
    "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
    "created_at": "2022-06-14T15:21:52Z",
    "updated_at": "2022-06-14T15:21:52Z",
    "dismissed_at": null,
    "dismissed_by": null,
    "dismissed_reason": null,
    "dismissed_comment": null,
    "fixed_at": null,
    "repository": {
      "id": 664700648,
      "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
      "name": "hello-world",
      "full_name": "octo-org/hello-world",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://HOSTNAME/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://HOSTNAME/users/octo-org/followers",
        "following_url": "https://HOSTNAME/users/octo-org/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octo-org/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octo-org/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octo-org/orgs",
        "repos_url": "https://HOSTNAME/users/octo-org/repos",
        "events_url": "https://HOSTNAME/users/octo-org/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/hello-world",
      "description": null,
      "fork": false,
      "url": "https://HOSTNAME/repos/octo-org/hello-world",
      "archive_url": "https://HOSTNAME/repos/octo-org/hello-world/{archive_format}{/ref}",
      "assignees_url": "https://HOSTNAME/repos/octo-org/hello-world/assignees{/user}",
      "blobs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/blobs{/sha}",
      "branches_url": "https://HOSTNAME/repos/octo-org/hello-world/branches{/branch}",
      "collaborators_url": "https://HOSTNAME/repos/octo-org/hello-world/collaborators{/collaborator}",
      "comments_url": "https://HOSTNAME/repos/octo-org/hello-world/comments{/number}",
      "commits_url": "https://HOSTNAME/repos/octo-org/hello-world/commits{/sha}",
      "compare_url": "https://HOSTNAME/repos/octo-org/hello-world/compare/{base}...{head}",
      "contents_url": "https://HOSTNAME/repos/octo-org/hello-world/contents/{+path}",
      "contributors_url": "https://HOSTNAME/repos/octo-org/hello-world/contributors",
      "deployments_url": "https://HOSTNAME/repos/octo-org/hello-world/deployments",
      "downloads_url": "https://HOSTNAME/repos/octo-org/hello-world/downloads",
      "events_url": "https://HOSTNAME/repos/octo-org/hello-world/events",
      "forks_url": "https://HOSTNAME/repos/octo-org/hello-world/forks",
      "git_commits_url": "https://HOSTNAME/repos/octo-org/hello-world/git/commits{/sha}",
      "git_refs_url": "https://HOSTNAME/repos/octo-org/hello-world/git/refs{/sha}",
      "git_tags_url": "https://HOSTNAME/repos/octo-org/hello-world/git/tags{/sha}",
      "hooks_url": "https://HOSTNAME/repos/octo-org/hello-world/hooks",
      "issue_comment_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/comments{/number}",
      "issue_events_url": "https://HOSTNAME/repos/octo-org/hello-world/issues/events{/number}",
      "issues_url": "https://HOSTNAME/repos/octo-org/hello-world/issues{/number}",
      "keys_url": "https://HOSTNAME/repos/octo-org/hello-world/keys{/key_id}",
      "labels_url": "https://HOSTNAME/repos/octo-org/hello-world/labels{/name}",
      "languages_url": "https://HOSTNAME/repos/octo-org/hello-world/languages",
      "merges_url": "https://HOSTNAME/repos/octo-org/hello-world/merges",
      "milestones_url": "https://HOSTNAME/repos/octo-org/hello-world/milestones{/number}",
      "notifications_url": "https://HOSTNAME/repos/octo-org/hello-world/notifications{?since,all,participating}",
      "pulls_url": "https://HOSTNAME/repos/octo-org/hello-world/pulls{/number}",
      "releases_url": "https://HOSTNAME/repos/octo-org/hello-world/releases{/id}",
      "stargazers_url": "https://HOSTNAME/repos/octo-org/hello-world/stargazers",
      "statuses_url": "https://HOSTNAME/repos/octo-org/hello-world/statuses/{sha}",
      "subscribers_url": "https://HOSTNAME/repos/octo-org/hello-world/subscribers",
      "subscription_url": "https://HOSTNAME/repos/octo-org/hello-world/subscription",
      "tags_url": "https://HOSTNAME/repos/octo-org/hello-world/tags",
      "teams_url": "https://HOSTNAME/repos/octo-org/hello-world/teams",
      "trees_url": "https://HOSTNAME/repos/octo-org/hello-world/git/trees{/sha}"
    }
  }
]List Dependabot alerts for a repository
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
"List Dependabot alerts for a repository" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Dependabot alerts" repository permissions (read)
"List Dependabot alerts for a repository" のパラメーター
| 名前, Type, 説明 | 
|---|
| acceptstringSetting to  | 
| 名前, Type, 説明 | 
|---|
| ownerstring 必須The account owner of the repository. The name is not case sensitive. | 
| repostring 必須The name of the repository without the  | 
| 名前, Type, 説明 | 
|---|
| statestringA comma-separated list of states. If specified, only alerts with these states will be returned. Can be:  | 
| severitystringA comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be:  | 
| ecosystemstringA comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be:  | 
| packagestringA comma-separated list of package names. If specified, only alerts for these packages will be returned. | 
| manifeststringA comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned. | 
| epss_percentagestringCVE Exploit Prediction Scoring System (EPSS) percentage. Can be specified as: 
 Filters the list of alerts based on EPSS percentages. If specified, only alerts with the provided EPSS percentages will be returned. | 
| hasFilters the list of alerts based on whether the alert has the given value. If specified, only alerts meeting this criterion will be returned.
