DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’» is a community of 963,274 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create account Log in
Wahyu Kristianto for Devtical

Posted on

GitHub Dependabot alerts REST API is now available!

GitHub sends Dependabot alerts when it detects that your repository uses a vulnerable dependency or malware.

For more information, see About Dependabot alerts if you don't know about Dependabot yet.

GitHub announced that Dependabot alerts REST API is now available in public beta.

Endpoints

You must use an access token with the security_events scope to use endpoints with private repositories. You can also use tokens with the public_repo scope for public repositories only.

List Dependabot alerts for a repository

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts
Enter fullscreen mode Exit fullscreen mode

Get a Dependabot alert

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER
Enter fullscreen mode Exit fullscreen mode

Update a Dependabot alert

GitHub Apps must have Dependabot alerts write permission to use this endpoint.

curl \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \
  -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Take a look at this:

Settings

Go to your customization settings to nudge your home feed to show content more relevant to your developer experience level. πŸ›