Dependabot

Download Spec

Endpoints to manage Dependabot.

List Dependabot alerts for an enterprise

get /enterprises/{enterprise}/dependabot/alerts

Lists Dependabot alerts for repositories that are owned by the specified enterprise. To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization."

enterprise

string

required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

state

string

A comma-separated list of states. If specified, only alerts with these states will be returned.

Can be: auto_dismissed, dismissed, fixed, open

severity

string

A comma-separated list of severities. If specified, only alerts with these severities will be returned.

Can be: low, medium, high, critical

ecosystem

string

A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.

Can be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust

package

string

A comma-separated list of package names. If specified, only alerts for these packages will be returned.

scope

string

The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.

Enum
  • development
  • runtime

sort

string

The property by which to sort the results. created means when the alert was created. updated means when the alert's state last changed.

Default
"created"
Enum
  • created
  • updated

direction

string

The direction to sort the results by.

Default
"desc"
Enum
  • asc
  • desc

before

string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.

after

string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.

first

int

Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with last. Instead, use per_page in combination with after to fetch the first page of results.

Default
30
Min
1
Max
100

last

int

Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with first. Instead, use per_page in combination with before to fetch the last page of results.

Min
1
Max
100

per_page

int

The number of results per page (max 100).

Default
30

Response

Examples Schema

Response

[
  {
    "number": 2,
    "state": "dismissed",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-rf4j-j272-fj86",
      "cve_id": "CVE-2018-6188",
      "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
      "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
          "first_patched_version": {
            "identifier": "2.0.2"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
          "first_patched_version": {
            "identifier": "1.11.10"
          }
        }
      ],
      "severity": "high",
      "cvss": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cwes": [
        {
          "cwe_id": "CWE-200",
          "name": "Exposure of Sensitive Information to an Unauthorized Actor"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-rf4j-j272-fj86"
        },
        {
          "type": "CVE",
          "value": "CVE-2018-6188"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
        },
        {
          "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
        },
        {
          "url": "https://usn.ubuntu.com/3559-1/"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
        },
        {
          "url": "http://www.securitytracker.com/id/1040422"
        }
      ],
      "published_at": "2018-10-03T21:13:54Z",
      "updated_at": "2022-04-26T18:35:37Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "severity": "high",
      "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
      "first_patched_version": {
        "identifier": "2.0.2"
      }
    },
    "url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2",
    "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
    "created_at": "2022-06-15T07:43:03Z",
    "updated_at": "2022-08-23T14:29:47Z",
    "dismissed_at": "2022-08-23T14:29:47Z",
    "dismissed_by": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "dismissed_reason": "tolerable_risk",
    "dismissed_comment": "This alert is accurate but we use a sanitizer.",
    "fixed_at": null,
    "repository": {
      "id": 217723378,
      "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
      "name": "octo-repo",
      "full_name": "octo-org/octo-repo",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://api.github.com/users/octo-org/followers",
        "following_url": "https://api.github.com/users/octo-org/following{/other_user}",
        "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
        "organizations_url": "https://api.github.com/users/octo-org/orgs",
        "repos_url": "https://api.github.com/users/octo-org/repos",
        "events_url": "https://api.github.com/users/octo-org/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/octo-repo",
      "description": null,
      "fork": false,
      "url": "https://api.github.com/repos/octo-org/octo-repo",
      "archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}",
      "assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}",
      "blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}",
      "branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}",
      "collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}",
      "comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}",
      "commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}",
      "compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}",
      "contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}",
      "contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors",
      "deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments",
      "downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads",
      "events_url": "https://api.github.com/repos/octo-org/octo-repo/events",
      "forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks",
      "git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}",
      "git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}",
      "git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}",
      "hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks",
      "issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}",
      "issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}",
      "issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}",
      "keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}",
      "labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}",
      "languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages",
      "merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges",
      "milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}",
      "notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}",
      "pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}",
      "releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}",
      "stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers",
      "statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}",
      "subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers",
      "subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription",
      "tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags",
      "teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams",
      "trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}"
    }
  },
  {
    "number": 1,
    "state": "open",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-8f4m-hccc-8qph",
      "cve_id": "CVE-2021-20191",
      "summary": "Insertion of Sensitive Information into Log File in ansible",
      "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
          "first_patched_version": {
            "identifier": "2.9.18"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": "< 2.8.19",
          "first_patched_version": {
            "identifier": "2.8.19"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
          "first_patched_version": {
            "identifier": "2.10.7"
          }
        }
      ],
      "severity": "medium",
      "cvss": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cwes": [
        {
          "cwe_id": "CWE-532",
          "name": "Insertion of Sensitive Information into Log File"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-8f4m-hccc-8qph"
        },
        {
          "type": "CVE",
          "value": "CVE-2021-20191"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2021-20191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
        }
      ],
      "published_at": "2021-06-01T17:38:00Z",
      "updated_at": "2021-08-12T23:06:00Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "severity": "medium",
      "vulnerable_version_range": "< 2.8.19",
      "first_patched_version": {
        "identifier": "2.8.19"
      }
    },
    "url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1",
    "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
    "created_at": "2022-06-14T15:21:52Z",
    "updated_at": "2022-06-14T15:21:52Z",
    "dismissed_at": null,
    "dismissed_by": null,
    "dismissed_reason": null,
    "dismissed_comment": null,
    "fixed_at": null,
    "repository": {
      "id": 664700648,
      "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
      "name": "hello-world",
      "full_name": "octo-org/hello-world",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://api.github.com/users/octo-org/followers",
        "following_url": "https://api.github.com/users/octo-org/following{/other_user}",
        "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
        "organizations_url": "https://api.github.com/users/octo-org/orgs",
        "repos_url": "https://api.github.com/users/octo-org/repos",
        "events_url": "https://api.github.com/users/octo-org/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/hello-world",
      "description": null,
      "fork": false,
      "url": "https://api.github.com/repos/octo-org/hello-world",
      "archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}",
      "assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}",
      "blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}",
      "branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}",
      "collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}",
      "comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}",
      "commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}",
      "compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}",
      "contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}",
      "contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors",
      "deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments",
      "downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads",
      "events_url": "https://api.github.com/repos/octo-org/hello-world/events",
      "forks_url": "https://api.github.com/repos/octo-org/hello-world/forks",
      "git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}",
      "git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}",
      "git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}",
      "hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks",
      "issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}",
      "issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}",
      "issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}",
      "keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}",
      "labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}",
      "languages_url": "https://api.github.com/repos/octo-org/hello-world/languages",
      "merges_url": "https://api.github.com/repos/octo-org/hello-world/merges",
      "milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}",
      "notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}",
      "pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}",
      "releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}",
      "stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers",
      "statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}",
      "subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers",
      "subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription",
      "tags_url": "https://api.github.com/repos/octo-org/hello-world/tags",
      "teams_url": "https://api.github.com/repos/octo-org/hello-world/teams",
      "trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}"
    }
  }
]

