アーティファクトメタデータの REST API エンドポイント

組織の Dependabot アラートまたは code scanning アラートを表示する場合は、アーティファクトメタデータを使用してアラートのフィルター処理と優先順位付けを行うことができます。「運用コンテキストを使用した Dependabot とコードスキャンアラートの優先順位付け」を参照してください。

Create an artifact deployment record

Create or update deployment records for an artifact associated with an organization. This endpoint allows you to record information about a specific artifact, such as its name, digest, environments, cluster, and deployment.

"Create an artifact deployment record" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには、次のアクセス許可セットの少なくとも 1 つが必要です:

"Contents" repository permissions (write)
"Artifact metadata" repository permissions (write)

"Create an artifact deployment record" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`org` string 必須 The organization name. The name is not case sensitive.

本文のパラメーター
名前, タイプ, 説明
`name` string 必須 The name of the artifact.
`digest` string 必須 The hex encoded digest of the artifact.
`version` string The artifact version.
`status` string 必須 The status of the artifact. Can be either deployed or decommissioned. 次のいずれかにできます: `deployed`, `decommissioned`
`logical_environment` string 必須 The stage of the deployment.
`physical_environment` string The physical region of the deployment.
`cluster` string The deployment cluster.
`deployment_name` string 必須 The name of the deployment.
`tags` object The tags associated with the deployment.
`runtime_risks` array of strings A list of runtime risks associated with the deployment. Supported values are: `critical-resource`, `internet-exposed`, `lateral-movement`, `sensitive-data`
`github_repository` string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter.

"Create an artifact deployment record" の HTTP 応答状態コード

状態コード	説明
`200`	Artifact deployment record stored successfully.

"Create an artifact deployment record" のコードサンプル

要求の例

post/orgs/{org}/artifacts/metadata/deployment-record

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record \
  -d '{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","status":"deployed","logical_environment":"prod","physical_environment":"pacific-east","cluster":"moda-1","deployment_name":"deployment-pod","tags":{"data-access":"sensitive"}}'

Artifact deployment record stored successfully.

Status: 200

{
  "total_count": 1,
  "deployment_records": [
    {
      "id": 123,
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "logical_environment": "prod",
      "physical_environment": "pacific-east",
      "cluster": "moda-1",
      "deployment_name": "prod-deployment",
      "tags": {
        "data": "sensitive"
      },
      "created": "2011-01-26T19:14:43Z",
      "updated_at": "2011-01-26T19:14:43Z",
      "attestation_id": 456
    }
  ]
}

Set cluster deployment records

Set deployment records for a given cluster.

"Set cluster deployment records" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには、次のアクセス許可セットの少なくとも 1 つが必要です:

"Contents" repository permissions (write)
"Artifact metadata" repository permissions (write)

"Set cluster deployment records" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`org` string 必須 The organization name. The name is not case sensitive.
`cluster` string 必須 The cluster name.

名前, タイプ, 説明

logical_environment string 必須

The stage of the deployment.

physical_environment string

The physical region of the deployment.

deployments array of objects 必須

The list of deployments to record.

Properties of deployments

名前, タイプ, 説明
`name` string 必須 The name of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name parameter must also be identical across all entries.
`digest` string 必須 The hex encoded digest of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name and version parameters must also be identical across all entries.
`version` string The artifact version. Note that if multiple deployments have identical 'digest' parameter values, the version parameter must also be identical across all entries.
`status` string The deployment status of the artifact. 次のいずれかにできます: `deployed`, `decommissioned`
`deployment_name` string 必須 The unique identifier for the deployment represented by the new record. To accommodate differing containers and namespaces within a record set, the following format is recommended: {namespaceName}-{deploymentName}-{containerName}
`github_repository` string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter.
`tags` object Key-value pairs to tag the deployment record.
`runtime_risks` array of strings A list of runtime risks associated with the deployment. Supported values are: `critical-resource`, `internet-exposed`, `lateral-movement`, `sensitive-data`

"Set cluster deployment records" の HTTP 応答状態コード

状態コード	説明
`200`	Artifact deployment record stored successfully.

"Set cluster deployment records" のコードサンプル

要求の例

post/orgs/{org}/artifacts/metadata/deployment-record/cluster/{cluster}

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record/cluster/CLUSTER \
  -d '{"logical_environment":"prod","physical_environment":"pacific-east","deployments":[{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","version":"2.1.0","status":"deployed","deployment_name":"deployment-pod","tags":{"runtime-risk":"sensitive-data"}}]}'

Artifact deployment record stored successfully.

Status: 200

{
  "total_count": 1,
  "deployment_records": [
    {
      "id": 123,
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "logical_environment": "prod",
      "physical_environment": "pacific-east",
      "cluster": "moda-1",
      "deployment_name": "prod-deployment",
      "tags": {
        "data": "sensitive"
      },
      "created": "2011-01-26T19:14:43Z",
      "updated_at": "2011-01-26T19:14:43Z",
      "attestation_id": 456
    }
  ]
}

Create artifact metadata storage record

Create metadata storage records for artifacts associated with an organization. This endpoint will create a new artifact storage record on behalf of any artifact matching the provided digest and associated with a repository owned by the organization.

