The list of status checks to require in order to merge into this branch.
", - "items": { - "type": "string" - }, - "name": "contexts", - "in": "body", - "rawType": "array", - "rawDescription": "The list of status checks to require in order to merge into this branch.", - "childParamsGroups": [] } }, "required": [ @@ -31108,18 +31096,6 @@ "rawType": "boolean", "rawDescription": "Requires all conversations on code to be resolved before a pull request can be merged into a branch that matches this rule. Set to `false` to disable. Default: `false`.", "childParamsGroups": [] - }, - { - "type": "array of strings", - "description": "The list of status checks to require in order to merge into this branch.
", - "items": { - "type": "string" - }, - "name": "contexts", - "in": "body", - "rawType": "array", - "rawDescription": "The list of status checks to require in order to merge into this branch.", - "childParamsGroups": [] } ] }, @@ -32330,15 +32306,76 @@ "contexts": { "type": "array of strings", "deprecated": true, - "description": "The list of status checks to require in order to merge into this branch
", + "description": "Deprecated: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use checks instead of contexts for more fine-grained control.
The list of status checks to require in order to merge into this branch.
", + "items": { + "type": "object", + "required": [ + "context" + ], + "properties": { + "context": { + "type": "string", + "description": "Required. The name of the required check
", + "name": "context", + "in": "body", + "rawType": "string", + "rawDescription": "The name of the required check", + "childParamsGroups": [] + }, + "app_id": { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status.
", + "name": "app_id", + "in": "body", + "rawType": "integer", + "rawDescription": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status.", + "childParamsGroups": [] + } + } + }, + "name": "checks", + "in": "body", + "rawType": "array", + "rawDescription": "The list of status checks to require in order to merge into this branch.", + "childParamsGroups": [ + { + "parentName": "checks", + "parentType": "items", + "id": "checks-items", + "params": [ + { + "type": "string", + "description": "Required. The name of the required check
", + "name": "context", + "in": "body", + "rawType": "string", + "rawDescription": "The name of the required check", + "childParamsGroups": [] + }, + { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status.
", + "name": "app_id", + "in": "body", + "rawType": "integer", + "rawDescription": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status.", + "childParamsGroups": [] + } + ] + } + ] } } }, @@ -32365,30 +32402,6 @@ "contentType": "application/json", "notes": [], "descriptionHTML": "Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub's products in the GitHub Help documentation.
\nUpdating required status checks requires admin or owner permissions to the repository and branch protection to be enabled.
", - "bodyParameters": [ - { - "type": "boolean", - "description": "Require branches to be up to date before merging.
", - "name": "strict", - "in": "body", - "rawType": "boolean", - "rawDescription": "Require branches to be up to date before merging.", - "childParamsGroups": [] - }, - { - "type": "array of strings", - "deprecated": true, - "description": "The list of status checks to require in order to merge into this branch
", - "items": { - "type": "string" - }, - "name": "contexts", - "in": "body", - "rawType": "array", - "rawDescription": "The list of status checks to require in order to merge into this branch", - "childParamsGroups": [] - } - ], "responses": [ { "httpStatusCode": "200", @@ -32406,6 +32419,91 @@ "httpStatusMessage": "Unprocessable Entity", "description": "Validation failed" } + ], + "bodyParameters": [ + { + "type": "boolean", + "description": "Require branches to be up to date before merging.
", + "name": "strict", + "in": "body", + "rawType": "boolean", + "rawDescription": "Require branches to be up to date before merging.", + "childParamsGroups": [] + }, + { + "type": "array of strings", + "deprecated": true, + "description": "Deprecated: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use checks instead of contexts for more fine-grained control.
The list of status checks to require in order to merge into this branch.
", + "items": { + "type": "object", + "required": [ + "context" + ], + "properties": { + "context": { + "type": "string", + "description": "Required. The name of the required check
", + "name": "context", + "in": "body", + "rawType": "string", + "rawDescription": "The name of the required check", + "childParamsGroups": [] + }, + "app_id": { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status.
