Конечные точки REST API для метаданных артефактов

Когда вы просматриваете оповещения Dependabot или code scanning для организации, вы можете использовать метаданные артефактов для фильтрации и приоритизации оповещений (см. Приоритет оповещений о сканировании кода в Dependabot и с использованием производственного контекста).

Create an artifact deployment record

Create or update deployment records for an artifact associated with an organization. This endpoint allows you to record information about a specific artifact, such as its name, digest, environments, cluster, and deployment.

Подробные маркеры доступа для "Create an artifact deployment record

Эта конечная точка работает со следующими точными типами маркеров:

Маркер с точной детализацией должен иметь по крайней мере один из следующих наборов разрешений.:

"Contents" repository permissions (write)
"Artifact metadata" repository permissions (write)

Параметры для "Create an artifact deployment record"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`org` string Обязательное поле The organization name. The name is not case sensitive.

Параметры запроса
Имя., Тип, Description
`name` string Обязательное поле The name of the artifact.
`digest` string Обязательное поле The hex encoded digest of the artifact.
`version` string The artifact version.
`status` string Обязательное поле The status of the artifact. Can be either deployed or decommissioned. Возможные значения: `deployed`, `decommissioned`
`logical_environment` string Обязательное поле The stage of the deployment.
`physical_environment` string The physical region of the deployment.
`cluster` string The deployment cluster.
`deployment_name` string Обязательное поле The name of the deployment.
`tags` object The tags associated with the deployment.
`runtime_risks` array of strings A list of runtime risks associated with the deployment. Supported values are: `critical-resource`, `internet-exposed`, `lateral-movement`, `sensitive-data`
`github_repository` string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter.

Коды состояния http-ответа для "Create an artifact deployment record"

Код состояния	Description
`200`	Artifact deployment record stored successfully.

Примеры кода для "Create an artifact deployment record"

Пример запроса

post/orgs/{org}/artifacts/metadata/deployment-record

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record \
  -d '{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","status":"deployed","logical_environment":"prod","physical_environment":"pacific-east","cluster":"moda-1","deployment_name":"deployment-pod","tags":{"data-access":"sensitive"}}'

Artifact deployment record stored successfully.

Status: 200

{
  "total_count": 1,
  "deployment_records": [
    {
      "id": 123,
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "logical_environment": "prod",
      "physical_environment": "pacific-east",
      "cluster": "moda-1",
      "deployment_name": "prod-deployment",
      "tags": {
        "data": "sensitive"
      },
      "created": "2011-01-26T19:14:43Z",
      "updated_at": "2011-01-26T19:14:43Z",
      "attestation_id": 456
    }
  ]
}

Set cluster deployment records

Set deployment records for a given cluster.

Подробные маркеры доступа для "Set cluster deployment records

Эта конечная точка работает со следующими точными типами маркеров:

Маркер с точной детализацией должен иметь по крайней мере один из следующих наборов разрешений.:

"Contents" repository permissions (write)
"Artifact metadata" repository permissions (write)

Параметры для "Set cluster deployment records"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`org` string Обязательное поле The organization name. The name is not case sensitive.
`cluster` string Обязательное поле The cluster name.

Имя., Тип, Description

logical_environment string Обязательное поле

The stage of the deployment.

physical_environment string

The physical region of the deployment.

deployments array of objects Обязательное поле

The list of deployments to record.

Properties of deployments

Имя., Тип, Description
`name` string Обязательное поле The name of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name parameter must also be identical across all entries.
`digest` string Обязательное поле The hex encoded digest of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name and version parameters must also be identical across all entries.
`version` string The artifact version. Note that if multiple deployments have identical 'digest' parameter values, the version parameter must also be identical across all entries.
`status` string The deployment status of the artifact. Возможные значения: `deployed`, `decommissioned`
`deployment_name` string Обязательное поле The unique identifier for the deployment represented by the new record. To accommodate differing containers and namespaces within a record set, the following format is recommended: {namespaceName}-{deploymentName}-{containerName}
`github_repository` string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter.
`tags` object Key-value pairs to tag the deployment record.
`runtime_risks` array of strings A list of runtime risks associated with the deployment. Supported values are: `critical-resource`, `internet-exposed`, `lateral-movement`, `sensitive-data`

Коды состояния http-ответа для "Set cluster deployment records"

Код состояния	Description
`200`	Artifact deployment record stored successfully.

Примеры кода для "Set cluster deployment records"

Пример запроса

post/orgs/{org}/artifacts/metadata/deployment-record/cluster/{cluster}

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record/cluster/CLUSTER \
  -d '{"logical_environment":"prod","physical_environment":"pacific-east","deployments":[{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","version":"2.1.0","status":"deployed","deployment_name":"deployment-pod","tags":{"runtime-risk":"sensitive-data"}}]}'

Artifact deployment record stored successfully.