Not modified

Empty response

Forbidden

{
  "message": "string",
  "documentation_url": "string",
  "url": "string",
  "status": "string"
}

Resource not found

{
  "message": "string",
  "documentation_url": "string",
  "url": "string",
  "status": "string"
}

Validation failed, or the endpoint has been spammed.

{
  "message": "string",
  "documentation_url": "string",
  "errors": [
    "string"
  ]
}

array[object]

object

A Dependabot alert.

number

int

required

The security alert number.

state

string

required

The state of the Dependabot alert.

Enum
  • auto_dismissed
  • dismissed
  • fixed
  • open

dependency

object (dependency)

required

Details for the vulnerable dependency.

package

object (package)

Details for the vulnerable package.

ecosystem

string

required

The package's language or package management ecosystem.

name

string

required

The unique package name within its ecosystem.

manifest_path

string

The full path to the dependency manifest file, relative to the root of the repository.

scope

string or null

The execution scope of the vulnerable dependency.

Enum
  • development
  • runtime

security_advisory

object (security_advisory)

required

Details for the GitHub Security Advisory.

ghsa_id

string

required

The unique GitHub Security Advisory ID assigned to the advisory.

cve_id

string or null

required

The unique CVE ID assigned to the advisory.

summary

string

required

A short, plain text summary of the advisory.

Max Length
1024

description

string

required

A long-form Markdown-supported description of the advisory.

vulnerabilities

array[object]

required

Vulnerable version range information for the advisory.

object

Details pertaining to one vulnerable version range for the advisory.

package

object (package)

required

Details for the vulnerable package.

ecosystem

string

required

The package's language or package management ecosystem.

name

string

required

The unique package name within its ecosystem.

severity

string

required

The severity of the vulnerability.

Enum
  • low
  • medium
  • high
  • critical

vulnerable_version_range

string

required

Conditions that identify vulnerable versions of this vulnerability's package.

first_patched_version

object (first_patched_version) or null

required

Details pertaining to the package version that patches this vulnerability.

identifier

string

required

The package version that patches this vulnerability.

severity

string

required

The severity of the advisory.

Enum
  • low
  • medium
  • high
  • critical

cvss

object (cvss)

required

Details for the advisory pertaining to the Common Vulnerability Scoring System.

score

number

required

The overall CVSS score of the advisory.

Min
0
Max
10

vector_string

string or null

required

The full CVSS vector string for the advisory.

cwes

array[object]

required

Details for the advisory pertaining to Common Weakness Enumeration.

object

A CWE weakness assigned to the advisory.

cwe_id

string

required

The unique CWE ID.

name

string

required

The short, plain text name of the CWE.

identifiers

array[object]

required

Values that identify this advisory among security information sources.

object

An advisory identifier.

type

string

required

The type of advisory identifier.

Enum
  • CVE
  • GHSA

value

string

required

The value of the advisory identifer.

references

array[object]

required

Links to additional advisory information.

object

A link to additional advisory information.

url

string

uri

required

The URL of the reference.

published_at

string

date-time

required

The time that the advisory was published in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

updated_at

string

date-time

required

The time that the advisory was last modified in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

withdrawn_at

string or null

date-time

required

The time that the advisory was withdrawn in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

security_vulnerability

object (security_vulnerability)

required

Details pertaining to one vulnerable version range for the advisory.

package

object (package)

required

Details for the vulnerable package.

ecosystem

string

required

The package's language or package management ecosystem.

name

string

required

The unique package name within its ecosystem.

severity

string

required

The severity of the vulnerability.

