Friday, September 23, 2022
HomeWordPress DevelopmentGitHub Dependabot alerts REST API is now out there!

GitHub Dependabot alerts REST API is now out there!


GitHub sends Dependabot alerts when it detects that your repository makes use of a susceptible dependency or malware.

For extra data, see About Dependabot alerts if you do not know about Dependabot but.

GitHub introduced that Dependabot alerts REST API is now out there in public beta.



Endpoints

You will need to use an entry token with the security_events scope to make use of endpoints with personal repositories. It’s also possible to use tokens with the public_repo scope for public repositories solely.



Listing Dependabot alerts for a repository

GitHub Apps will need to have Dependabot alerts learn permission to make use of this endpoint.

curl 
  -H "Settle for: utility/vnd.github+json"  
  -H "Authorization: Bearer <YOUR-TOKEN>" 
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts
Enter fullscreen mode

Exit fullscreen mode



Get a Dependabot alert

GitHub Apps will need to have Dependabot alerts learn permission to make use of this endpoint.

curl 
  -H "Settle for: utility/vnd.github+json"  
  -H "Authorization: Bearer <YOUR-TOKEN>" 
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER
Enter fullscreen mode

Exit fullscreen mode



Replace a Dependabot alert

GitHub Apps will need to have Dependabot alerts write permission to make use of this endpoint.

curl 
  -X PATCH 
  -H "Settle for: utility/vnd.github+json"  
  -H "Authorization: Bearer <YOUR-TOKEN>" 
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER 
  -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is correct however we use a sanitizer."}'
Enter fullscreen mode

Exit fullscreen mode

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments