Конечные точки REST API для проверки зависимостей

Используйте REST API для взаимодействия с изменениями зависимостей.

Сведения о проверке зависимостей

Rest API можно использовать для просмотра изменений зависимостей и влияния на безопасность этих изменений, прежде чем добавлять их в среду. Вы можете просматривать различия в зависимостях между двумя фиксациями репозитория, включая данные об уязвимостях в любых обновлениях версий с известными уязвимостями. Дополнительные сведения о проверке зависимостей см. в разделе Сведения о проверке зависимостей.

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Contents" repository permissions (read)

allows_public_read_access

Параметры для «Get a diff of the dependencies between commits»

Заголовки
Имя., Тип, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Параметры пути
Имя., Тип, Description
`owner` string Обязательное поле The account owner of the repository. The name is not case sensitive.
`repo` string Обязательное поле The name of the repository without the `.git` extension. The name is not case sensitive.
`basehead` string Обязательное поле The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format `{base}...{head}`.

Параметры запроса
Имя., Тип, Description
`name` string The full path, relative to the repository root, of the dependency manifest file.

http_status_code

status_code	Description
`200`	OK
`403`	Response for a private repository when GitHub Advanced Security is not enabled, or if used against a fork
`404`	Resource not found

code_samples

request_example

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200

[
  {
    "change_type": "removed",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "4.6.0",
    "package_url": "pkg:npm/helmet@4.6.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "package.json",
    "ecosystem": "npm",
    "name": "helmet",
    "version": "5.0.0",
    "package_url": "pkg:npm/helmet@5.0.0",
    "license": "MIT",
    "source_repository_url": "https://github.com/helmetjs/helmet",
    "vulnerabilities": []
  },
  {
    "change_type": "added",
    "manifest": "Gemfile",
    "ecosystem": "rubygems",
    "name": "ruby-openid",
    "version": "2.7.0",
    "package_url": "pkg:gem/ruby-openid@2.7.0",
    "license": null,
    "source_repository_url": "https://github.com/openid/ruby-openid",
    "vulnerabilities": [
      {
        "severity": "critical",
        "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
        "advisory_summary": "Ruby OpenID",
        "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
      }
    ]
  }
]