", + "name": "app_id", + "in": "body", + "rawType": "integer", + "rawDescription": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status.", + "childParamsGroups": [] + } + } + }, + "name": "checks", + "in": "body", + "rawType": "array", + "rawDescription": "The list of status checks to require in order to merge into this branch.", + "childParamsGroups": [ + { + "parentName": "checks", + "parentType": "items", + "id": "checks-items", + "params": [ + { + "type": "string", + "description": "Required. The name of the required check
", + "name": "context", + "in": "body", + "rawType": "string", + "rawDescription": "The name of the required check", + "childParamsGroups": [] + }, + { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status.
", + "name": "app_id", + "in": "body", + "rawType": "integer", + "rawDescription": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status.", + "childParamsGroups": [] + } + ] + } + ] + } ] }, { @@ -40513,6 +40611,113 @@ } ] }, + { + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}", + "serverUrl": "https://{hostname}/api/v3", + "parameters": [ + { + "name": "owner", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "descriptionHTML": "" + }, + { + "name": "repo", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "descriptionHTML": "" + }, + { + "name": "analysis_id", + "in": "path", + "description": "The ID of the analysis, as returned from the `GET /repos/{owner}/{repo}/code-scanning/analyses` operation.", + "required": true, + "schema": { + "type": "integer" + }, + "descriptionHTML": "The ID of the analysis, as returned from the GET /repos/{owner}/{repo}/code-scanning/analyses operation.
Allow deletion if the specified analysis is the last in a set. If you attempt to delete the final analysis in a set without setting this parameter to true, you'll get a 400 response with the message: Analysis is last of its type and deletion may result in the loss of historical alert data. Please specify confirm_delete.
curl \\\n -X DELETE \\\n -H \"Accept: application/vnd.github.v3+json\" \\\n https://{hostname}/api/v3/repos/octocat/hello-world/code-scanning/analyses/42await octokit.request('DELETE /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}', {\n owner: 'octocat',\n repo: 'hello-world',\n analysis_id: 42\n})\nDeletes a specified code scanning analysis from a repository. For\nprivate repositories, you must use an access token with the repo scope. For public repositories,\nyou must use an access token with public_repo and repo:security_events scopes.\nGitHub Apps must have the security_events write permission to use this endpoint.
You can delete one analysis at a time.\nTo delete a series of analyses, start with the most recent analysis and work backwards.\nConceptually, the process is similar to the undo function in a text editor.
\nWhen you list the analyses for a repository,\none or more will be identified as deletable in the response:
\n\"deletable\": true\nAn analysis is deletable when it's the most recent in a set of analyses.\nTypically, a repository will have multiple sets of analyses\nfor each enabled code scanning tool,\nwhere a set is determined by a unique combination of analysis values:
\nreftoolanalysis_keyenvironmentIf you attempt to delete an analysis that is not the most recent in a set,\nyou'll get a 400 response with the message:
\nAnalysis specified is not deletable.\nThe response from a successful DELETE operation provides you with\ntwo alternative URLs for deleting the next analysis in the set:\nnext_analysis_url and confirm_delete_url.\nUse the next_analysis_url URL if you want to avoid accidentally deleting the final analysis\nin a set. This is a useful option if you want to preserve at least one analysis\nfor the specified tool in your repository.\nUse the confirm_delete_url URL if you are content to remove all analyses for a tool.\nWhen you delete the last analysis in a set, the value of next_analysis_url and confirm_delete_url\nin the 200 response is null.
As an example of the deletion process,\nlet's imagine that you added a workflow that configured a particular code scanning tool\nto analyze the code in a repository. This tool has added 15 analyses:\n10 on the default branch, and another 5 on a topic branch.\nYou therefore have two separate sets of analyses for this tool.\nYou've now decided that you want to remove all of the analyses for the tool.\nTo do this you must make 15 separate deletion requests.\nTo start, you must find an analysis that's identified as deletable.\nEach set of analyses always has one that's identified as deletable.\nHaving found the deletable analysis for one of the two sets,\ndelete this analysis and then continue deleting the next analysis in the set until they're all deleted.\nThen repeat the process for the second set.\nThe procedure therefore consists of a nested loop:
\nOuter loop:
\nList the analyses for the repository, filtered by tool.
\nParse this list to find a deletable analysis. If found:
\nInner loop:
\nconfirm_delete_url and, if found, use this in the next iteration.The above process assumes that you want to remove all trace of the tool's analyses from the GitHub user interface, for the specified repository, and it therefore uses the confirm_delete_url value. Alternatively, you could use the next_analysis_url value, which would leave the last analysis in each set undeleted to avoid removing a tool's analysis entirely.
