DEV Community ๐Ÿ‘ฉโ€๐Ÿ’ป๐Ÿ‘จโ€๐Ÿ’ป

Wahyu Kristianto for Devtical

Posted on

GitHub Dependabot alerts REST API is now available!

GitHub sends Dependabot alerts when it detects that your repository uses a vulnerable dependency or malware.

For more information, see About Dependabot alerts if you don't know about Dependabot yet.

GitHub announced that Dependabot alerts REST API is now available in public beta.

Endpoints

You must use an access token with the security_events scope to use endpoints with private repositories. You can also use tokens with the public_repo scope for public repositories only.

List Dependabot alerts for a repository

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts
Enter fullscreen mode Exit fullscreen mode

Get a Dependabot alert

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER
Enter fullscreen mode Exit fullscreen mode

Update a Dependabot alert

GitHub Apps must have Dependabot alerts write permission to use this endpoint.

curl \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \
  -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'
Enter fullscreen mode Exit fullscreen mode

Oldest comments (0)

Join us at DEV
Yes, this is technically an โ€œadโ€, but really we just want to ask if you want to join DEV. We have 900k+ developers reading, posting, and enjoying community, and would love to have you. ย  Create an account and continue your coding journey.