Enum
  • low
  • medium
  • high
  • critical

vulnerable_version_range

string

required

Conditions that identify vulnerable versions of this vulnerability's package.

first_patched_version

object (first_patched_version) or null

required

Details pertaining to the package version that patches this vulnerability.

identifier

string

required

The package version that patches this vulnerability.

url

string

uri

required

The REST API URL of the alert resource.

html_url

string

uri

required

The GitHub URL of the alert resource.

created_at

string

date-time

required

The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

updated_at

string

date-time

required

The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

dismissed_at

string or null

date-time

required

The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

dismissed_by

object (dismissed_by) or null

required

A GitHub user.

name

string or null

email

string or null

login

string

required

Example
"octocat"

id

int

required

Example
1

node_id

string

required

Example
"MDQ6VXNlcjE="

avatar_url

string

uri

required

Example
"https://github.com/images/error/octocat_happy.gif"

gravatar_id

string or null

required

Example
"41d064eb2195891e12d0413f63227ea7"

url

string

uri

required

Example
"https://api.github.com/users/octocat"

html_url

string

uri

required

Example
"https://github.com/octocat"

followers_url

string

uri

required

Example
"https://api.github.com/users/octocat/followers"

following_url

string

required

Example
"https://api.github.com/users/octocat/following{/other_user}"

gists_url

string

required

Example
"https://api.github.com/users/octocat/gists{/gist_id}"

starred_url

string

required

Example
"https://api.github.com/users/octocat/starred{/owner}{/repo}"

subscriptions_url

string

uri

required

Example
"https://api.github.com/users/octocat/subscriptions"

organizations_url

string

uri

required

Example
"https://api.github.com/users/octocat/orgs"

repos_url

string

uri

required

Example
"https://api.github.com/users/octocat/repos"

events_url

string

required

Example
"https://api.github.com/users/octocat/events{/privacy}"

received_events_url

string

uri

required

Example
"https://api.github.com/users/octocat/received_events"

type

string

required

Example
"User"

site_admin

boolean

required

starred_at

string

Example
"\"2020-07-09T00:17:55Z\""

dismissed_reason

string or null

required

The reason that the alert was dismissed.

Enum
  • fix_started
  • inaccurate
  • no_bandwidth
  • not_used
  • tolerable_risk

dismissed_comment

string or null

required

An optional comment associated with the alert's dismissal.

Max Length
280

fixed_at

string or null

date-time

required

The time that the alert was no longer detected and was considered fixed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

auto_dismissed_at

string or null

date-time

The time that the alert was auto-dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

repository

object (repository)

required

A GitHub repository.

id

int

required

A unique identifier of the repository.

Example
1296269

node_id

string

required

The GraphQL identifier of the repository.

Example
"MDEwOlJlcG9zaXRvcnkxMjk2MjY5"

name

string

required

The name of the repository.

Example
"Hello-World"

full_name

string

required

The full, globally unique, name of the repository.

Example
"octocat/Hello-World"

owner

object (owner)

required

A GitHub user.

name

string or null

email

string or null

login

string

required

Example
"octocat"

id

int

required

Example
1

node_id

string

required

Example
"MDQ6VXNlcjE="

avatar_url

string

uri

required

Example
"https://github.com/images/error/octocat_happy.gif"

gravatar_id

string or null

required

Example
"41d064eb2195891e12d0413f63227ea7"

url

string

uri

required

Example
"https://api.github.com/users/octocat"

html_url

string

uri

required

Example
"https://github.com/octocat"

followers_url

string

uri

required

Example
"https://api.github.com/users/octocat/followers"

following_url

string

required

Example
"https://api.github.com/users/octocat/following{/other_user}"

gists_url

string

required

Example
"https://api.github.com/users/octocat/gists{/gist_id}"

starred_url

string

required

Example
"https://api.github.com/users/octocat/starred{/owner}{/repo}"

subscriptions_url

string

uri

required

Example
"https://api.github.com/users/octocat/subscriptions"

organizations_url

string

uri

required

Example
"https://api.github.com/users/octocat/orgs"

repos_url

string

uri

required

Example
"https://api.github.com/users/octocat/repos"

events_url

string

required

Example
"https://api.github.com/users/octocat/events{/privacy}"

received_events_url

string

uri

required

Example
"https://api.github.com/users/octocat/received_events"

type

string

required

Example
"User"

site_admin

boolean

required

starred_at

string

Example
"\"2020-07-09T00:17:55Z\""

private

boolean

required

Whether the repository is private.

html_url

string

uri

required

The URL to view the repository on GitHub.com.

Example
"https://github.com/octocat/Hello-World"

description

string or null

required

The repository description.

Example
"This your first repo!"

fork

boolean

required

Whether the repository is a fork.

url

string

uri

required

The URL to get more information about the repository from the GitHub API.

Example
"https://api.github.com/repos/octocat/Hello-World"

archive_url

string

required

A template for the API URL to download the repository as an archive.

