Puntos de conexión de la API de REST para la revisión de dependencias

Usa la API de REST para interactuar con los cambios de dependencia.

Acerca de la revisión de dependencias

Puedes usar la API de REST para ver los cambios de dependencia y el impacto de estos cambios en la seguridad antes de agregarlos a tu entorno. Puede ver la diferencia de dependencias entre dos confirmaciones de un repositorio, incluidos los datos de vulnerabilidad de las actualizaciones de versiones con vulnerabilidades conocidas. Para más información sobre la revisión de dependencias, consulta Acerca de la revisión de dependencias.

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Contents" repository permissions (read)

allows_public_read_access

Parámetros para "Get a diff of the dependencies between commits"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
`owner` string Obligatorio The account owner of the repository. The name is not case sensitive.
`repo` string Obligatorio The name of the repository without the `.git` extension. The name is not case sensitive.
`basehead` string Obligatorio The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format `{base}...{head}`.

Parámetros de consulta
Nombre, Tipo, Descripción
`name` string The full path, relative to the repository root, of the dependency manifest file.

http_status_code

status_code	Descripción
`200`	OK
`403`	Response for a private repository when GitHub Advanced Security is not enabled, or if used against a fork
`404`	Resource not found

code_samples

request_example

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200

[
  {
    "change_type": "removed",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "4.6.0",
    "package_url": "pkg:npm/helmet@4.6.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "5.0.0",
    "package_url": "pkg:npm/helmet@5.0.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "Gemfile",
    "ecosystem": "rubygems",
    "name": "ruby-openid",
    "version": "2.7.0",
    "package_url": "pkg:gem/ruby-openid@2.7.0",
    "license": null,
    "source_repository_url": "https://github.com/openid/ruby-openid",
    "vulnerabilities": [
      {
        "severity": "critical",
        "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
        "advisory_summary": "Ruby OpenID",
        "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
      }
    ]
  }
]