REST API endpoints for Dependabot alert dismissal requests
Используйте API REST для управления запросами на отклонение Dependabot для репозитория.
List dismissal requests for Dependabot alerts for an organization
Lists dismissal requests for Dependabot alerts in an organization.
Delegated alert dismissal must be enabled on repositories in the org and the user must be an org admin, security manager,
or have the appropriate permission to access this endpoint.
Personal access tokens (classic) need the security_events scope to use this endpoint.
Подробные маркеры доступа для "List dismissal requests for Dependabot alerts for an organization
Эта конечная точка работает со следующими точными типами маркеров:
- Маркеры доступа пользователей приложения GitHub
- Маркеры доступа к установке приложений GitHub
- Точные личные маркеры доступа
Маркер с точной детализацией должен иметь следующий набор разрешений.:
- "Organization dismissal requests for Dependabot" organization permissions (read)
Параметры для "List dismissal requests for Dependabot alerts for an organization"
| Имя., Тип, Description |
|---|
accept string Setting to |
| Имя., Тип, Description |
|---|
org string Обязательное полеThe organization name. The name is not case sensitive. |
| Имя., Тип, Description |
|---|
repository_name string The name of the repository to filter on. |
reviewer string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request. |
requester string Filter bypass requests by the handle of the GitHub user who requested the bypass. |
time_period string The time period to filter by. For example, По умолчанию.: Возможные значения: |
request_status string The status of the dismissal request to filter on. When specified, only requests with this status will be returned. По умолчанию.: Возможные значения: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." По умолчанию.: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." По умолчанию.: |
Коды состояния http-ответа для "List dismissal requests for Dependabot alerts for an organization"
| Код состояния | Description |
|---|---|
200 | A list of alert dismissal requests. |
403 | Forbidden |
404 | Resource not found |
500 | Internal Error |
Примеры кода для "List dismissal requests for Dependabot alerts for an organization"
Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.
Пример запроса
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/dismissal-requests/dependabotA list of alert dismissal requests.
Status: 200[
{
"id": 21,
"number": 42,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "no_bandwidth",
"alert_number": "1",
"alert_title": "lodash - GHSA-1234-abcd-5678"
}
],
"resource_identifier": "1",
"status": "denied",
"requester_comment": "No bandwidth to fix this right now",
"expires_at": "2024-07-08T08:43:03Z",
"created_at": "2024-07-01T08:43:03Z",
"responses": [
{
"id": 42,
"reviewer": {
"actor_id": 4,
"actor_name": "octocat"
},
"status": "denied",
"created_at": "2024-07-02T08:43:04Z"
}
],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
"html_url": "https://github.com/octo-org/smile/security/dependabot/1"
},
{
"id": 12,
"number": 24,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "tolerable_risk",
"alert_number": "2",
"alert_title": "axios - GHSA-5678-efgh-9012"
}
],
"resource_identifier": "2",
"status": "approved",
"requester_comment": "Risk is acceptable for this internal tool",
"expires_at": "2024-07-08T07:43:03Z",
"created_at": "2024-07-01T07:43:03Z",
"responses": [
{
"id": 43,
"reviewer": {
"actor_id": 4,
"actor_name": "octocat"
},
"status": "approved",
"created_at": "2024-07-02T08:43:04Z"
}
],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/2",
"html_url": "https://github.com/octo-org/smile/security/dependabot/2"
}
]List dismissal requests for Dependabot alerts for a repository
Lists dismissal requests for Dependabot alerts for a repository.
Delegated alert dismissal must be enabled on the repository.
Personal access tokens (classic) need the security_events scope to use this endpoint.
Подробные маркеры доступа для "List dismissal requests for Dependabot alerts for a repository
Эта конечная точка работает со следующими точными типами маркеров:
- Маркеры доступа пользователей приложения GitHub
- Маркеры доступа к установке приложений GitHub
- Точные личные маркеры доступа
Маркер с точной детализацией должен иметь следующий набор разрешений.:
- "Dependabot alerts" repository permissions (read)
Параметры для "List dismissal requests for Dependabot alerts for a repository"
| Имя., Тип, Description |
|---|
accept string Setting to |
| Имя., Тип, Description |
|---|
owner string Обязательное полеThe account owner of the repository. The name is not case sensitive. |
repo string Обязательное полеThe name of the repository without the |
| Имя., Тип, Description |
|---|
reviewer string Filter alert dismissal requests by the handle of the GitHub user who reviewed the dismissal request. |
requester string Filter alert dismissal requests by the handle of the GitHub user who requested the dismissal. |
time_period string The time period to filter by. For example, По умолчанию.: Возможные значения: |
request_status string Filter alert dismissal requests by status. When specified, only requests with this status will be returned. По умолчанию.: Возможные значения: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." По умолчанию.: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." По умолчанию.: |
Коды состояния http-ответа для "List dismissal requests for Dependabot alerts for a repository"
| Код состояния | Description |
|---|---|
200 | A list of alert dismissal requests. |
403 | Forbidden |
404 | Resource not found |
500 | Internal Error |
Примеры кода для "List dismissal requests for Dependabot alerts for a repository"
Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.
Пример запроса
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabotA list of alert dismissal requests.
