DEV Community 👩‍💻👨‍💻

Wahyu Kristianto for Devtical

Posted on

GitHub Dependabot alerts REST API is now available!

GitHub sends Dependabot alerts when it detects that your repository uses a vulnerable dependency or malware.

For more information, see About Dependabot alerts if you don't know about Dependabot yet.

GitHub announced that Dependabot alerts REST API is now available in public beta.

Endpoints

You must use an access token with the security_events scope to use endpoints with private repositories. You can also use tokens with the public_repo scope for public repositories only.

List Dependabot alerts for a repository

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts
Enter fullscreen mode Exit fullscreen mode

Get a Dependabot alert

GitHub Apps must have Dependabot alerts read permission to use this endpoint.

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER
Enter fullscreen mode Exit fullscreen mode

Update a Dependabot alert

GitHub Apps must have Dependabot alerts write permission to use this endpoint.

curl \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/dependabot/alerts/ALERT_NUMBER \
  -d '{"state":"dismissed","dismissed_reason":"tolerable_risk","dismissed_comment":"This alert is accurate but we use a sanitizer."}'
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Create an Account!
Now it's your turn!
 
🗒 Share a tutorial
🤔 Reflect on your coding journey
❓ Ask a question

Create an account to join hundreds of thousands of DEV members on their journey.