{\n \"next_analysis_url\": \"https://api.github.com/repos/octocat/hello-world/code-scanning/analyses/41\",\n \"confirm_delete_url\": \"https://api.github.com/repos/octocat/hello-world/code-scanning/analyses/41?confirm_delete\"\n}\nUploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events write permission to use this endpoint.
There are two places where you can upload code scanning results.
\n--ref refs/pull/42/merge or --ref refs/pull/42/head, then the results appear as alerts in a pull request check. For more information, see \"Triaging code scanning alerts in pull requests.\"--ref refs/heads/my-branch, then the results appear in the Security tab for your repository. For more information, see \"Managing code scanning alerts for your repository.\"You must compress the SARIF-formatted analysis data that you want to upload, using gzip, and then encode it as a Base64 format string. For example:
gzip -c analysis-data.sarif | base64 -w0\nSARIF upload supports a maximum of 1000 results per analysis run. Any results over this limit are ignored. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.
\nThe 202 Accepted, response includes an id value.\nYou can use this ID to check the status of the upload by using this for the /sarifs/{sarif_id} endpoint.\nFor more information, see \"Get information about a SARIF upload.\"
Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events write permission to use this endpoint.
There are two places where you can upload code scanning results.
\n--ref refs/pull/42/merge or --ref refs/pull/42/head, then the results appear as alerts in a pull request check. For more information, see \"Triaging code scanning alerts in pull requests.\"--ref refs/heads/my-branch, then the results appear in the Security tab for your repository. For more information, see \"Managing code scanning alerts for your repository.\"You must compress the SARIF-formatted analysis data that you want to upload, using gzip, and then encode it as a Base64 format string. For example:
gzip -c analysis-data.sarif | base64 -w0\nSARIF upload supports a maximum of 5000 results per analysis run. Any results over this limit are ignored and any SARIF uploads with more than 25,000 results are rejected. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.
\nThe 202 Accepted, response includes an id value.\nYou can use this ID to check the status of the upload by using this for the /sarifs/{sarif_id} endpoint.\nFor more information, see \"Get information about a SARIF upload.\"
Required. The SHA of the commit to which the analysis you are uploading relates.
", diff --git a/lib/rest/static/dereferenced/github.ae.deref.json b/lib/rest/static/dereferenced/github.ae.deref.json index fa36070b30..c2165606cc 100644 --- a/lib/rest/static/dereferenced/github.ae.deref.json +++ b/lib/rest/static/dereferenced/github.ae.deref.json @@ -107536,13 +107536,6 @@ "required_conversation_resolution": { "type": "boolean", "description": "Requires all conversations on code to be resolved before a pull request can be merged into a branch that matches this rule. Set to `false` to disable. Default: `false`." - }, - "contexts": { - "type": "array", - "description": "The list of status checks to require in order to merge into this branch.", - "items": { - "type": "string" - } } }, "required": [ @@ -107629,6 +107622,26 @@ "type": "string" } }, + "checks": { + "type": "array", + "items": { + "type": "object", + "properties": { + "context": { + "type": "string", + "example": "continuous-integration/travis-ci" + }, + "app_id": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "context", + "app_id" + ] + } + }, "contexts_url": { "type": "string", "format": "uri", @@ -107639,7 +107652,8 @@ "url", "contexts_url", "strict", - "contexts" + "contexts", + "checks" ] }, "required_pull_request_reviews": { @@ -110222,6 +110236,26 @@ "type": "string" } }, + "checks": { + "type": "array", + "items": { + "type": "object", + "properties": { + "context": { + "type": "string", + "example": "continuous-integration/travis-ci" + }, + "app_id": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "context", + "app_id" + ] + } + }, "contexts_url": { "type": "string", "format": "uri", @@ -110232,7 +110266,8 @@ "url", "contexts_url", "strict", - "contexts" + "contexts", + "checks" ] }, "examples": { @@ -110337,10 +110372,30 @@ "contexts": { "type": "array", "deprecated": true, - "description": "The list of status checks to require in order to merge into this branch", + "description": "**Deprecated**: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use `checks` instead of `contexts` for more fine-grained control.