Multiple  | 
| scopestringThe scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. 次のいずれかにできます:  | 
| sortstringThe property by which to sort the results.
 Default:  次のいずれかにできます:  | 
| directionstringThe direction to sort the results by. Default:  次のいずれかにできます:  | 
| pageintegerClosing down notice. Page number of the results to fetch. Use cursor-based pagination with  Default:  | 
| per_pageintegerThe number of results per page (max 100). For more information, see "Using pagination in the REST API." Default:  | 
| beforestringA cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." | 
| afterstringA cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." | 
| firstintegerDeprecated. The number of results per page (max 100), starting from the first matching result.
This parameter must not be used in combination with  Default:  | 
| lastintegerDeprecated. The number of results per page (max 100), starting from the last matching result.
This parameter must not be used in combination with  | 
"List Dependabot alerts for a repository" の HTTP 応答状態コード
| 状態コード | 説明 | 
|---|---|
| 200 | OK | 
| 304 | Not modified | 
| 400 | Bad Request | 
| 403 | Forbidden | 
| 404 | Resource not found | 
| 422 | Validation failed, or the endpoint has been spammed. | 
"List Dependabot alerts for a repository" のコード サンプル
要求の例
curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependabot/alertsResponse
Status: 200[
  {
    "number": 2,
    "state": "dismissed",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-rf4j-j272-fj86",
      "cve_id": "CVE-2018-6188",
      "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
      "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
          "first_patched_version": {
            "identifier": "2.0.2"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
          "first_patched_version": {
            "identifier": "1.11.10"
          }
        }
      ],
      "severity": "high",
      "cvss": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "score": 7.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
          "score": 8.7
        }
      },
      "epss": [
        {
          "percentage": 0.00045,
          "percentile": "0.16001e0"
        }
      ],
      "cwes": [
        {
          "cwe_id": "CWE-200",
          "name": "Exposure of Sensitive Information to an Unauthorized Actor"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-rf4j-j272-fj86"
        },
        {
          "type": "CVE",
          "value": "CVE-2018-6188"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
        },
        {
          "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
        },
        {
          "url": "https://usn.ubuntu.com/3559-1/"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
        },
        {
          "url": "http://www.securitytracker.com/id/1040422"
        }
      ],
      "published_at": "2018-10-03T21:13:54Z",
      "updated_at": "2022-04-26T18:35:37Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "severity": "high",
      "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
      "first_patched_version": {
        "identifier": "2.0.2"
      }
    },
    "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/2",
    "html_url": "https://github.com/octocat/hello-world/security/dependabot/2",
    "created_at": "2022-06-15T07:43:03Z",
    "updated_at": "2022-08-23T14:29:47Z",
    "dismissed_at": "2022-08-23T14:29:47Z",
    "dismissed_by": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://HOSTNAME/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://HOSTNAME/users/octocat/followers",
      "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
      "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
      "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
      "organizations_url": "https://HOSTNAME/users/octocat/orgs",
      "repos_url": "https://HOSTNAME/users/octocat/repos",
      "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
      "received_events_url": "https://HOSTNAME/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "dismissed_reason": "tolerable_risk",
    "dismissed_comment": "This alert is accurate but we use a sanitizer.",
    "fixed_at": null
  },
  {
    "number": 1,
    "state": "open",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-8f4m-hccc-8qph",
      "cve_id": "CVE-2021-20191",
      "summary": "Insertion of Sensitive Information into Log File in ansible",
      "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
          "first_patched_version": {
            "identifier": "2.9.18"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": "< 2.8.19",
          "first_patched_version": {
            "identifier": "2.8.19"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
          "first_patched_version": {
            "identifier": "2.10.7"
          }
        }
      ],
      "severity": "medium",
      "cvss": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cvss_severities": {
        "cvss_v3": {
          "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "score": 5.5
