The account owner of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "state", + "description": "A comma-separated list of states. If specified, only alerts with these states will be returned.
\nCan be: dismissed, fixed, open
A comma-separated list of severities. If specified, only alerts with these severities will be returned.
\nCan be: low, medium, high, critical
A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.
\nCan be: composer, go, maven, npm, nuget, pip, rubygems, rust
A comma-separated list of package names. If specified, only alerts for these packages will be returned.
", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "manifest", + "description": "A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned.
", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "scope", + "description": "Scope of the dependency on a Dependabot alert.
", + "in": "query", + "schema": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + }, + { + "name": "sort", + "description": "The property by which to sort the results.\ncreated means when the alert was created.\nupdated means when the alert's state last changed.
The direction to sort the results by.
", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "default": "desc" + } + }, + { + "name": "page", + "description": "Page number of the results to fetch.
", + "in": "query", + "schema": { + "type": "integer", + "default": 1 + } + }, + { + "name": "per_page", + "description": "The number of results per page (max 100).
", + "in": "query", + "schema": { + "type": "integer", + "default": 30 + } + } + ], + "bodyParameters": [], + "enabledForGitHubApps": true, + "codeExamples": [ + { + "key": "default", + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "Response
", + "example": [ + { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "severity": "high", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null + }, + { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "severity": "medium", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null + } + ], + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + } + } + } + } + ], + "previews": [], + "descriptionHTML": "You must use an access token with the security_events scope to use this endpoint with private repositories.\nYou can also use tokens with the public_repo scope for public repositories only.\nGitHub Apps must have Dependabot alerts read permission to use this endpoint.
OK
" + }, + { + "httpStatusCode": "304", + "description": "Not modified
" + }, + { + "httpStatusCode": "403", + "description": "Forbidden
" + }, + { + "httpStatusCode": "404", + "description": "Resource not found
" + }, + { + "httpStatusCode": "422", + "description": "Validation failed
" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependabot/alerts/{alert_number}", + "title": "Get a Dependabot alert", + "category": "dependabot", + "subcategory": "alerts", + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "alert_number", + "in": "path", + "description": "The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in number fields in the response from the GET /repos/{owner}/{repo}/dependabot/alerts operation.
Response
", + "example": { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "severity": "medium", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null + }, + "schema": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + } + } + } + ], + "previews": [], + "descriptionHTML": "You must use an access token with the security_events scope to use this endpoint with private repositories.\nYou can also use tokens with the public_repo scope for public repositories only.\nGitHub Apps must have Dependabot alerts read permission to use this endpoint.
OK
" + }, + { + "httpStatusCode": "304", + "description": "Not modified
" + }, + { + "httpStatusCode": "403", + "description": "Forbidden
" + }, + { + "httpStatusCode": "404", + "description": "Resource not found
" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dependabot/alerts/{alert_number}", + "title": "Update a Dependabot alert", + "category": "dependabot", + "subcategory": "alerts", + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "alert_number", + "in": "path", + "description": "The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in number fields in the response from the GET /repos/{owner}/{repo}/dependabot/alerts operation.
Sets the status of the dependabot alert. You must provide dismissed_reason when you set the state to dismissed.
Required when the state is dismissed. The reason for dismissing the Dependabot alert.
An optional comment associated with the alert's dismissal. The maximum size is 280 characters.
" + } + ], + "enabledForGitHubApps": true, + "codeExamples": [ + { + "key": "default", + "request": { + "contentType": "application/json", + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "bodyParameters": { + "state": "dismissed", + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer." + }, + "parameters": { + "owner": "OWNER", + "repo": "REPO", + "alert_number": "ALERT_NUMBER" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "Response
", + "example": { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "severity": "high", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null + }, + "schema": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + } + } + } + ], + "previews": [], + "descriptionHTML": "You must use an access token with the security_events scope to use this endpoint with private repositories.\nYou can also use tokens with the public_repo scope for public repositories only.\nGitHub Apps must have Dependabot alerts write permission to use this endpoint.
