Secret Scanning
Download SpecRetrieve secret scanning alerts from a repository.
List secret scanning alerts for an enterprise
Lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest.
To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager.
enterprise
string
required
The slug version of the enterprise name. You can also substitute this value with the enterprise id.
state
string
Set to open or resolved to only list secret scanning alerts in a specific state.
- Enum
-
- open
- resolved
secret_type
string
A comma-separated list of secret types to return. By default all secret types are returned. See "Secret scanning patterns" for a complete list of secret types.
resolution
string
A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests.
sort
string
The property to sort the results by. created means when the alert was created. updated means when the alert was updated or resolved.
- Default
- "created"
- Enum
-
- created
- updated
direction
string
The direction to sort the results by.
- Default
- "desc"
- Enum
-
- asc
- desc
per_page
int
The number of results per page (max 100).
- Default
- 30
before
string
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.
after
string
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.
Response
Response
Resource not found
Service unavailable
array[object]
object
number
int
The security alert number.
created_at
string
date-time
The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
updated_at
string or null
date-time
The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
url
string
uri
The REST API URL of the alert resource.
html_url
string
uri
The GitHub URL of the alert resource.
locations_url
string
uri
The REST API URL of the code locations for this alert.
state
string
Sets the state of the secret scanning alert. You must provide resolution when you set the state to resolved.
- Enum
-
- open
- resolved
resolution
string or null
Required when the state is resolved. The reason for resolving the alert.
- Enum
-
- false_positive
- wont_fix
- revoked
- used_in_tests
resolved_at
string or null
date-time
The time that the alert was resolved in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
resolved_by
object (resolved_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
secret_type
string
The type of secret that secret scanning detected.
secret_type_display_name
string
User-friendly name for the detected secret, matching the secret_type.
For a list of built-in patterns, see "Secret scanning patterns."
secret
string
The secret that was detected.
repository
object (repository)
A GitHub repository.
id
int
required
A unique identifier of the repository.
- Example
- 1296269
node_id
string
required
The GraphQL identifier of the repository.
- Example
- "MDEwOlJlcG9zaXRvcnkxMjk2MjY5"
name
string
required
The name of the repository.
- Example
- "Hello-World"
full_name
string
required
The full, globally unique, name of the repository.
- Example
- "octocat/Hello-World"
owner
object (owner)
required
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
private
boolean
required
Whether the repository is private.
html_url
string
uri
required
The URL to view the repository on GitHub.com.
- Example
- "https://github.com/octocat/Hello-World"
description
string or null
required
The repository description.
- Example
- "This your first repo!"
fork
boolean
required
Whether the repository is a fork.
url
string
uri
required
The URL to get more information about the repository from the GitHub API.
- Example
- "https://api.github.com/repos/octocat/Hello-World"
archive_url
string
required
A template for the API URL to download the repository as an archive.
- Example
- "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}"
assignees_url
string
required
A template for the API URL to list the available assignees for issues in the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/assignees{/user}"
blobs_url
string
required
A template for the API URL to create or retrieve a raw Git blob in the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}"
branches_url
string
required
A template for the API URL to get information about branches in the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/branches{/branch}"
collaborators_url
string
required
A template for the API URL to get information about collaborators of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}"
comments_url
string
required
A template for the API URL to get information about comments on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/comments{/number}"
commits_url
string
required
A template for the API URL to get information about commits on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/commits{/sha}"
compare_url
string
required
A template for the API URL to compare two commits or refs.
