依赖项检查
通过依赖项审查 API,可在将依赖项更改添加到环境之前,了解这些更改以及它们的安全影响。
关于依赖项审查 API
通过依赖项审查 API,你可以在将这些更改添加到环境之前了解依赖项更改以及这些更改的安全影响。 可以查看存储库的两次提交之间的依赖项差异,包括具有已知漏洞的任何版本更新的漏洞数据。 有关依赖项审查的详细信息,请参阅“关于依赖项审查”。
Get a diff of the dependencies between commits
Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.
参数
| Headers |
|---|
| Name, Type, Description |
acceptstringSetting to |
| Path parameters |
| Name, Type, Description |
ownerstringRequiredThe account owner of the repository. The name is not case sensitive. |
repostringRequiredThe name of the repository. The name is not case sensitive. |
baseheadstringRequiredThe base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format |
| Query parameters |
| Name, Type, Description |
namestringThe full path, relative to the repository root, of the dependency manifest file. |
HTTP 响应状态代码
| 状态代码 | 说明 |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
代码示例
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/dependency-graph/compare/BASEHEADResponse
Status: 200[
{
"change_type": "removed",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "4.6.0",
"package_url": "pkg:npm/helmet@4.6.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "package.json",
"ecosystem": "npm",
"name": "helmet",
"version": "5.0.0",
"package_url": "pkg:npm/helmet@5.0.0",
"license": "MIT",
"source_repository_url": "https://github.com/helmetjs/helmet",
"vulnerabilities": []
},
{
"change_type": "added",
"manifest": "Gemfile",
"ecosystem": "rubygems",
"name": "ruby-openid",
"version": "2.7.0",
"package_url": "pkg:gem/ruby-openid@2.7.0",
"license": null,
"source_repository_url": "https://github.com/openid/ruby-openid",
"vulnerabilities": [
{
"severity": "critical",
"advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49",
"advisory_summary": "Ruby OpenID",
"advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49"
}
]
}
]