OK
" + }, + { + "httpStatusCode": "304", + "description": "Not modified
" + }, + { + "httpStatusCode": "400", + "description": "Bad Request
" + }, + { + "httpStatusCode": "403", + "description": "Forbidden
" + }, + { + "httpStatusCode": "404", + "description": "Resource not found
" + }, + { + "httpStatusCode": "409", + "description": "Conflict
" + }, + { + "httpStatusCode": "422", + "description": "Validation failed
" + } + ] + } + ], "secrets": [ { "serverUrl": "https://api.github.com", diff --git a/lib/rest/static/decorated/ghec.json b/lib/rest/static/decorated/ghec.json index 29a0a8dfd2..69116ddd04 100644 --- a/lib/rest/static/decorated/ghec.json +++ b/lib/rest/static/decorated/ghec.json @@ -266890,6 +266890,2446 @@ ] }, "dependabot": { + "alerts": [ + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependabot/alerts", + "title": "List Dependabot alerts for a repository", + "category": "dependabot", + "subcategory": "alerts", + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "state", + "description": "A comma-separated list of states. If specified, only alerts with these states will be returned.
\nCan be: dismissed, fixed, open
A comma-separated list of severities. If specified, only alerts with these severities will be returned.
\nCan be: low, medium, high, critical
A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.
\nCan be: composer, go, maven, npm, nuget, pip, rubygems, rust
A comma-separated list of package names. If specified, only alerts for these packages will be returned.
", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "manifest", + "description": "A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned.
", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "scope", + "description": "Scope of the dependency on a Dependabot alert.
", + "in": "query", + "schema": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + }, + { + "name": "sort", + "description": "The property by which to sort the results.\ncreated means when the alert was created.\nupdated means when the alert's state last changed.
The direction to sort the results by.
", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "default": "desc" + } + }, + { + "name": "page", + "description": "Page number of the results to fetch.
", + "in": "query", + "schema": { + "type": "integer", + "default": 1 + } + }, + { + "name": "per_page", + "description": "The number of results per page (max 100).
", + "in": "query", + "schema": { + "type": "integer", + "default": 30 + } + } + ], + "bodyParameters": [], + "enabledForGitHubApps": true, + "codeExamples": [ + { + "key": "default", + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "Response
", + "example": [ + { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "severity": "high", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null + }, + { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "severity": "medium", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null + } + ], + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + } + } + } + } + ], + "previews": [], + "descriptionHTML": "You must use an access token with the security_events scope to use this endpoint with private repositories.\nYou can also use tokens with the public_repo scope for public repositories only.\nGitHub Apps must have Dependabot alerts read permission to use this endpoint.
OK
" + }, + { + "httpStatusCode": "304", + "description": "Not modified
" + }, + { + "httpStatusCode": "403", + "description": "Forbidden
" + }, + { + "httpStatusCode": "404", + "description": "Resource not found
" + }, + { + "httpStatusCode": "422", + "description": "Validation failed
" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependabot/alerts/{alert_number}", + "title": "Get a Dependabot alert", + "category": "dependabot", + "subcategory": "alerts", + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "alert_number", + "in": "path", + "description": "The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in number fields in the response from the GET /repos/{owner}/{repo}/dependabot/alerts operation.
Response
", + "example": { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "severity": "medium", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null + }, + "schema": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + } + } + } + ], + "previews": [], + "descriptionHTML": "You must use an access token with the security_events scope to use this endpoint with private repositories.\nYou can also use tokens with the public_repo scope for public repositories only.\nGitHub Apps must have Dependabot alerts read permission to use this endpoint.