Example
"https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}"

assignees_url

string

required

A template for the API URL to list the available assignees for issues in the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/assignees{/user}"

blobs_url

string

required

A template for the API URL to create or retrieve a raw Git blob in the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}"

branches_url

string

required

A template for the API URL to get information about branches in the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/branches{/branch}"

collaborators_url

string

required

A template for the API URL to get information about collaborators of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}"

comments_url

string

required

A template for the API URL to get information about comments on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/comments{/number}"

commits_url

string

required

A template for the API URL to get information about commits on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/commits{/sha}"

compare_url

string

required

A template for the API URL to compare two commits or refs.

Example
"https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}"

contents_url

string

required

A template for the API URL to get the contents of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/contents/{+path}"

contributors_url

string

uri

required

A template for the API URL to list the contributors to the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/contributors"

deployments_url

string

uri

required

The API URL to list the deployments of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/deployments"

downloads_url

string

uri

required

The API URL to list the downloads on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/downloads"

events_url

string

uri

required

The API URL to list the events of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/events"

forks_url

string

uri

required

The API URL to list the forks of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/forks"

git_commits_url

string

required

A template for the API URL to get information about Git commits of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}"

git_refs_url

string

required

A template for the API URL to get information about Git refs of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}"

git_tags_url

string

required

A template for the API URL to get information about Git tags of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}"

issue_comment_url

string

required

A template for the API URL to get information about issue comments on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}"

issue_events_url

string

required

A template for the API URL to get information about issue events on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/issues/events{/number}"

issues_url

string

required

A template for the API URL to get information about issues on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/issues{/number}"

keys_url

string

required

A template for the API URL to get information about deploy keys on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/keys{/key_id}"

labels_url

string

required

A template for the API URL to get information about labels of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/labels{/name}"

languages_url

string

uri

required

The API URL to get information about the languages of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/languages"

merges_url

string

uri

required

The API URL to merge branches in the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/merges"

milestones_url

string

required

A template for the API URL to get information about milestones of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/milestones{/number}"

notifications_url

string

required

A template for the API URL to get information about notifications on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}"

pulls_url

string

required

A template for the API URL to get information about pull requests on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/pulls{/number}"

releases_url

string

required

A template for the API URL to get information about releases on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/releases{/id}"

stargazers_url

string

uri

required

The API URL to list the stargazers on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/stargazers"

statuses_url

string

required

A template for the API URL to get information about statuses of a commit.

Example
"https://api.github.com/repos/octocat/Hello-World/statuses/{sha}"

subscribers_url

string

uri

required

The API URL to list the subscribers on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/subscribers"

subscription_url

string

uri

required

The API URL to subscribe to notifications for this repository.

Example
"https://api.github.com/repos/octocat/Hello-World/subscription"

tags_url

string

uri

required

The API URL to get information about tags on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/tags"

teams_url

string

uri

required

The API URL to list the teams on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/teams"

trees_url

string

required

A template for the API URL to create or retrieve a raw Git tree of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}"

hooks_url

string

uri

required

The API URL to list the hooks on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/hooks"

No schema

message

string

documentation_url

string

url

string

status

string

message

string

documentation_url

string

url

string

status

string

message

string

required

documentation_url

string

required

errors

array[string]

string

List Dependabot alerts for an organization

get /orgs/{org}/dependabot/alerts

Lists Dependabot alerts for an organization.

To use this endpoint, you must be an owner or security manager for the organization, and you must use an access token with the repo scope or security_events scope.

For public repositories, you may instead use the public_repo scope.

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

org

string

required

The organization name. The name is not case sensitive.

state

string

A comma-separated list of states. If specified, only alerts with these states will be returned.

Can be: auto_dismissed, dismissed, fixed, open

severity

string

A comma-separated list of severities. If specified, only alerts with these severities will be returned.

Can be: low, medium, high, critical

ecosystem

string

A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.

Can be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust

package

string

A comma-separated list of package names. If specified, only alerts for these packages will be returned.

scope

string

The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.

Enum
  • development
  • runtime

sort

string

The property by which to sort the results. created means when the alert was created. updated means when the alert's state last changed.

Default
"created"
Enum
  • created
  • updated

direction

string

The direction to sort the results by.

Default
"desc"
Enum
  • asc
  • desc

before

string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.

after

string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.

first

int

Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with last. Instead, use per_page in combination with after to fetch the first page of results.

Default
30
Min
1
Max
100

last

int

Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with first. Instead, use per_page in combination with before to fetch the last page of results.

Min
1
Max
100

per_page

int

The number of results per page (max 100).