\n", "items": { "type": "string" } + }, + "checks": { + "type": "array", + "description": "The list of status checks to require in order to merge into this branch.", + "items": { + "type": "object", + "required": [ + "context" + ], + "properties": { + "context": { + "type": "string", + "description": "The name of the required check" + }, + "app_id": { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status." + } + } + } } } }, @@ -110381,6 +110436,26 @@ "type": "string" } }, + "checks": { + "type": "array", + "items": { + "type": "object", + "properties": { + "context": { + "type": "string", + "example": "continuous-integration/travis-ci" + }, + "app_id": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "context", + "app_id" + ] + } + }, "contexts_url": { "type": "string", "format": "uri", @@ -110391,7 +110466,8 @@ "url", "contexts_url", "strict", - "contexts" + "contexts", + "checks" ] }, "examples": { @@ -133103,12 +133179,242 @@ "githubCloudOnly": false, "category": "code-scanning" } + }, + "delete": { + "summary": "Delete a code scanning analysis from a repository", + "description": "Deletes a specified code scanning analysis from a repository. For\nprivate repositories, you must use an access token with the `repo` scope. For public repositories,\nyou must use an access token with `public_repo` and `repo:security_events` scopes.\nGitHub Apps must have the `security_events` write permission to use this endpoint.\n\nYou can delete one analysis at a time.\nTo delete a series of analyses, start with the most recent analysis and work backwards.\nConceptually, the process is similar to the undo function in a text editor.\n\nWhen you list the analyses for a repository,\none or more will be identified as deletable in the response:\n\n```\n\"deletable\": true\n```\n\nAn analysis is deletable when it's the most recent in a set of analyses.\nTypically, a repository will have multiple sets of analyses\nfor each enabled code scanning tool,\nwhere a set is determined by a unique combination of analysis values:\n\n* `ref`\n* `tool`\n* `analysis_key`\n* `environment`\n\nIf you attempt to delete an analysis that is not the most recent in a set,\nyou'll get a 400 response with the message:\n\n```\nAnalysis specified is not deletable.\n```\n\nThe response from a successful `DELETE` operation provides you with\ntwo alternative URLs for deleting the next analysis in the set:\n`next_analysis_url` and `confirm_delete_url`.\nUse the `next_analysis_url` URL if you want to avoid accidentally deleting the final analysis\nin a set. This is a useful option if you want to preserve at least one analysis\nfor the specified tool in your repository.\nUse the `confirm_delete_url` URL if you are content to remove all analyses for a tool.\nWhen you delete the last analysis in a set, the value of `next_analysis_url` and `confirm_delete_url`\nin the 200 response is `null`.\n\nAs an example of the deletion process,\nlet's imagine that you added a workflow that configured a particular code scanning tool\nto analyze the code in a repository. This tool has added 15 analyses:\n10 on the default branch, and another 5 on a topic branch.\nYou therefore have two separate sets of analyses for this tool.\nYou've now decided that you want to remove all of the analyses for the tool.\nTo do this you must make 15 separate deletion requests.\nTo start, you must find an analysis that's identified as deletable.\nEach set of analyses always has one that's identified as deletable.\nHaving found the deletable analysis for one of the two sets,\ndelete this analysis and then continue deleting the next analysis in the set until they're all deleted.\nThen repeat the process for the second set.\nThe procedure therefore consists of a nested loop:\n\n**Outer loop**:\n* List the analyses for the repository, filtered by tool.\n* Parse this list to find a deletable analysis. If found:\n\n **Inner loop**:\n * Delete the identified analysis.\n * Parse the response for the value of `confirm_delete_url` and, if found, use this in the next iteration.\n\nThe above process assumes that you want to remove all trace of the tool's analyses from the GitHub user interface, for the specified repository, and it therefore uses the `confirm_delete_url` value. Alternatively, you could use the `next_analysis_url` value, which would leave the last analysis in each set undeleted to avoid removing a tool's analysis entirely.", + "operationId": "code-scanning/delete-analysis", + "tags": [ + "code-scanning" + ], + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/github-ae@latest/rest/reference/code-scanning#delete-a-code-scanning-analysis-from-a-repository" + }, + "parameters": [ + { + "name": "owner", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "analysis_id", + "in": "path", + "description": "The ID of the analysis, as returned from the `GET /repos/{owner}/{repo}/code-scanning/analyses` operation.", + "required": true, + "schema": { + "type": "integer" + } + }, + { + "name": "confirm_delete", + "in": "query", + "description": "Allow deletion if the specified analysis is the last in a set. If you attempt to delete the final analysis in a set without setting this parameter to `true`, you'll get a 400 response with the message: `Analysis is last of its type and deletion may result in the loss of historical alert data. Please specify confirm_delete.