OK
" + }, + { + "httpStatusCode": "304", + "description": "Not modified
" + }, + { + "httpStatusCode": "403", + "description": "Forbidden
" + }, + { + "httpStatusCode": "404", + "description": "Resource not found
" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/dependabot/alerts/{alert_number}", + "title": "Update a Dependabot alert", + "category": "dependabot", + "subcategory": "alerts", + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "alert_number", + "in": "path", + "description": "The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in number fields in the response from the GET /repos/{owner}/{repo}/dependabot/alerts operation.
Sets the status of the dependabot alert. You must provide dismissed_reason when you set the state to dismissed.
Required when the state is dismissed. The reason for dismissing the Dependabot alert.
An optional comment associated with the alert's dismissal. The maximum size is 280 characters.
" + } + ], + "enabledForGitHubApps": true, + "codeExamples": [ + { + "key": "default", + "request": { + "contentType": "application/json", + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "bodyParameters": { + "state": "dismissed", + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer." + }, + "parameters": { + "owner": "OWNER", + "repo": "REPO", + "alert_number": "ALERT_NUMBER" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "Response
", + "example": { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "severity": "high", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null + }, + "schema": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + } + } + } + ], + "previews": [], + "descriptionHTML": "You must use an access token with the security_events scope to use this endpoint with private repositories.\nYou can also use tokens with the public_repo scope for public repositories only.\nGitHub Apps must have Dependabot alerts write permission to use this endpoint.
OK
" + }, + { + "httpStatusCode": "304", + "description": "Not modified
" + }, + { + "httpStatusCode": "400", + "description": "Bad Request
" + }, + { + "httpStatusCode": "403", + "description": "Forbidden
" + }, + { + "httpStatusCode": "404", + "description": "Resource not found
" + }, + { + "httpStatusCode": "409", + "description": "Conflict
" + }, + { + "httpStatusCode": "422", + "description": "Validation failed
" + } + ] + } + ], "secrets": [ { "serverUrl": "https://api.github.com", diff --git a/lib/rest/static/dereferenced/api.github.com.deref.json b/lib/rest/static/dereferenced/api.github.com.deref.json index 4f5f972f0b..92f3309bff 100644 --- a/lib/rest/static/dereferenced/api.github.com.deref.json +++ b/lib/rest/static/dereferenced/api.github.com.deref.json @@ -286055,6 +286055,2725 @@ } } }, + "/repos/{owner}/{repo}/dependabot/alerts": { + "get": { + "summary": "List Dependabot alerts for a repository", + "description": "You must use an access token with the `security_events` scope to use this endpoint with private repositories.\nYou can also use tokens with the `public_repo` scope for public repositories only.\nGitHub Apps must have **Dependabot alerts** read permission to use this endpoint.", + "tags": [ + "dependabot" + ], + "operationId": "dependabot/list-alerts-for-repo", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/rest/reference/dependabot#list-dependabot-alerts-for-a-repository" + }, + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "state", + "description": "A comma-separated list of states. If specified, only alerts with these states will be returned.\n\nCan be: `dismissed`, `fixed`, `open`", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "severity", + "description": "A comma-separated list of severities. If specified, only alerts with these severities will be returned.\n\nCan be: `low`, `medium`, `high`, `critical`", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "ecosystem", + "description": "A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.\n\nCan be: `composer`, `go`, `maven`, `npm`, `nuget`, `pip`, `rubygems`, `rust`", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "package", + "description": "A comma-separated list of package names. If specified, only alerts for these packages will be returned.", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "manifest", + "description": "A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned.", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "scope", + "description": "Scope of the dependency on a Dependabot alert.", + "in": "query", + "schema": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + }, + { + "name": "sort", + "description": "The property by which to sort the results.\n`created` means when the alert was created.