Default
30

Response

Examples Schema

Response

[
  {
    "number": 2,
    "state": "dismissed",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-rf4j-j272-fj86",
      "cve_id": "CVE-2018-6188",
      "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
      "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
          "first_patched_version": {
            "identifier": "2.0.2"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "high",
          "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
          "first_patched_version": {
            "identifier": "1.11.10"
          }
        }
      ],
      "severity": "high",
      "cvss": {
        "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "score": 7.5
      },
      "cwes": [
        {
          "cwe_id": "CWE-200",
          "name": "Exposure of Sensitive Information to an Unauthorized Actor"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-rf4j-j272-fj86"
        },
        {
          "type": "CVE",
          "value": "CVE-2018-6188"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
        },
        {
          "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
        },
        {
          "url": "https://usn.ubuntu.com/3559-1/"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
        },
        {
          "url": "http://www.securitytracker.com/id/1040422"
        }
      ],
      "published_at": "2018-10-03T21:13:54Z",
      "updated_at": "2022-04-26T18:35:37Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "django"
      },
      "severity": "high",
      "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
      "first_patched_version": {
        "identifier": "2.0.2"
      }
    },
    "url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2",
    "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2",
    "created_at": "2022-06-15T07:43:03Z",
    "updated_at": "2022-08-23T14:29:47Z",
    "dismissed_at": "2022-08-23T14:29:47Z",
    "dismissed_by": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "dismissed_reason": "tolerable_risk",
    "dismissed_comment": "This alert is accurate but we use a sanitizer.",
    "fixed_at": null,
    "repository": {
      "id": 217723378,
      "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=",
      "name": "octo-repo",
      "full_name": "octo-org/octo-repo",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://api.github.com/users/octo-org/followers",
        "following_url": "https://api.github.com/users/octo-org/following{/other_user}",
        "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
        "organizations_url": "https://api.github.com/users/octo-org/orgs",
        "repos_url": "https://api.github.com/users/octo-org/repos",
        "events_url": "https://api.github.com/users/octo-org/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/octo-repo",
      "description": null,
      "fork": false,
      "url": "https://api.github.com/repos/octo-org/octo-repo",
      "archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}",
      "assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}",
      "blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}",
      "branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}",
      "collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}",
      "comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}",
      "commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}",
      "compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}",
      "contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}",
      "contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors",
      "deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments",
      "downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads",
      "events_url": "https://api.github.com/repos/octo-org/octo-repo/events",
      "forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks",
      "git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}",
      "git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}",
      "git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}",
      "hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks",
      "issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}",
      "issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}",
      "issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}",
      "keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}",
      "labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}",
      "languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages",
      "merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges",
      "milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}",
      "notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}",
      "pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}",
      "releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}",
      "stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers",
      "statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}",
      "subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers",
      "subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription",
      "tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags",
      "teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams",
      "trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}"
    }
  },
  {
    "number": 1,
    "state": "open",
    "dependency": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "manifest_path": "path/to/requirements.txt",
      "scope": "runtime"
    },
    "security_advisory": {
      "ghsa_id": "GHSA-8f4m-hccc-8qph",
      "cve_id": "CVE-2021-20191",
      "summary": "Insertion of Sensitive Information into Log File in ansible",
      "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.",
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.9.0, < 2.9.18",
          "first_patched_version": {
            "identifier": "2.9.18"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": "< 2.8.19",
          "first_patched_version": {
            "identifier": "2.8.19"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "ansible"
          },
          "severity": "medium",
          "vulnerable_version_range": ">= 2.10.0, < 2.10.7",
          "first_patched_version": {
            "identifier": "2.10.7"
          }
        }
      ],
      "severity": "medium",
      "cvss": {
        "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "score": 5.5
      },
      "cwes": [
        {
          "cwe_id": "CWE-532",
          "name": "Insertion of Sensitive Information into Log File"
        }
      ],
      "identifiers": [
        {
          "type": "GHSA",
          "value": "GHSA-8f4m-hccc-8qph"
        },
        {
          "type": "CVE",
          "value": "CVE-2021-20191"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2021-20191"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813"
        }
      ],
      "published_at": "2021-06-01T17:38:00Z",
      "updated_at": "2021-08-12T23:06:00Z",
      "withdrawn_at": null
    },
    "security_vulnerability": {
      "package": {
        "ecosystem": "pip",
        "name": "ansible"
      },
      "severity": "medium",
      "vulnerable_version_range": "< 2.8.19",
      "first_patched_version": {
        "identifier": "2.8.19"
      }
    },
    "url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1",
    "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1",
    "created_at": "2022-06-14T15:21:52Z",
    "updated_at": "2022-06-14T15:21:52Z",
    "dismissed_at": null,
    "dismissed_by": null,
    "dismissed_reason": null,
    "dismissed_comment": null,
    "fixed_at": null,
    "repository": {
      "id": 664700648,
      "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=",
      "name": "hello-world",
      "full_name": "octo-org/hello-world",
      "owner": {
        "login": "octo-org",
        "id": 6811672,
        "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=",
        "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octo-org",
        "html_url": "https://github.com/octo-org",
        "followers_url": "https://api.github.com/users/octo-org/followers",
        "following_url": "https://api.github.com/users/octo-org/following{/other_user}",
        "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions",
        "organizations_url": "https://api.github.com/users/octo-org/orgs",
        "repos_url": "https://api.github.com/users/octo-org/repos",
        "events_url": "https://api.github.com/users/octo-org/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octo-org/received_events",
        "type": "Organization",
        "site_admin": false
      },
      "private": true,
      "html_url": "https://github.com/octo-org/hello-world",
      "description": null,
      "fork": false,
      "url": "https://api.github.com/repos/octo-org/hello-world",
      "archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}",
      "assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}",
      "blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}",
      "branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}",
      "collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}",
      "comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}",
      "commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}",
      "compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}",
      "contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}",
      "contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors",
      "deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments",
      "downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads",
      "events_url": "https://api.github.com/repos/octo-org/hello-world/events",
      "forks_url": "https://api.github.com/repos/octo-org/hello-world/forks",
      "git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}",
      "git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}",
      "git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}",
      "hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks",
      "issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}",
      "issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}",
      "issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}",
      "keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}",
      "labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}",
      "languages_url": "https://api.github.com/repos/octo-org/hello-world/languages",
      "merges_url": "https://api.github.com/repos/octo-org/hello-world/merges",
      "milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}",
      "notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}",
      "pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}",
      "releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}",
      "stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers",
      "statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}",
      "subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers",
      "subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription",
      "tags_url": "https://api.github.com/repos/octo-org/hello-world/tags",
      "teams_url": "https://api.github.com/repos/octo-org/hello-world/teams",
      "trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}"
    }
  }
]