Status: 200

{
  "total_count": 1,
  "deployment_records": [
    {
      "id": 123,
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "logical_environment": "prod",
      "physical_environment": "pacific-east",
      "cluster": "moda-1",
      "deployment_name": "prod-deployment",
      "tags": {
        "data": "sensitive"
      },
      "created": "2011-01-26T19:14:43Z",
      "updated_at": "2011-01-26T19:14:43Z",
      "attestation_id": 456
    }
  ]
}

Create artifact metadata storage record

Create metadata storage records for artifacts associated with an organization. This endpoint will create a new artifact storage record on behalf of any artifact matching the provided digest and associated with a repository owned by the organization.

Подробные маркеры доступа для "Create artifact metadata storage record

Эта конечная точка работает со следующими точными типами маркеров:

Маркер с точной детализацией должен иметь по крайней мере один из следующих наборов разрешений.:

"Contents" repository permissions (write)
"Artifact metadata" repository permissions (write)

Параметры для "Create artifact metadata storage record"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`org` string Обязательное поле The organization name. The name is not case sensitive.

Параметры запроса
Имя., Тип, Description
`name` string Обязательное поле The name of the artifact.
`digest` string Обязательное поле The digest of the artifact (algorithm:hex-encoded-digest).
`version` string The artifact version.
`artifact_url` string The URL where the artifact is stored.
`path` string The path of the artifact.
`registry_url` string Обязательное поле The base URL of the artifact registry.
`repository` string The repository name within the registry.
`status` string The status of the artifact (e.g., active, inactive). По умолчанию.: `active` Возможные значения: `active`, `eol`, `deleted`
`github_repository` string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter.

Коды состояния http-ответа для "Create artifact metadata storage record"

Код состояния	Description
`200`	Artifact metadata storage record stored successfully.

Примеры кода для "Create artifact metadata storage record"

Пример запроса

post/orgs/{org}/artifacts/metadata/storage-record

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/metadata/storage-record \
  -d '{"name":"libfoo","version":"1.2.3","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","artifact_url":"https://reg.example.com/artifactory/bar/libfoo-1.2.3","registry_url":"https://reg.example.com/artifactory/","repository":"bar","status":"active"}'

Artifact metadata storage record stored successfully.

Status: 200

{
  "total_count": 1,
  "storage_records": [
    {
      "name": "libfoo",
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
      "registry_url": "https://reg.example.com/artifactory/",
      "repository": "bar",
      "status": "active",
      "created_at": "2023-10-01T12:00:00Z",
      "updated_at": "2023-10-01T12:00:00Z"
    }
  ]
}

List artifact deployment records

List deployment records for an artifact metadata associated with an organization.

Подробные маркеры доступа для "List artifact deployment records

Эта конечная точка работает со следующими точными типами маркеров:

Маркер с точной детализацией должен иметь по крайней мере один из следующих наборов разрешений.:

"Contents" repository permissions (read)
"Artifact metadata" repository permissions (read)

Параметры для "List artifact deployment records"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`org` string Обязательное поле The organization name. The name is not case sensitive.
`subject_digest` string Обязательное поле The SHA256 digest of the artifact, in the form `sha256:HEX_DIGEST`.

Коды состояния http-ответа для "List artifact deployment records"

Код состояния	Description
`200`	Successful response

Примеры кода для "List artifact deployment records"

Пример запроса

get/orgs/{org}/artifacts/{subject_digest}/metadata/deployment-records

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/deployment-records

Successful response

Status: 200

{
  "total_count": 1,
  "deployment_records": [
    {
      "id": 123,
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "logical_environment": "prod",
      "physical_environment": "pacific-east",
      "cluster": "moda-1",
      "deployment_name": "prod-deployment",
      "tags": {
        "data": "sensitive"
      },
      "created": "2011-01-26T19:14:43Z",
      "updated_at": "2011-01-26T19:14:43Z",
      "attestation_id": 456
    }
  ]
}

List artifact storage records

List a collection of artifact storage records with a given subject digest that are associated with repositories owned by an organization.

The collection of storage records returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the content:read permission is required.

Подробные маркеры доступа для "List artifact storage records

Эта конечная точка работает со следующими точными типами маркеров:

Маркер с точной детализацией должен иметь по крайней мере один из следующих наборов разрешений.:

"Contents" repository permissions (read)
"Artifact metadata" repository permissions (read)

Параметры для "List artifact storage records"

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`org` string Обязательное поле The organization name. The name is not case sensitive.
`subject_digest` string Обязательное поле The parameter should be set to the attestation's subject's SHA256 digest, in the form `sha256:HEX_DIGEST`.

Коды состояния http-ответа для "List artifact storage records"

Код состояния	Description
`200`	OK

Примеры кода для "List artifact storage records"

Пример запроса

get/orgs/{org}/artifacts/{subject_digest}/metadata/storage-records

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/storage-records

Response

Status: 200

{
  "storage_records": [
    {
      "name": "libfoo-1.2.3",
      "digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
      "artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
      "registry_url": "https://reg.example.com/artifactory/",
      "repository": "bar",
      "status": "active",
      "created_at": "2023-10-01T12:00:00Z",
      "updated_at": "2023-10-01T12:00:00Z"
    }
  ]
}