\n`updated` means when the alert's state last changed.", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "created", + "updated" + ], + "default": "created" + } + }, + { + "name": "direction", + "description": "The direction to sort the results by.", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "default": "desc" + } + }, + { + "name": "page", + "description": "Page number of the results to fetch.", + "in": "query", + "schema": { + "type": "integer", + "default": 1 + } + }, + { + "name": "per_page", + "description": "The number of results per page (max 100).", + "in": "query", + "schema": { + "type": "integer", + "default": 30 + } + } + ], + "responses": { + "200": { + "description": "Response", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + } + }, + "examples": { + "default": { + "value": [ + { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "severity": "high", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null + }, + { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "severity": "medium", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null + } + ] + } + } + } + } + }, + "304": { + "description": "Not modified" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation failed", + "content": { + "application/json": { + "schema": { + "title": "Validation Error Simple", + "description": "Validation Error Simple", + "type": "object", + "required": [ + "message", + "documentation_url" + ], + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": false, + "enabledForGitHubApps": true, + "previews": [ + + ], + "category": "dependabot", + "subcategory": "alerts" + } + } + }, + "/repos/{owner}/{repo}/dependabot/alerts/{alert_number}": { + "get": { + "summary": "Get a Dependabot alert", + "description": "You must use an access token with the `security_events` scope to use this endpoint with private repositories.\nYou can also use tokens with the `public_repo` scope for public repositories only.\nGitHub Apps must have **Dependabot alerts** read permission to use this endpoint.", + "tags": [ + "dependabot" + ], + "operationId": "dependabot/get-alert", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/rest/reference/dependabot#get-a-dependabot-alert" + }, + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "alert_number", + "in": "path", + "description": "The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in `number` fields in the response from the `GET /repos/{owner}/{repo}/dependabot/alerts` operation.", + "required": true, + "schema": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + } + } + ], + "responses": { + "200": { + "description": "Response", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + }, + "examples": { + "default": { + "value": { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "severity": "medium", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null + } + } + } + } + } + }, + "304": { + "description": "Not modified" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": false, + "enabledForGitHubApps": true, + "previews": [ + + ], + "category": "dependabot", + "subcategory": "alerts" + } + }, + "patch": { + "summary": "Update a Dependabot alert", + "description": "You must use an access token with the `security_events` scope to use this endpoint with private repositories.\nYou can also use tokens with the `public_repo` scope for public repositories only.\nGitHub Apps must have **Dependabot alerts** write permission to use this endpoint.", + "tags": [ + "dependabot" + ], + "operationId": "dependabot/update-alert", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/rest/reference/dependabot#update-a-dependabot-alert" + }, + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "alert_number", + "in": "path", + "description": "The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in `number` fields in the response from the `GET /repos/{owner}/{repo}/dependabot/alerts` operation.", + "required": true, + "schema": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "state": { + "description": "Sets the status of the dependabot alert. You must provide `dismissed_reason` when you set the state to `dismissed`.", + "type": "string", + "enum": [ + "dismissed", + "open" + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + } + }, + "required": [ + "state" + ], + "additionalProperties": false + }, + "examples": { + "default": { + "value": { + "state": "dismissed", + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer." + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Response", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + }, + "examples": { + "default": { + "value": { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "severity": "high", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null + } + } + } + } + } + }, + "304": { + "description": "Not modified" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + }, + "application/scim+json": { + "schema": { + "title": "Scim Error", + "description": "Scim Error", + "type": "object", + "properties": { + "message": { + "type": [ + "string", + "null" + ] + }, + "documentation_url": { + "type": [ + "string", + "null" + ] + }, + "detail": { + "type": [ + "string", + "null" + ] + }, + "status": { + "type": "integer" + }, + "scimType": { + "type": [ + "string", + "null" + ] + }, + "schemas": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "409": { + "description": "Conflict", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation failed", + "content": { + "application/json": { + "schema": { + "title": "Validation Error Simple", + "description": "Validation Error Simple", + "type": "object", + "required": [ + "message", + "documentation_url" + ], + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": false, + "enabledForGitHubApps": true, + "previews": [ + + ], + "category": "dependabot", + "subcategory": "alerts" + } + } + }, "/repos/{owner}/{repo}/dependabot/secrets": { "get": { "summary": "List repository secrets", diff --git a/lib/rest/static/dereferenced/ghec.deref.json b/lib/rest/static/dereferenced/ghec.deref.json index 755c91f2cf..a49aa2d8ec 100644 --- a/lib/rest/static/dereferenced/ghec.deref.json +++ b/lib/rest/static/dereferenced/ghec.deref.json @@ -289514,6 +289514,2725 @@ } } }, + "/repos/{owner}/{repo}/dependabot/alerts": { + "get": { + "summary": "List Dependabot alerts for a repository", + "description": "You must use an access token with the `security_events` scope to use this endpoint with private repositories.