- Example
- "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}"
contents_url
string
required
A template for the API URL to get the contents of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/contents/{+path}"
contributors_url
string
uri
required
A template for the API URL to list the contributors to the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/contributors"
deployments_url
string
uri
required
The API URL to list the deployments of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/deployments"
downloads_url
string
uri
required
The API URL to list the downloads on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/downloads"
events_url
string
uri
required
The API URL to list the events of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/events"
forks_url
string
uri
required
The API URL to list the forks of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/forks"
git_commits_url
string
required
A template for the API URL to get information about Git commits of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}"
git_refs_url
string
required
A template for the API URL to get information about Git refs of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}"
git_tags_url
string
required
A template for the API URL to get information about Git tags of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}"
issue_comment_url
string
required
A template for the API URL to get information about issue comments on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}"
issue_events_url
string
required
A template for the API URL to get information about issue events on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}"
issues_url
string
required
A template for the API URL to get information about issues on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/issues{/number}"
keys_url
string
required
A template for the API URL to get information about deploy keys on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}"
labels_url
string
required
A template for the API URL to get information about labels of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/labels{/name}"
languages_url
string
uri
required
The API URL to get information about the languages of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/languages"
merges_url
string
uri
required
The API URL to merge branches in the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/merges"
milestones_url
string
required
A template for the API URL to get information about milestones of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/milestones{/number}"
notifications_url
string
required
A template for the API URL to get information about notifications on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}"
pulls_url
string
required
A template for the API URL to get information about pull requests on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/pulls{/number}"
releases_url
string
required
A template for the API URL to get information about releases on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/releases{/id}"
stargazers_url
string
uri
required
The API URL to list the stargazers on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/stargazers"
statuses_url
string
required
A template for the API URL to get information about statuses of a commit.
- Example
- "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}"
subscribers_url
string
uri
required
The API URL to list the subscribers on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/subscribers"
subscription_url
string
uri
required
The API URL to subscribe to notifications for this repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/subscription"
tags_url
string
uri
required
The API URL to get information about tags on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/tags"
teams_url
string
uri
required
The API URL to list the teams on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/teams"
trees_url
string
required
A template for the API URL to create or retrieve a raw Git tree of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}"
hooks_url
string
uri
required
The API URL to list the hooks on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/hooks"
push_protection_bypassed
boolean or null
Whether push protection was bypassed for the detected secret.
push_protection_bypassed_by
object (push_protection_bypassed_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
push_protection_bypassed_at
string or null
date-time
The time that push protection was bypassed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
resolution_comment
string or null
The comment that was optionally added when this alert was closed
Link
string
message
string
documentation_url
string
url
string
status
string
code
string
message
string
documentation_url
string
List secret scanning alerts for an organization
Lists secret scanning alerts for eligible repositories in an organization, from newest to oldest.
To use this endpoint, you must be an administrator or security manager for the organization, and you must use an access token with the repo scope or security_events scope.
For public repositories, you may instead use the public_repo scope.
GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.
org
string
required
The organization name. The name is not case sensitive.
state
string
Set to open or resolved to only list secret scanning alerts in a specific state.
- Enum
-
- open
- resolved
secret_type
string
A comma-separated list of secret types to return. By default all secret types are returned. See "Secret scanning patterns" for a complete list of secret types.
resolution
string
A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests.
sort
string
The property to sort the results by. created means when the alert was created. updated means when the alert was updated or resolved.
- Default
- "created"
- Enum
-
- created
- updated
direction
string
The direction to sort the results by.
- Default
- "desc"
- Enum
-
- asc
- desc
page
int
Page number of the results to fetch.
- Default
- 1
per_page
int
The number of results per page (max 100).
- Default
- 30
before
string
A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. To receive an initial cursor on your first request, include an empty "before" query string.
after
string
A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. To receive an initial cursor on your first request, include an empty "after" query string.
Response
Response
Resource not found
Service unavailable
array[object]
object
number
int
The security alert number.
created_at
string
date-time
The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
updated_at
string or null
date-time
The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
url
string
uri
The REST API URL of the alert resource.
html_url
string
uri
The GitHub URL of the alert resource.
locations_url
string
uri
The REST API URL of the code locations for this alert.
state
string
Sets the state of the secret scanning alert. You must provide resolution when you set the state to resolved.
- Enum
-
- open
- resolved
resolution
string or null
Required when the state is resolved. The reason for resolving the alert.
- Enum
-
- false_positive
- wont_fix
- revoked
- used_in_tests
resolved_at
string or null
date-time
The time that the alert was resolved in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
resolved_by
object (resolved_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
secret_type
string
The type of secret that secret scanning detected.
secret_type_display_name
string
User-friendly name for the detected secret, matching the secret_type.
For a list of built-in patterns, see "Secret scanning patterns."
secret
string
The secret that was detected.
repository
object (repository)
A GitHub repository.
id
int
required
A unique identifier of the repository.
- Example
- 1296269
node_id
string
required
The GraphQL identifier of the repository.
- Example
- "MDEwOlJlcG9zaXRvcnkxMjk2MjY5"
name
string
required
The name of the repository.
