The Wayback Machine - https://web.archive.org/web/20230105012600/https://docs.github.com/ru/enterprise-server@3.6/rest/dependency-graph/dependency-review
Skip to main content

Проверка зависимостей

API проверки зависимостей позволяет разобраться в изменениях в зависимостях и в том, как эти изменения влияют на безопасность, прежде чем добавить их в среду.

Сведения об API проверки зависимостей

API проверки зависимостей позволяет разобраться в изменениях в зависимостях и в том, как эти изменения влияют на безопасность, прежде чем добавить их в среду. Вы можете просматривать различия в зависимостях между двумя фиксациями репозитория, включая данные об уязвимостях в любых обновлениях версий с известными уязвимостями. Дополнительные сведения о проверке зависимостей см. в разделе Сведения о проверке зависимостей.

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

Параметры

Headers
Name, Type, Description
acceptstring

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
ownerstringRequired

The account owner of the repository. The name is not case sensitive.

repostringRequired

The name of the repository. The name is not case sensitive.

baseheadstringRequired

The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format {base}...{head}.

Query parameters
Name, Type, Description
namestring

The full path, relative to the repository root, of the dependency manifest file.

Коды состояния HTTP-ответа

Код состоянияОписание
200

OK

403

Forbidden

404

Resource not found

Примеры кода

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ http(s)://HOSTNAME/api/v3/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200
[ { "change_type": "removed", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "4.6.0", "package_url": "pkg:npm/helmet@4.6.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "5.0.0", "package_url": "pkg:npm/helmet@5.0.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "Gemfile", "ecosystem": "rubygems", "name": "ruby-openid", "version": "2.7.0", "package_url": "pkg:gem/ruby-openid@2.7.0", "license": null, "source_repository_url": "https://github.com/openid/ruby-openid", "vulnerabilities": [ { "severity": "critical", "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49", "advisory_summary": "Ruby OpenID", "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49" } ] } ]