\nYou can also use tokens with the `public_repo` scope for public repositories only.\nGitHub Apps must have **Dependabot alerts** read permission to use this endpoint.", + "tags": [ + "dependabot" + ], + "operationId": "dependabot/list-alerts-for-repo", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/enterprise-cloud@latest//rest/reference/dependabot#list-dependabot-alerts-for-a-repository" + }, + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "state", + "description": "A comma-separated list of states. If specified, only alerts with these states will be returned.\n\nCan be: `dismissed`, `fixed`, `open`", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "severity", + "description": "A comma-separated list of severities. If specified, only alerts with these severities will be returned.\n\nCan be: `low`, `medium`, `high`, `critical`", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "ecosystem", + "description": "A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.\n\nCan be: `composer`, `go`, `maven`, `npm`, `nuget`, `pip`, `rubygems`, `rust`", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "package", + "description": "A comma-separated list of package names. If specified, only alerts for these packages will be returned.", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "manifest", + "description": "A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned.", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "scope", + "description": "Scope of the dependency on a Dependabot alert.", + "in": "query", + "schema": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + }, + { + "name": "sort", + "description": "The property by which to sort the results.\n`created` means when the alert was created.\n`updated` means when the alert's state last changed.", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "created", + "updated" + ], + "default": "created" + } + }, + { + "name": "direction", + "description": "The direction to sort the results by.", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "default": "desc" + } + }, + { + "name": "page", + "description": "Page number of the results to fetch.", + "in": "query", + "schema": { + "type": "integer", + "default": 1 + } + }, + { + "name": "per_page", + "description": "The number of results per page (max 100).", + "in": "query", + "schema": { + "type": "integer", + "default": 30 + } + } + ], + "responses": { + "200": { + "description": "Response", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + } + }, + "examples": { + "default": { + "value": [ + { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "severity": "high", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null + }, + { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "severity": "medium", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null + } + ] + } + } + } + } + }, + "304": { + "description": "Not modified" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation failed", + "content": { + "application/json": { + "schema": { + "title": "Validation Error Simple", + "description": "Validation Error Simple", + "type": "object", + "required": [ + "message", + "documentation_url" + ], + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": false, + "enabledForGitHubApps": true, + "previews": [ + + ], + "category": "dependabot", + "subcategory": "alerts" + } + } + }, + "/repos/{owner}/{repo}/dependabot/alerts/{alert_number}": { + "get": { + "summary": "Get a Dependabot alert", + "description": "You must use an access token with the `security_events` scope to use this endpoint with private repositories.\nYou can also use tokens with the `public_repo` scope for public repositories only.\nGitHub Apps must have **Dependabot alerts** read permission to use this endpoint.", + "tags": [ + "dependabot" + ], + "operationId": "dependabot/get-alert", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/enterprise-cloud@latest//rest/reference/dependabot#get-a-dependabot-alert" + }, + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "alert_number", + "in": "path", + "description": "The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in `number` fields in the response from the `GET /repos/{owner}/{repo}/dependabot/alerts` operation.", + "required": true, + "schema": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + } + } + ], + "responses": { + "200": { + "description": "Response", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + }, + "examples": { + "default": { + "value": { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "severity": "medium", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null + } + } + } + } + } + }, + "304": { + "description": "Not modified" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": false, + "enabledForGitHubApps": true, + "previews": [ + + ], + "category": "dependabot", + "subcategory": "alerts" + } + }, + "patch": { + "summary": "Update a Dependabot alert", + "description": "You must use an access token with the `security_events` scope to use this endpoint with private repositories.\nYou can also use tokens with the `public_repo` scope for public repositories only.