"Create artifact metadata storage record" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには、次のアクセス許可セットの少なくとも 1 つが必要です:

"Contents" repository permissions (write)
"Artifact metadata" repository permissions (write)

"Create artifact metadata storage record" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`org` string 必須 The organization name. The name is not case sensitive.

本文のパラメーター
名前, タイプ, 説明
`name` string 必須 The name of the artifact.
`digest` string 必須 The digest of the artifact (algorithm:hex-encoded-digest).
`version` string The artifact version.
`artifact_url` string The URL where the artifact is stored.
`path` string The path of the artifact.
`registry_url` string 必須 The base URL of the artifact registry.
`repository` string The repository name within the registry.
`status` string The status of the artifact (e.g., active, inactive). Default: `active` 次のいずれかにできます: `active`, `eol`, `deleted`
`github_repository` string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter.

"Create artifact metadata storage record" の HTTP 応答状態コード

状態コード	説明
`200`	Artifact metadata storage record stored successfully.

"Create artifact metadata storage record" のコードサンプル

要求の例

post/orgs/{org}/artifacts/metadata/storage-record

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/metadata/storage-record \
  -d '{"name":"libfoo","version":"1.2.3","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","artifact_url":"https://reg.example.com/artifactory/bar/libfoo-1.2.3","registry_url":"https://reg.example.com/artifactory/","repository":"bar","status":"active"}'

Artifact metadata storage record stored successfully.

Status: 200

{
  "total_count": 1,
  "storage_records": [
    {
      "name": "libfoo",
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
      "registry_url": "https://reg.example.com/artifactory/",
      "repository": "bar",
      "status": "active",
      "created_at": "2023-10-01T12:00:00Z",
      "updated_at": "2023-10-01T12:00:00Z"
    }
  ]
}

List artifact deployment records

List deployment records for an artifact metadata associated with an organization.

"List artifact deployment records" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには、次のアクセス許可セットの少なくとも 1 つが必要です:

"Contents" repository permissions (read)
"Artifact metadata" repository permissions (read)

"List artifact deployment records" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`org` string 必須 The organization name. The name is not case sensitive.
`subject_digest` string 必須 The SHA256 digest of the artifact, in the form `sha256:HEX_DIGEST`.

"List artifact deployment records" の HTTP 応答状態コード

状態コード	説明
`200`	Successful response

"List artifact deployment records" のコードサンプル

要求の例

get/orgs/{org}/artifacts/{subject_digest}/metadata/deployment-records

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/deployment-records

Successful response

Status: 200

{
  "total_count": 1,
  "deployment_records": [
    {
      "id": 123,
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "logical_environment": "prod",
      "physical_environment": "pacific-east",
      "cluster": "moda-1",
      "deployment_name": "prod-deployment",
      "tags": {
        "data": "sensitive"
      },
      "created": "2011-01-26T19:14:43Z",
      "updated_at": "2011-01-26T19:14:43Z",
      "attestation_id": 456
    }
  ]
}

List artifact storage records

List a collection of artifact storage records with a given subject digest that are associated with repositories owned by an organization.

The collection of storage records returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the content:read permission is required.

"List artifact storage records" のきめ細かいアクセストークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンには、次のアクセス許可セットの少なくとも 1 つが必要です:

"Contents" repository permissions (read)
"Artifact metadata" repository permissions (read)

"List artifact storage records" のパラメーター

ヘッダー
名前, タイプ, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, タイプ, 説明
`org` string 必須 The organization name. The name is not case sensitive.
`subject_digest` string 必須 The parameter should be set to the attestation's subject's SHA256 digest, in the form `sha256:HEX_DIGEST`.

"List artifact storage records" の HTTP 応答状態コード

状態コード	説明
`200`	OK

"List artifact storage records" のコードサンプル

要求の例

get/orgs/{org}/artifacts/{subject_digest}/metadata/storage-records

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/storage-records

Response

Status: 200

{
  "storage_records": [
    {
      "name": "libfoo-1.2.3",
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
      "registry_url": "https://reg.example.com/artifactory/",
      "repository": "bar",
      "status": "active",
      "created_at": "2023-10-01T12:00:00Z",
      "updated_at": "2023-10-01T12:00:00Z"
    }
  ]
}

アーティファクト メタデータの REST API エンドポイント

要求の例

Artifact deployment record stored successfully.

要求の例

Artifact deployment record stored successfully.

要求の例

Artifact metadata storage record stored successfully.

要求の例

Successful response

要求の例

Response

アーティファクトメタデータの REST API エンドポイント