DEV Community 👩‍💻👨‍💻

Wahyu Kristianto for Devtical

Posted on

GitHub Dependabot alerts REST API is now available!

GitHub sends Dependabot alerts when it detects that your repository uses a vulnerable dependency or malware.

For more information, see About Dependabot alerts if you don't know about Dependabot yet.

GitHub announced that Dependabot alerts REST API is now available in public beta.

Endpoints

You must use an access token with the security_events scope to use endpoints with private repositories. You can also use tokens with the public_repo scope for public repositories only.

List Dependabot alerts for a repository

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts
Enter fullscreen mode Exit fullscreen mode

Get a Dependabot alert

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER
Enter fullscreen mode Exit fullscreen mode

Update a Dependabot alert

GitHub Apps must have Dependabot alerts write permission to use this endpoint.

curl \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \
  -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'
Enter fullscreen mode Exit fullscreen mode

Latest comments (0)

We want your help! Become a Tag Moderator.
Check out this survey and help us moderate our community by becoming a tag moderator here at DEV.