\nGitHub Apps must have **Dependabot alerts** write permission to use this endpoint.", + "tags": [ + "dependabot" + ], + "operationId": "dependabot/update-alert", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/enterprise-cloud@latest//rest/reference/dependabot#update-a-dependabot-alert" + }, + "parameters": [ + { + "name": "owner", + "description": "The account owner of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "The name of the repository. The name is not case sensitive.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "alert_number", + "in": "path", + "description": "The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in `number` fields in the response from the `GET /repos/{owner}/{repo}/dependabot/alerts` operation.", + "required": true, + "schema": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "state": { + "description": "Sets the status of the dependabot alert. You must provide `dismissed_reason` when you set the state to `dismissed`.", + "type": "string", + "enum": [ + "dismissed", + "open" + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + } + }, + "required": [ + "state" + ], + "additionalProperties": false + }, + "examples": { + "default": { + "value": { + "state": "dismissed", + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer." + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Response", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State of a Dependabot alert.", + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "manifest_path": { + "type": "string", + "description": "The path to the manifest filename.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "The details of the security advisory, including summary, description, and severity.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string" + }, + "cve_id": { + "type": [ + "string", + "null" + ] + }, + "summary": { + "type": "string" + }, + "description": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "identifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "GHSA", + "CVE" + ] + }, + "value": { + "type": "string" + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "items": { + "type": "object", + "properties": { + "url": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "cvss": { + "type": "object", + "properties": { + "score": { + "type": "number" + }, + "vector_string": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "vector_string", + "score" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "cwe_id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "format": "date-time" + }, + "updated_at": { + "type": "string", + "format": "date-time" + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "properties": { + "first_patched_version": { + "type": [ + "object", + "null" + ], + "properties": { + "identifier": { + "type": "string" + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + }, + "package": { + "type": "object", + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "format": "date-time" + } + }, + "required": [ + "cvss", + "cwes", + "ghsa_id", + "summary", + "description", + "severity", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at", + "vulnerabilities" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "The details of the vulnerability of a security advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "The details of the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "severity": { + "type": "string" + }, + "vulnerable_version_range": { + "type": "string" + }, + "first_patched_version": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + } + } + } + } + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "**Required when the `state` is `dismissed`.** The reason for dismissing the Dependabot alert.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal. The maximum size is 280 characters.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "created_at", + "updated_at" + ] + }, + "examples": { + "default": { + "value": { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "severity": "high", + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null, + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octocat/hello-world/dependabot/alerts/2", + "html_url": "https://github.com/octocat/hello-world/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null + } + } + } + } + } + }, + "304": { + "description": "Not modified" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + }, + "application/scim+json": { + "schema": { + "title": "Scim Error", + "description": "Scim Error", + "type": "object", + "properties": { + "message": { + "type": [ + "string", + "null" + ] + }, + "documentation_url": { + "type": [ + "string", + "null" + ] + }, + "detail": { + "type": [ + "string", + "null" + ] + }, + "status": { + "type": "integer" + }, + "scimType": { + "type": [ + "string", + "null" + ] + }, + "schemas": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "409": { + "description": "Conflict", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation failed", + "content": { + "application/json": { + "schema": { + "title": "Validation Error Simple", + "description": "Validation Error Simple", + "type": "object", + "required": [ + "message", + "documentation_url" + ], + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": false, + "enabledForGitHubApps": true, + "previews": [ + + ], + "category": "dependabot", + "subcategory": "alerts" + } + } + }, "/repos/{owner}/{repo}/dependabot/secrets": { "get": { "summary": "List repository secrets",