`", + "required": false, + "schema": { + "type": "string", + "nullable": true + } + } + ], + "responses": { + "200": { + "description": "Response", + "content": { + "application/json": { + "schema": { + "title": "Analysis deletion", + "description": "Successful deletion of a code scanning analysis", + "type": "object", + "properties": { + "next_analysis_url": { + "type": "string", + "description": "Next deletable analysis in chain, without last analysis deletion confirmation", + "format": "uri", + "readOnly": true, + "nullable": true + }, + "confirm_delete_url": { + "type": "string", + "description": "Next deletable analysis in chain, with last analysis deletion confirmation", + "format": "uri", + "readOnly": true, + "nullable": true + } + }, + "required": [ + "next_analysis_url", + "confirm_delete_url" + ] + }, + "examples": { + "default-response": { + "summary": "Default response", + "value": { + "next_analysis_url": "https://api.github.com/repos/octocat/hello-world/code-scanning/analyses/41", + "confirm_delete_url": "https://api.github.com/repos/octocat/hello-world/code-scanning/analyses/41?confirm_delete" + } + } + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + }, + "application/scim+json": { + "schema": { + "title": "Scim Error", + "description": "Scim Error", + "type": "object", + "properties": { + "message": { + "type": "string", + "nullable": true + }, + "documentation_url": { + "type": "string", + "nullable": true + }, + "detail": { + "type": "string", + "nullable": true + }, + "status": { + "type": "integer" + }, + "scimType": { + "type": "string", + "nullable": true + }, + "schemas": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "403": { + "description": "Response if the repository is archived or if github advanced security is not enabled for this repository", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + } + } + } + } + } + } + }, + "x-github": { + "enabledForGitHubApps": true, + "githubCloudOnly": false, + "category": "code-scanning" + } } }, "/repos/{owner}/{repo}/code-scanning/sarifs": { "post": { "summary": "Upload an analysis as SARIF data", - "description": "Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the `security_events` scope to use this endpoint. GitHub Apps must have the `security_events` write permission to use this endpoint.\n\nThere are two places where you can upload code scanning results.\n - If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see \"[Triaging code scanning alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests).\"\n - If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see \"[Managing code scanning alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository).\"\n\nYou must compress the SARIF-formatted analysis data that you want to upload, using `gzip`, and then encode it as a Base64 format string. For example:\n\n```\ngzip -c analysis-data.sarif | base64 -w0\n```\n\nSARIF upload supports a maximum of 1000 results per analysis run. Any results over this limit are ignored. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.\n\nThe `202 Accepted`, response includes an `id` value.\nYou can use this ID to check the status of the upload by using this for the `/sarifs/{sarif_id}` endpoint.\nFor more information, see \"[Get information about a SARIF upload](/rest/reference/code-scanning#get-information-about-a-sarif-upload).\"", + "description": "Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the `security_events` scope to use this endpoint. GitHub Apps must have the `security_events` write permission to use this endpoint.\n\nThere are two places where you can upload code scanning results.\n - If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see \"[Triaging code scanning alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests).\"\n - If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see \"[Managing code scanning alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository).\"\n\nYou must compress the SARIF-formatted analysis data that you want to upload, using `gzip`, and then encode it as a Base64 format string. For example:\n\n```\ngzip -c analysis-data.sarif | base64 -w0\n```\n\nSARIF upload supports a maximum of 5000 results per analysis run. Any results over this limit are ignored and any SARIF uploads with more than 25,000 results are rejected. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.\n\nThe `202 Accepted`, response includes an `id` value.\nYou can use this ID to check the status of the upload by using this for the `/sarifs/{sarif_id}` endpoint.\nFor more information, see \"[Get information about a SARIF upload](/rest/reference/code-scanning#get-information-about-a-sarif-upload).\"", "operationId": "code-scanning/upload-sarif", "tags": [ "code-scanning"