- Example
- "Hello-World"
full_name
string
required
The full, globally unique, name of the repository.
- Example
- "octocat/Hello-World"
owner
object (owner)
required
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
private
boolean
required
Whether the repository is private.
html_url
string
uri
required
The URL to view the repository on GitHub.com.
- Example
- "https://github.com/octocat/Hello-World"
description
string or null
required
The repository description.
- Example
- "This your first repo!"
fork
boolean
required
Whether the repository is a fork.
url
string
uri
required
The URL to get more information about the repository from the GitHub API.
- Example
- "https://api.github.com/repos/octocat/Hello-World"
archive_url
string
required
A template for the API URL to download the repository as an archive.
- Example
- "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}"
assignees_url
string
required
A template for the API URL to list the available assignees for issues in the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/assignees{/user}"
blobs_url
string
required
A template for the API URL to create or retrieve a raw Git blob in the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}"
branches_url
string
required
A template for the API URL to get information about branches in the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/branches{/branch}"
collaborators_url
string
required
A template for the API URL to get information about collaborators of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}"
comments_url
string
required
A template for the API URL to get information about comments on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/comments{/number}"
commits_url
string
required
A template for the API URL to get information about commits on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/commits{/sha}"
compare_url
string
required
A template for the API URL to compare two commits or refs.
- Example
- "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}"
contents_url
string
required
A template for the API URL to get the contents of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/contents/{+path}"
contributors_url
string
uri
required
A template for the API URL to list the contributors to the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/contributors"
deployments_url
string
uri
required
The API URL to list the deployments of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/deployments"
downloads_url
string
uri
required
The API URL to list the downloads on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/downloads"
events_url
string
uri
required
The API URL to list the events of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/events"
forks_url
string
uri
required
The API URL to list the forks of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/forks"
git_commits_url
string
required
A template for the API URL to get information about Git commits of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}"
git_refs_url
string
required
A template for the API URL to get information about Git refs of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}"
git_tags_url
string
required
A template for the API URL to get information about Git tags of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}"
issue_comment_url
string
required
A template for the API URL to get information about issue comments on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}"
issue_events_url
string
required
A template for the API URL to get information about issue events on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}"
issues_url
string
required
A template for the API URL to get information about issues on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/issues{/number}"
keys_url
string
required
A template for the API URL to get information about deploy keys on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}"
labels_url
string
required
A template for the API URL to get information about labels of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/labels{/name}"
languages_url
string
uri
required
The API URL to get information about the languages of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/languages"
merges_url
string
uri
required
The API URL to merge branches in the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/merges"
milestones_url
string
required
A template for the API URL to get information about milestones of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/milestones{/number}"
notifications_url
string
required
A template for the API URL to get information about notifications on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}"
pulls_url
string
required
A template for the API URL to get information about pull requests on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/pulls{/number}"
releases_url
string
required
A template for the API URL to get information about releases on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/releases{/id}"
stargazers_url
string
uri
required
The API URL to list the stargazers on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/stargazers"
statuses_url
string
required
A template for the API URL to get information about statuses of a commit.
- Example
- "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}"
subscribers_url
string
uri
required
The API URL to list the subscribers on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/subscribers"
subscription_url
string
uri
required
The API URL to subscribe to notifications for this repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/subscription"
tags_url
string
uri
required
The API URL to get information about tags on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/tags"
teams_url
string
uri
required
The API URL to list the teams on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/teams"
trees_url
string
required
A template for the API URL to create or retrieve a raw Git tree of the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}"
hooks_url
string
uri
required
The API URL to list the hooks on the repository.
- Example
- "https://api.github.com/repos/octocat/Hello-World/hooks"
push_protection_bypassed
boolean or null
Whether push protection was bypassed for the detected secret.
push_protection_bypassed_by
object (push_protection_bypassed_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
push_protection_bypassed_at
string or null
date-time
The time that push protection was bypassed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
resolution_comment
string or null
The comment that was optionally added when this alert was closed
Link
string
message
string
documentation_url
string
url
string
status
string
code
string
message
string
documentation_url
string
List secret scanning alerts for a repository
Lists secret scanning alerts for an eligible repository, from newest to oldest.
To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope.
For public repositories, you may instead use the public_repo scope.
GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.
owner
string
required
The account owner of the repository. The name is not case sensitive.
repo
string
required
The name of the repository. The name is not case sensitive.
state
string
Set to open or resolved to only list secret scanning alerts in a specific state.
- Enum
-
- open
- resolved
secret_type
string
A comma-separated list of secret types to return. By default all secret types are returned. See "Secret scanning patterns" for a complete list of secret types.
resolution
string
A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests.
sort
string
The property to sort the results by. created means when the alert was created. updated means when the alert was updated or resolved.
- Default
- "created"
- Enum
-
- created
- updated
direction
string
The direction to sort the results by.
- Default
- "desc"
- Enum
-
- asc
- desc
page
int
Page number of the results to fetch.
- Default
- 1
per_page
int
The number of results per page (max 100).
- Default
- 30
before
string
A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. To receive an initial cursor on your first request, include an empty "before" query string.
after
string
A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. To receive an initial cursor on your first request, include an empty "after" query string.
Response
Response
Repository is public or secret scanning is disabled for the repository
Empty response
Service unavailable
array[object]
object
number
int
The security alert number.
created_at
string
date-time
The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
updated_at
string or null
date-time
The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
url
string
uri
The REST API URL of the alert resource.
html_url
string
uri
The GitHub URL of the alert resource.
locations_url
string
uri
The REST API URL of the code locations for this alert.
state
string
Sets the state of the secret scanning alert. You must provide resolution when you set the state to resolved.
- Enum
-
- open
- resolved
resolution
string or null
Required when the state is resolved. The reason for resolving the alert.
- Enum
-
- false_positive
- wont_fix
- revoked
- used_in_tests
resolved_at
string or null
date-time
The time that the alert was resolved in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
resolved_by
object (resolved_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
resolution_comment
string or null
An optional comment to resolve an alert.
secret_type
string
The type of secret that secret scanning detected.
secret_type_display_name
string
User-friendly name for the detected secret, matching the secret_type.
For a list of built-in patterns, see "Secret scanning patterns."
secret
string
The secret that was detected.
push_protection_bypassed
boolean or null
Whether push protection was bypassed for the detected secret.
push_protection_bypassed_by
object (push_protection_bypassed_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
push_protection_bypassed_at
string or null
date-time
The time that push protection was bypassed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
No schema
code
string
message
string
documentation_url
string
Get a secret scanning alert
Gets a single secret scanning alert detected in an eligible repository.
To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope.
For public repositories, you may instead use the public_repo scope.
GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.
owner
string
required
The account owner of the repository. The name is not case sensitive.
repo
string
required
The name of the repository. The name is not case sensitive.
alert_number
int
required
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the number field in the response from the GET /repos/{owner}/{repo}/code-scanning/alerts operation.
Response
Response
Not modified
Empty response
Repository is public, or secret scanning is disabled for the repository, or the resource is not found
Empty response
Service unavailable
number
int
The security alert number.
created_at
string
date-time
The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
updated_at
string or null
date-time
The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
url
string
uri
The REST API URL of the alert resource.
html_url
string
uri
The GitHub URL of the alert resource.
locations_url
string
uri
The REST API URL of the code locations for this alert.
state
string
Sets the state of the secret scanning alert. You must provide resolution when you set the state to resolved.
- Enum
-
- open
- resolved
resolution
string or null
Required when the state is resolved. The reason for resolving the alert.
- Enum
-
- false_positive
- wont_fix
- revoked
- used_in_tests
resolved_at
string or null
date-time
The time that the alert was resolved in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
resolved_by
object (resolved_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
resolution_comment
string or null
An optional comment to resolve an alert.
secret_type
string
The type of secret that secret scanning detected.
secret_type_display_name
string
User-friendly name for the detected secret, matching the secret_type.
For a list of built-in patterns, see "Secret scanning patterns."
secret
string
The secret that was detected.
push_protection_bypassed
boolean or null
Whether push protection was bypassed for the detected secret.
push_protection_bypassed_by
object (push_protection_bypassed_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
push_protection_bypassed_at
string or null
date-time
The time that push protection was bypassed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
No schema
No schema
code
string
message
string
documentation_url
string
Update a secret scanning alert
Updates the status of a secret scanning alert in an eligible repository.
To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope.