        },
        "cvss_v4": {
          "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "score": 8.5
        }
      },
      "cwes": [
        {
          "cwe_id": "CWE-532",
          "name": "Insertion of Sensitive Information into Log File"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-8f4m-hccc-8qph"
        },
        {
          "type": "CVE",
          "value": "CVE-2021-20191"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2021-20191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
        }
      ],
      "published_at": "2021-06-01T17:38:00Z",
      "updated_at": "2021-08-12T23:06:00Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "severity": "medium",
      "vulnerable_version_range": "< 2.8.19",
      "first_patched_version": {
        "identifier": "2.8.19"
      }
    },
    "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/1",
    "html_url": "https://github.com/octocat/hello-world/security/dependabot/1",
    "created_at": "2022-06-14T15:21:52Z",
    "updated_at": "2022-06-14T15:21:52Z",
    "dismissed_at": null,
    "dismissed_by": null,
    "dismissed_reason": null,
    "dismissed_comment": null,
    "fixed_at": null
  }
]Get a Dependabot alert
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
"Get a Dependabot alert" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Dependabot alerts" repository permissions (read)
"Get a Dependabot alert" のパラメーター
| 名前, Type, 説明 | 
|---|
| acceptstringSetting to  | 
| 名前, Type, 説明 | 
|---|
| ownerstring 必須The account owner of the repository. The name is not case sensitive. | 
| repostring 必須The name of the repository without the  | 
| alert_numberinteger 必須The number that identifies a Dependabot alert in its repository.
You can find this at the end of the URL for a Dependabot alert within GitHub,
or in  | 
"Get a Dependabot alert" の HTTP 応答状態コード
| 状態コード | 説明 | 
|---|---|
| 200 | OK | 
| 304 | Not modified | 
| 403 | Forbidden | 
| 404 | Resource not found | 
"Get a Dependabot alert" のコード サンプル
要求の例
curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBERResponse
Status: 200{
  "number": 1,
  "state": "open",
  "dependency": {
    "package": {
      "ecosystem": "pip",
      "name": "ansible"
    },
    "manifest_path": "path/to/requirements.txt",
    "scope": "runtime"
  },
  "security_advisory": {
    "ghsa_id": "GHSA-8f4m-hccc-8qph",
    "cve_id": "CVE-2021-20191",
    "summary": "Insertion of Sensitive Information into Log File in ansible",
    "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "pip",
          "name": "ansible"
        },
        "severity": "medium",
        "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
        "first_patched_version": {
          "identifier": "2.9.18"
        }
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "ansible"
        },
        "severity": "medium",
        "vulnerable_version_range": "< 2.8.19",
        "first_patched_version": {
          "identifier": "2.8.19"
        }
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "ansible"
        },
        "severity": "medium",
        "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
        "first_patched_version": {
          "identifier": "2.10.7"
        }
      }
    ],
    "severity": "medium",
    "cvss": {
      "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "score": 5.5
    },
    "cvss_severities": {
      "cvss_v3": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cvss_v4": {
        "vector_string": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "score": 8.5
      }
    },
    "epss": [
      {
        "percentage": 0.00045,
        "percentile": "0.16001e0"
      }
    ],
    "cwes": [
      {
        "cwe_id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      }
    ],
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-8f4m-hccc-8qph"
      },
      {
        "type": "CVE",
        "value": "CVE-2021-20191"
      }
    ],
    "references": [
      {
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
      },
      {
        "url": "https://access.redhat.com/security/cve/cve-2021-20191"
      },
      {
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
      }
    ],
    "published_at": "2021-06-01T17:38:00Z",
    "updated_at": "2021-08-12T23:06:00Z",
    "withdrawn_at": null
  },
  "security_vulnerability": {
    "package": {
      "ecosystem": "pip",
      "name": "ansible"
    },
    "severity": "medium",
    "vulnerable_version_range": "< 2.8.19",
    "first_patched_version": {
      "identifier": "2.8.19"
    }
  },
  "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/1",
  "html_url": "https://github.com/octocat/hello-world/security/dependabot/1",
  "created_at": "2022-06-14T15:21:52Z",
  "updated_at": "2022-06-14T15:21:52Z",
  "dismissed_at": null,
  "dismissed_by": null,
  "dismissed_reason": null,
  "dismissed_comment": null,
  "fixed_at": null
}Update a Dependabot alert
The authenticated user must have access to security alerts for the repository to use this endpoint. For more information, see "Granting access to security alerts."
