Pontos de extremidade da API REST para revisão de dependências
Use a API REST para interagir com as alterações de dependência.
Sobre a análise de dependência
Você pode usar a API REST para exibir as alterações de dependência, bem como o impacto delas sobre a segurança, antes de adicioná-las ao seu ambiente. Você pode ver a comparação de dependências entre dois commits de um repositório, incluindo dados de vulnerabilidade para todas as atualizações de versão com vulnerabilidades conhecidas. Para obter mais informações sobre a revisão de dependência, confira Sobre a análise de dependência.
Get a diff of the dependencies between commits
Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.
Fine-grained access tokens for "Get a diff of the dependencies between commits"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Contents" repository permissions (read)
This endpoint can be used without authentication or the aforementioned permissions if only public resources are requested.
Parâmetros para "Get a diff of the dependencies between commits"
| Nome, Tipo, Descrição |
|---|
accept string Setting to |
| Nome, Tipo, Descrição |
|---|
owner string ObrigatórioThe account owner of the repository. The name is not case sensitive. |
repo string ObrigatórioThe name of the repository without the |
basehead string ObrigatórioThe base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format |
| Nome, Tipo, Descrição |
|---|
name string The full path, relative to the repository root, of the dependency manifest file. |
HTTP response status codes for "Get a diff of the dependencies between commits"
| Status code | Descrição |
|---|---|
200 | OK |
403 | Response for a private repository when GitHub Advanced Security is not enabled, or if used against a fork |
404 | Resource not found |
Code samples for "Get a diff of the dependencies between commits"
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEADResponse
Status: 200[
{
"change_type": "removed",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "4.6.0",
"package_url": "pkg:npm/helmet@4.6.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "5.0.0",
"package_url": "pkg:npm/helmet@5.0.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "Gemfile",
"ecosystem": "rubygems",
"name": "ruby-openid",
"version": "2.7.0",
"package_url": "pkg:gem/ruby-openid@2.7.0",
"license": null,
"source_repository_url": "https://github.com/openid/ruby-openid",
"vulnerabilities": [
{
"severity": "critical",
"advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
"advisory_summary": "Ruby OpenID",
"advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
}
]
}
]