Not modified

Empty response

Bad Request

{
  "message": "string",
  "documentation_url": "string",
  "url": "string",
  "status": "string"
}

Forbidden

{
  "message": "string",
  "documentation_url": "string",
  "url": "string",
  "status": "string"
}

Resource not found

{
  "message": "string",
  "documentation_url": "string",
  "url": "string",
  "status": "string"
}

Validation failed, or the endpoint has been spammed.

{
  "message": "string",
  "documentation_url": "string",
  "errors": [
    "string"
  ]
}

array[object]

object

A Dependabot alert.

number

int

required

The security alert number.

state

string

required

The state of the Dependabot alert.

Enum
  • auto_dismissed
  • dismissed
  • fixed
  • open

dependency

object (dependency)

required

Details for the vulnerable dependency.

package

object (package)

Details for the vulnerable package.

ecosystem

string

required

The package's language or package management ecosystem.

name

string

required

The unique package name within its ecosystem.

manifest_path

string

The full path to the dependency manifest file, relative to the root of the repository.

scope

string or null

The execution scope of the vulnerable dependency.

Enum
  • development
  • runtime

security_advisory

object (security_advisory)

required

Details for the GitHub Security Advisory.

ghsa_id

string

required

The unique GitHub Security Advisory ID assigned to the advisory.

cve_id

string or null

required

The unique CVE ID assigned to the advisory.

summary

string

required

A short, plain text summary of the advisory.

Max Length
1024

description

string

required

A long-form Markdown-supported description of the advisory.

vulnerabilities

array[object]

required

Vulnerable version range information for the advisory.

object

Details pertaining to one vulnerable version range for the advisory.

package

object (package)

required

Details for the vulnerable package.

ecosystem

string

required

The package's language or package management ecosystem.

name

string

required

The unique package name within its ecosystem.

severity

string

required

The severity of the vulnerability.

Enum
  • low
  • medium
  • high
  • critical

vulnerable_version_range

string

required

Conditions that identify vulnerable versions of this vulnerability's package.

first_patched_version

object (first_patched_version) or null

required

Details pertaining to the package version that patches this vulnerability.

identifier

string

required

The package version that patches this vulnerability.

severity

string

required

The severity of the advisory.

Enum
  • low
  • medium
  • high
  • critical

cvss

object (cvss)

required

Details for the advisory pertaining to the Common Vulnerability Scoring System.

score

number

required

The overall CVSS score of the advisory.

Min
0
Max
10

vector_string

string or null

required

The full CVSS vector string for the advisory.

cwes

array[object]

required

Details for the advisory pertaining to Common Weakness Enumeration.

object

A CWE weakness assigned to the advisory.

cwe_id

string

required

The unique CWE ID.

name

string

required

The short, plain text name of the CWE.

identifiers

array[object]

required

Values that identify this advisory among security information sources.

object

An advisory identifier.

type

string

required

The type of advisory identifier.

Enum
  • CVE
  • GHSA

value

string

required

The value of the advisory identifer.

references

array[object]

required

Links to additional advisory information.

object

A link to additional advisory information.

url

string

uri

required

The URL of the reference.

published_at

string

date-time

required

The time that the advisory was published in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

updated_at

string

date-time

required

The time that the advisory was last modified in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

withdrawn_at

string or null

date-time

required

The time that the advisory was withdrawn in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

security_vulnerability

object (security_vulnerability)

required

Details pertaining to one vulnerable version range for the advisory.

package

object (package)

required

Details for the vulnerable package.

ecosystem

string

required

The package's language or package management ecosystem.

name

string

required

The unique package name within its ecosystem.

severity

string

required

The severity of the vulnerability.

Enum
  • low
  • medium
  • high
  • critical

vulnerable_version_range

string

required

Conditions that identify vulnerable versions of this vulnerability's package.

first_patched_version

object (first_patched_version) or null

required

Details pertaining to the package version that patches this vulnerability.

identifier

string

required

The package version that patches this vulnerability.

url

string

uri

required

The REST API URL of the alert resource.

html_url

string

uri

required

The GitHub URL of the alert resource.

created_at

string

date-time

required

The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

updated_at

string

date-time

required

The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

dismissed_at

string or null

date-time

required

The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

dismissed_by

object (dismissed_by) or null

required

A GitHub user.