For public repositories, you may instead use the public_repo scope.
GitHub Apps must have the secret_scanning_alerts write permission to use this endpoint.
owner
string
required
The account owner of the repository. The name is not case sensitive.
repo
string
required
The name of the repository. The name is not case sensitive.
alert_number
int
required
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the number field in the response from the GET /repos/{owner}/{repo}/code-scanning/alerts operation.
state
string
required
Sets the state of the secret scanning alert. You must provide resolution when you set the state to resolved.
- Enum
-
- open
- resolved
resolution
string or null
Required when the state is resolved. The reason for resolving the alert.
- Enum
-
- false_positive
- wont_fix
- revoked
- used_in_tests
resolution_comment
string or null
An optional comment when closing an alert. Cannot be updated or deleted. Must be null when changing state to open.
Request
Response
Response
Bad request, resolution comment is invalid or the resolution was not changed.
Empty response
Repository is public, or secret scanning is disabled for the repository, or the resource is not found
Empty response
State does not match the resolution or resolution comment
Empty response
Service unavailable
number
int
The security alert number.
created_at
string
date-time
The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
updated_at
string or null
date-time
The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
url
string
uri
The REST API URL of the alert resource.
html_url
string
uri
The GitHub URL of the alert resource.
locations_url
string
uri
The REST API URL of the code locations for this alert.
state
string
Sets the state of the secret scanning alert. You must provide resolution when you set the state to resolved.
- Enum
-
- open
- resolved
resolution
string or null
Required when the state is resolved. The reason for resolving the alert.
- Enum
-
- false_positive
- wont_fix
- revoked
- used_in_tests
resolved_at
string or null
date-time
The time that the alert was resolved in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
resolved_by
object (resolved_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
resolution_comment
string or null
An optional comment to resolve an alert.
secret_type
string
The type of secret that secret scanning detected.
secret_type_display_name
string
User-friendly name for the detected secret, matching the secret_type.
For a list of built-in patterns, see "Secret scanning patterns."
secret
string
The secret that was detected.
push_protection_bypassed
boolean or null
Whether push protection was bypassed for the detected secret.
push_protection_bypassed_by
object (push_protection_bypassed_by) or null
A GitHub user.
name
string or null
string or null
login
string
required
- Example
- "octocat"
id
int
required
- Example
- 1
node_id
string
required
- Example
- "MDQ6VXNlcjE="
avatar_url
string
uri
required
- Example
- "https://github.com/images/error/octocat_happy.gif"
gravatar_id
string or null
required
- Example
- "41d064eb2195891e12d0413f63227ea7"
url
string
uri
required
- Example
- "https://api.github.com/users/octocat"
html_url
string
uri
required
- Example
- "https://github.com/octocat"
followers_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/followers"
following_url
string
required
- Example
- "https://api.github.com/users/octocat/following{/other_user}"
gists_url
string
required
- Example
- "https://api.github.com/users/octocat/gists{/gist_id}"
starred_url
string
required
- Example
- "https://api.github.com/users/octocat/starred{/owner}{/repo}"
subscriptions_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/subscriptions"
organizations_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/orgs"
repos_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/repos"
events_url
string
required
- Example
- "https://api.github.com/users/octocat/events{/privacy}"
received_events_url
string
uri
required
- Example
- "https://api.github.com/users/octocat/received_events"
type
string
required
- Example
- "User"
site_admin
boolean
required
starred_at
string
- Example
- "\"2020-07-09T00:17:55Z\""
push_protection_bypassed_at
string or null
date-time
The time that push protection was bypassed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
No schema
No schema
No schema
code
string
message
string
documentation_url
string
List locations for a secret scanning alert
Lists all locations for a given secret scanning alert for an eligible repository.
To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope.
For public repositories, you may instead use the public_repo scope.
GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.
owner
string
required
The account owner of the repository. The name is not case sensitive.
repo
string
required
The name of the repository. The name is not case sensitive.
alert_number
int
required
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the number field in the response from the GET /repos/{owner}/{repo}/code-scanning/alerts operation.
page
int
Page number of the results to fetch.
- Default
- 1
per_page
int
The number of results per page (max 100).
- Default
- 30
Response
Response
Repository is public, or secret scanning is disabled for the repository, or the resource is not found
Empty response
Service unavailable