Status: 200[
{
"id": 21,
"number": 42,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "no_bandwidth",
"alert_number": "1",
"alert_title": "lodash - GHSA-1234-abcd-5678"
}
],
"resource_identifier": "1",
"status": "denied",
"requester_comment": "No bandwidth to fix this right now",
"expires_at": "2024-07-08T08:43:03Z",
"created_at": "2024-07-01T08:43:03Z",
"responses": [
{
"id": 42,
"reviewer": {
"actor_id": 4,
"actor_name": "octocat"
},
"status": "denied",
"created_at": "2024-07-02T08:43:04Z"
}
],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
"html_url": "https://github.com/octo-org/smile/security/dependabot/1"
},
{
"id": 12,
"number": 24,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "tolerable_risk",
"alert_number": "2",
"alert_title": "axios - GHSA-5678-efgh-9012"
}
],
"resource_identifier": "2",
"status": "approved",
"requester_comment": "Risk is acceptable for this internal tool",
"expires_at": "2024-07-08T07:43:03Z",
"created_at": "2024-07-01T07:43:03Z",
"responses": [
{
"id": 43,
"reviewer": {
"actor_id": 4,
"actor_name": "octocat"
},
"status": "approved",
"created_at": "2024-07-02T08:43:04Z"
}
],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/2",
"html_url": "https://github.com/octo-org/smile/security/dependabot/2"
}
]Get a dismissal request for a Dependabot alert for a repository
Gets a dismissal request to dismiss a Dependabot alert in a repository.
Delegated alert dismissal must be enabled on the repository.
Personal access tokens (classic) need the security_events scope to use this endpoint.
Подробные маркеры доступа для "Get a dismissal request for a Dependabot alert for a repository
Эта конечная точка работает со следующими точными типами маркеров:
- Маркеры доступа пользователей приложения GitHub
- Маркеры доступа к установке приложений GitHub
- Точные личные маркеры доступа
Маркер с точной детализацией должен иметь следующий набор разрешений.:
- "Dependabot alerts" repository permissions (read)
Параметры для "Get a dismissal request for a Dependabot alert for a repository"
| Имя., Тип, Description |
|---|
accept string Setting to |
| Имя., Тип, Description |
|---|
owner string Обязательное полеThe account owner of the repository. The name is not case sensitive. |
repo string Обязательное полеThe name of the repository without the |
alert_number integer Обязательное полеThe number that identifies the Dependabot alert. |
Коды состояния http-ответа для "Get a dismissal request for a Dependabot alert for a repository"
| Код состояния | Description |
|---|---|
200 | A single dismissal request. |
403 | Forbidden |
404 | Resource not found |
500 | Internal Error |
Примеры кода для "Get a dismissal request for a Dependabot alert for a repository"
Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.
Пример запроса
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBERA single dismissal request.
Status: 200{
"id": 21,
"number": 42,
"repository": {
"id": 1,
"name": "smile",
"full_name": "octo-org/smile"
},
"organization": {
"id": 1,
"name": "octo-org"
},
"requester": {
"actor_id": 12,
"actor_name": "monalisa"
},
"request_type": "dependabot_alert_dismissal",
"data": [
{
"reason": "no_bandwidth",
"alert_number": "1",
"alert_title": "lodash - GHSA-1234-abcd-5678"
}
],
"resource_identifier": "1",
"status": "pending",
"requester_comment": "No bandwidth to fix this right now",
"expires_at": "2024-07-08T08:43:03Z",
"created_at": "2024-07-01T08:43:03Z",
"responses": [],
"url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/dependabot/1",
"html_url": "https://github.com/octo-org/smile/security/dependabot/1"
}Review a dismissal request for a Dependabot alert for a repository
Approve or deny a dismissal request to dismiss a Dependabot alert in a repository.
Delegated alert dismissal must be enabled on the repository and the user must be a dismissal reviewer to access this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint.
Подробные маркеры доступа для "Review a dismissal request for a Dependabot alert for a repository
Эта конечная точка работает со следующими точными типами маркеров:
- Маркеры доступа пользователей приложения GitHub
- Маркеры доступа к установке приложений GitHub
- Точные личные маркеры доступа
Маркер с точной детализацией должен иметь следующий набор разрешений.:
- "Organization dismissal requests for Dependabot" organization permissions (write) and "Dependabot alerts" repository permissions (read)
Параметры для "Review a dismissal request for a Dependabot alert for a repository"
| Имя., Тип, Description |
|---|
accept string Setting to |
| Имя., Тип, Description |
|---|
owner string Обязательное полеThe account owner of the repository. The name is not case sensitive. |
repo string Обязательное полеThe name of the repository without the |
alert_number integer Обязательное полеThe number that identifies the Dependabot alert. |
| Имя., Тип, Description |
|---|
status string Обязательное полеThe review action to perform on the dismissal request. Возможные значения: |
message string Обязательное полеA message to include with the review. Has a maximum character length of 2048. |
Коды состояния http-ответа для "Review a dismissal request for a Dependabot alert for a repository"
| Код состояния | Description |
|---|---|
200 | The review of the dismissal request. |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
500 | Internal Error |
Примеры кода для "Review a dismissal request for a Dependabot alert for a repository"
Если вы обращаетесь к GitHub в GHE.com, замените api.github.com выделенный поддомен api.SUBDOMAIN.ghe.comпредприятия.
Пример запроса
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dismissal-requests/dependabot/ALERT_NUMBER \
-d '{"status":"approve","message":"Used in tests."}'The review of the dismissal request.
Status: 200{
"dismissal_review_id": 1
}