name

string or null

email

string or null

login

string

required

Example
"octocat"

id

int

required

Example
1

node_id

string

required

Example
"MDQ6VXNlcjE="

avatar_url

string

uri

required

Example
"https://github.com/images/error/octocat_happy.gif"

gravatar_id

string or null

required

Example
"41d064eb2195891e12d0413f63227ea7"

url

string

uri

required

Example
"https://api.github.com/users/octocat"

html_url

string

uri

required

Example
"https://github.com/octocat"

followers_url

string

uri

required

Example
"https://api.github.com/users/octocat/followers"

following_url

string

required

Example
"https://api.github.com/users/octocat/following{/other_user}"

gists_url

string

required

Example
"https://api.github.com/users/octocat/gists{/gist_id}"

starred_url

string

required

Example
"https://api.github.com/users/octocat/starred{/owner}{/repo}"

subscriptions_url

string

uri

required

Example
"https://api.github.com/users/octocat/subscriptions"

organizations_url

string

uri

required

Example
"https://api.github.com/users/octocat/orgs"

repos_url

string

uri

required

Example
"https://api.github.com/users/octocat/repos"

events_url

string

required

Example
"https://api.github.com/users/octocat/events{/privacy}"

received_events_url

string

uri

required

Example
"https://api.github.com/users/octocat/received_events"

type

string

required

Example
"User"

site_admin

boolean

required

starred_at

string

Example
"\"2020-07-09T00:17:55Z\""

dismissed_reason

string or null

required

The reason that the alert was dismissed.

Enum
  • fix_started
  • inaccurate
  • no_bandwidth
  • not_used
  • tolerable_risk

dismissed_comment

string or null

required

An optional comment associated with the alert's dismissal.

Max Length
280

fixed_at

string or null

date-time

required

The time that the alert was no longer detected and was considered fixed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

auto_dismissed_at

string or null

date-time

The time that the alert was auto-dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.

repository

object (repository)

required

A GitHub repository.

id

int

required

A unique identifier of the repository.

Example
1296269

node_id

string

required

The GraphQL identifier of the repository.

Example
"MDEwOlJlcG9zaXRvcnkxMjk2MjY5"

name

string

required

The name of the repository.

Example
"Hello-World"

full_name

string

required

The full, globally unique, name of the repository.

Example
"octocat/Hello-World"

owner

object (owner)

required

A GitHub user.

name

string or null

email

string or null

login

string

required

Example
"octocat"

id

int

required

Example
1

node_id

string

required

Example
"MDQ6VXNlcjE="

avatar_url

string

uri

required

Example
"https://github.com/images/error/octocat_happy.gif"

gravatar_id

string or null

required

Example
"41d064eb2195891e12d0413f63227ea7"

url

string

uri

required

Example
"https://api.github.com/users/octocat"

html_url

string

uri

required

Example
"https://github.com/octocat"

followers_url

string

uri

required

Example
"https://api.github.com/users/octocat/followers"

following_url

string

required

Example
"https://api.github.com/users/octocat/following{/other_user}"

gists_url

string

required

Example
"https://api.github.com/users/octocat/gists{/gist_id}"

starred_url

string

required

Example
"https://api.github.com/users/octocat/starred{/owner}{/repo}"

subscriptions_url

string

uri

required

Example
"https://api.github.com/users/octocat/subscriptions"

organizations_url

string

uri

required

Example
"https://api.github.com/users/octocat/orgs"

repos_url

string

uri

required

Example
"https://api.github.com/users/octocat/repos"

events_url

string

required

Example
"https://api.github.com/users/octocat/events{/privacy}"

received_events_url

string

uri

required

Example
"https://api.github.com/users/octocat/received_events"

type

string

required

Example
"User"

site_admin

boolean

required

starred_at

string

Example
"\"2020-07-09T00:17:55Z\""

private

boolean

required

Whether the repository is private.

html_url

string

uri

required

The URL to view the repository on GitHub.com.

Example
"https://github.com/octocat/Hello-World"

description

string or null

required

The repository description.

Example
"This your first repo!"

fork

boolean

required

Whether the repository is a fork.

url

string

uri

required

The URL to get more information about the repository from the GitHub API.

Example
"https://api.github.com/repos/octocat/Hello-World"

archive_url

string

required

A template for the API URL to download the repository as an archive.

Example
"https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}"

assignees_url

string

required

A template for the API URL to list the available assignees for issues in the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/assignees{/user}"

blobs_url

string

required

A template for the API URL to create or retrieve a raw Git blob in the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}"

branches_url

string

required

A template for the API URL to get information about branches in the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/branches{/branch}"

collaborators_url

string

required

A template for the API URL to get information about collaborators of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}"

comments_url

string

required

A template for the API URL to get information about comments on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/comments{/number}"

commits_url

string

required

A template for the API URL to get information about commits on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/commits{/sha}"

compare_url

string

required

A template for the API URL to compare two commits or refs.

