REST API endpoints for Dependabot repository access - GitHub Enterprise Server 3.18 Docs

About Dependabot repository access

You can list repositories that Dependabot already has access to and set a default repository access level for Dependabot.

Lists the repositories Dependabot can access in an organization

Lists repositories that organization admins have allowed Dependabot to access when updating dependencies.

Note

This operation supports both server-to-server and user-to-server access. Unauthorized users will not see the existence of this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Administration" organization permissions (read)

Parameters for "Lists the repositories Dependabot can access in an organization"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Query parameters
Name, Type, Description
`page` integer The page number of results to fetch. Default: `1`
`per_page` integer Number of results per page. Default: `30`

http_status_code

status_code	Description
`200`	OK
`403`	Forbidden
`404`	Resource not found

code_samples

request_example

get/orgs/{org}/dependabot/repository-access

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/orgs/ORG/dependabot/repository-access

Response

Status: 200

{
  "default_level": "public",
  "accessible_repositories": [
    {
      "id": 123456,
      "node_id": "MDEwOlJlcG9zaXRvcnkxMjM0NTY=",
      "name": "example-repo",
      "full_name": "octocat/example-repo",
      "owner": {
        "name": "octocat",
        "email": "octo@github.com",
        "login": "octocat",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://avatars.githubusercontent.com/u/1?v=4",
        "gravatar_id": 1,
        "url": "https://HOSTNAME/users/octocat",
        "html_url": "https://github.com/octocat/example-repo",
        "followers_url": "https://HOSTNAME/users/octocat/followers",
        "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
        "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
        "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
        "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
        "organizations_url": "https://HOSTNAME/users/octocat/orgs",
        "repos_url": "https://HOSTNAME/users/octocat/repos",
        "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
        "received_events_url": "https://HOSTNAME/users/octocat/received_events",
        "type": "User",
        "site_admin": false,
        "starred_at": "\"2020-07-09T00:17:55Z\"",
        "user_view_type": "default"
      },
      "private": false,
      "html_url": "https://github.com/octocat/example-repo",
      "description": "This is an example repository.",
      "fork": false,
      "url": "https://HOSTNAME/repos/octocat/example-repo",
      "archive_url": "https://HOSTNAME/repos/octocat/example-repo/{archive_format}{/ref}",
      "assignees_url": "https://HOSTNAME/repos/octocat/example-repo/assignees{/user}",
      "blobs_url": "https://HOSTNAME/repos/octocat/example-repo/git/blobs{/sha}",
      "branches_url": "https://HOSTNAME/repos/octocat/example-repo/branches{/branch}",
      "collaborators_url": "https://HOSTNAME/repos/octocat/example-repo/collaborators{/collaborator}",
      "comments_url": "https://HOSTNAME/repos/octocat/example-repo/comments{/number}",
      "commits_url": "https://HOSTNAME/repos/octocat/example-repo/commits{/sha}",
      "compare_url": "https://HOSTNAME/repos/octocat/example-repo/compare/{base}...{head}",
      "contents_url": "https://HOSTNAME/repos/octocat/example-repo/contents/{+path}",
      "contributors_url": "https://HOSTNAME/repos/octocat/example-repo/contributors",
      "deployments_url": "https://HOSTNAME/repos/octocat/example-repo/deployments",
      "downloads_url": "https://HOSTNAME/repos/octocat/example-repo/downloads",
      "events_url": "https://HOSTNAME/repos/octocat/example-repo/events",
      "forks_url": "https://HOSTNAME/repos/octocat/example-repo/forks",
      "git_commits_url": "https://HOSTNAME/repos/octocat/example-repo/git/commits{/sha}",
      "git_refs_url": "https://HOSTNAME/repos/octocat/example-repo/git/refs{/sha}",
      "git_tags_url": "https://HOSTNAME/repos/octocat/example-repo/git/tags{/sha}",
      "issue_comment_url": "https://HOSTNAME/repos/octocat/example-repo/issues/comments{/number}",
      "issue_events_url": "https://HOSTNAME/repos/octocat/example-repo/issues/events{/number}",
      "issues_url": "https://HOSTNAME/repos/octocat/example-repo/issues{/number}",
      "keys_url": "https://HOSTNAME/repos/octocat/example-repo/keys{/key_id}",
      "labels_url": "https://HOSTNAME/repos/octocat/example-repo/labels{/name}",
      "languages_url": "https://HOSTNAME/repos/octocat/example-repo/languages",
      "merges_url": "https://HOSTNAME/repos/octocat/example-repo/merges",
      "milestones_url": "https://HOSTNAME/repos/octocat/example-repo/milestones{/number}",
      "notifications_url": "https://HOSTNAME/repos/octocat/example-repo/notifications{?since,all,participating}",
      "pulls_url": "https://HOSTNAME/repos/octocat/example-repo/pulls{/number}",
      "releases_url": "https://HOSTNAME/repos/octocat/example-repo/releases{/id}",
      "stargazers_url": "https://HOSTNAME/repos/octocat/example-repo/stargazers",
      "statuses_url": "https://HOSTNAME/repos/octocat/example-repo/statuses/{sha}",
      "subscribers_url": "https://HOSTNAME/repos/octocat/example-repo/subscribers",
      "subscription_url": "https://HOSTNAME/repos/octocat/example-repo/subscription",
      "tags_url": "https://HOSTNAME/repos/octocat/example-repo/tags",
      "teams_url": "https://HOSTNAME/repos/octocat/example-repo/teams",
      "trees_url": "https://HOSTNAME/repos/octocat/example-repo/git/trees{/sha}",
      "hooks_url": "https://HOSTNAME/repos/octocat/example-repo/hooks"
    }
  ]
}

Updates Dependabot's repository access list for an organization

Updates repositories according to the list of repositories that organization admins have given Dependabot access to when they've updated dependencies.

Note

This operation supports both server-to-server and user-to-server access. Unauthorized users will not see the existence of this endpoint.

Example request body:

{
  "repository_ids_to_add": [123, 456],
  "repository_ids_to_remove": [789]
}

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Administration" organization permissions (write)

Parameters for "Updates Dependabot's repository access list for an organization"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Body parameters
Name, Type, Description
`repository_ids_to_add` array of integers List of repository IDs to add.
`repository_ids_to_remove` array of integers List of repository IDs to remove.

http_status_code

status_code	Description
`204`	No Content
`403`	Forbidden
`404`	Resource not found

code_samples

request_example

patch/orgs/{org}/dependabot/repository-access

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/orgs/ORG/dependabot/repository-access

Response

Status: 204

Set the default repository access level for Dependabot

Sets the default level of repository access Dependabot will have while performing an update. Available values are:

'public' - Dependabot will only have access to public repositories, unless access is explicitly granted to non-public repositories.
'internal' - Dependabot will only have access to public and internal repositories, unless access is explicitly granted to private repositories.

Unauthorized users will not see the existence of this endpoint.

This operation supports both server-to-server and user-to-server access.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Administration" organization permissions (write)

Parameters for "Set the default repository access level for Dependabot"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Body parameters
Name, Type, Description
`default_level` string Required The default repository access level for Dependabot updates. Can be one of: `public`, `internal`

http_status_code

status_code	Description
`204`	No Content
`403`	Forbidden
`404`	Resource not found

code_samples

request_example

put/orgs/{org}/dependabot/repository-access/default-level

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/orgs/ORG/dependabot/repository-access/default-level \
  -d '{"default_level":"public"}'

Response

Status: 204