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
"Update a Dependabot alert" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Dependabot alerts" repository permissions (write)
"Update a Dependabot alert" のパラメーター
| 名前, Type, 説明 | 
|---|
| acceptstringSetting to  | 
| 名前, Type, 説明 | 
|---|
| ownerstring 必須The account owner of the repository. The name is not case sensitive. | 
| repostring 必須The name of the repository without the  | 
| alert_numberinteger 必須The number that identifies a Dependabot alert in its repository.
You can find this at the end of the URL for a Dependabot alert within GitHub,
or in  | 
| 名前, Type, 説明 | 
|---|
| statestring 必須The state of the Dependabot alert.
A  次のいずれかにできます:  | 
| dismissed_reasonstringRequired when  次のいずれかにできます:  | 
| dismissed_commentstringAn optional comment associated with dismissing the alert. | 
"Update a Dependabot alert" の HTTP 応答状態コード
| 状態コード | 説明 | 
|---|---|
| 200 | OK | 
| 400 | Bad Request | 
| 403 | Forbidden | 
| 404 | Resource not found | 
| 409 | Conflict | 
| 422 | Validation failed, or the endpoint has been spammed. | 
"Update a Dependabot alert" のコード サンプル
要求の例
curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \
  -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'Response
Status: 200{
  "number": 2,
  "state": "dismissed",
  "dependency": {
    "package": {
      "ecosystem": "pip",
      "name": "django"
    },
    "manifest_path": "path/to/requirements.txt",
    "scope": "runtime"
  },
  "security_advisory": {
    "ghsa_id": "GHSA-rf4j-j272-fj86",
    "cve_id": "CVE-2018-6188",
    "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
    "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "pip",
          "name": "django"
        },
        "severity": "high",
        "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
        "first_patched_version": {
          "identifier": "2.0.2"
        }
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "django"
        },
        "severity": "high",
        "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
        "first_patched_version": {
          "identifier": "1.11.10"
        }
      }
    ],
    "severity": "high",
    "cvss": {
      "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "score": 7.5
    },
    "cvss_severities": {
      "cvss_v3": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cvss_v4": {
        "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "score": 8.7
      }
    },
    "cwes": [
      {
        "cwe_id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      }
    ],
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-rf4j-j272-fj86"
      },
      {
        "type": "CVE",
        "value": "CVE-2018-6188"
      }
    ],
    "references": [
      {
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
      },
      {
        "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
      },
      {
        "url": "https://usn.ubuntu.com/3559-1/"
      },
      {
        "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
      },
      {
        "url": "http://www.securitytracker.com/id/1040422"
      }
    ],
    "published_at": "2018-10-03T21:13:54Z",
    "updated_at": "2022-04-26T18:35:37Z",
    "withdrawn_at": null
  },
  "security_vulnerability": {
    "package": {
      "ecosystem": "pip",
      "name": "django"
    },
    "severity": "high",
    "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
    "first_patched_version": {
      "identifier": "2.0.2"
    }
  },
  "url": "https://HOSTNAME/repos/octocat/hello-world/dependabot/alerts/2",
  "html_url": "https://github.com/octocat/hello-world/security/dependabot/2",
  "created_at": "2022-06-15T07:43:03Z",
  "updated_at": "2022-08-23T14:29:47Z",
  "dismissed_at": "2022-08-23T14:29:47Z",
  "dismissed_by": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://HOSTNAME/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://HOSTNAME/users/octocat/followers",
    "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
    "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
    "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
    "organizations_url": "https://HOSTNAME/users/octocat/orgs",
    "repos_url": "https://HOSTNAME/users/octocat/repos",
    "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
    "received_events_url": "https://HOSTNAME/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "dismissed_reason": "tolerable_risk",
  "dismissed_comment": "This alert is accurate but we use a sanitizer.",
  "fixed_at": null
}