Example
"https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}"

contents_url

string

required

A template for the API URL to get the contents of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/contents/{+path}"

contributors_url

string

uri

required

A template for the API URL to list the contributors to the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/contributors"

deployments_url

string

uri

required

The API URL to list the deployments of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/deployments"

downloads_url

string

uri

required

The API URL to list the downloads on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/downloads"

events_url

string

uri

required

The API URL to list the events of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/events"

forks_url

string

uri

required

The API URL to list the forks of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/forks"

git_commits_url

string

required

A template for the API URL to get information about Git commits of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}"

git_refs_url

string

required

A template for the API URL to get information about Git refs of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}"

git_tags_url

string

required

A template for the API URL to get information about Git tags of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}"

issue_comment_url

string

required

A template for the API URL to get information about issue comments on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}"

issue_events_url

string

required

A template for the API URL to get information about issue events on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/issues/events{/number}"

issues_url

string

required

A template for the API URL to get information about issues on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/issues{/number}"

keys_url

string

required

A template for the API URL to get information about deploy keys on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/keys{/key_id}"

labels_url

string

required

A template for the API URL to get information about labels of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/labels{/name}"

languages_url

string

uri

required

The API URL to get information about the languages of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/languages"

merges_url

string

uri

required

The API URL to merge branches in the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/merges"

milestones_url

string

required

A template for the API URL to get information about milestones of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/milestones{/number}"

notifications_url

string

required

A template for the API URL to get information about notifications on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}"

pulls_url

string

required

A template for the API URL to get information about pull requests on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/pulls{/number}"

releases_url

string

required

A template for the API URL to get information about releases on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/releases{/id}"

stargazers_url

string

uri

required

The API URL to list the stargazers on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/stargazers"

statuses_url

string

required

A template for the API URL to get information about statuses of a commit.

Example
"https://api.github.com/repos/octocat/Hello-World/statuses/{sha}"

subscribers_url

string

uri

required

The API URL to list the subscribers on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/subscribers"

subscription_url

string

uri

required

The API URL to subscribe to notifications for this repository.

Example
"https://api.github.com/repos/octocat/Hello-World/subscription"

tags_url

string

uri

required

The API URL to get information about tags on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/tags"

teams_url

string

uri

required

The API URL to list the teams on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/teams"

trees_url

string

required

A template for the API URL to create or retrieve a raw Git tree of the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}"

hooks_url

string

uri

required

The API URL to list the hooks on the repository.

Example
"https://api.github.com/repos/octocat/Hello-World/hooks"

No schema

message

string

documentation_url

string

url

string

status

string

message

string or null

documentation_url

string or null

detail

string or null

status

int

scimType

string or null

schemas

array[string]

string

message

string

documentation_url

string

url

string

status

string

message

string

documentation_url

string

url

string

status

string

message

string

required

documentation_url

string

required

errors

array[string]

string

List organization secrets

get /orgs/{org}/dependabot/secrets

Lists all secrets available in an organization without revealing their encrypted values. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

org

string

required

The organization name. The name is not case sensitive.

per_page

int

The number of results per page (max 100).

Default
30

page

int

Page number of the results to fetch.

Default
1

Response

Examples Schema

Response

{
  "total_count": 3,
  "secrets": [
    {
      "name": "MY_ARTIFACTORY_PASSWORD",
      "created_at": "2021-08-10T14:59:22Z",
      "updated_at": "2021-12-10T14:59:22Z",
      "visibility": "private"
    },
    {
      "name": "NPM_TOKEN",
      "created_at": "2021-08-10T14:59:22Z",
      "updated_at": "2021-12-10T14:59:22Z",
      "visibility": "all"
    },
    {
      "name": "GH_TOKEN",
      "created_at": "2021-08-10T14:59:22Z",
      "updated_at": "2021-12-10T14:59:22Z",
      "visibility": "selected",
      "selected_repositories_url": "https://api.github.com/orgs/octo-org/dependabot/secrets/SUPER_SECRET/repositories"
    }
  ]
}

total_count

int

required

secrets

array[object (Dependabot Secret for an Organization)]

required

Dependabot Secret for an Organization

object (Dependabot Secret for an Organization)

Secrets for GitHub Dependabot for an organization.

name

string

required

The name of the secret.

Example
"SECRET_TOKEN"

created_at

string

date-time

required

updated_at

string

date-time

required

visibility

string

required

Visibility of a secret

Enum
  • all
  • private
  • selected

selected_repositories_url

string

uri

Example
"https://api.github.com/organizations/org/dependabot/secrets/my_secret/repositories"

Link

string

Get an organization public key

get /orgs/{org}/dependabot/secrets/public-key

Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

org

string

required

The organization name. The name is not case sensitive.

Response

Examples Schema

Response

{
  "key_id": "012345678912345678",
  "key": "2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234"
}

key_id

string

required

The identifier for the key.

Example
"1234567"

key

string

required

The Base64 encoded public key.

Example
"hBT5WZEj8ZoOv6TYJsfWq7MxTEQopZO5/IT3ZCVQPzs="

Get an organization secret

get /orgs/{org}/dependabot/secrets/{secret_name}

Gets a single organization secret without revealing its encrypted value. You must authenticate using an access token with the admin:org scope to use this endpoint. GitHub Apps must have the dependabot_secrets organization permission to use this endpoint.

org

string

required

The organization name. The name is not case sensitive.

secret_name

string

required

The name of the secret.

Response

Examples Schema

Response

{
  "name": "NPM_TOKEN",
  "created_at": "2019-08-10T14:59:22Z",
  "updated_at": "2020-01-10T14:59:22Z",
  "visibility": "selected",
  "selected_repositories_url": "https://api.github.com/orgs/octo-org/dependabot/secrets/NPM_TOKEN/repositories"
}

name

string

required

The name of the secret.

Example
"SECRET_TOKEN"

created_at

string

date-time

required

updated_at

string

date-time

required

visibility

string

required

Visibility of a secret

Enum
  • all
  • private
  • selected
<