The slug version of the enterprise name. You can also substitute this value with the enterprise id.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "state", + "in": "query", + "description": "A comma-separated list of states. If specified, only alerts with these states will be returned.
\nCan be: dismissed, fixed, open
A comma-separated list of severities. If specified, only alerts with these severities will be returned.
\nCan be: low, medium, high, critical
A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.
\nCan be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust
A comma-separated list of package names. If specified, only alerts for these packages will be returned.
", + "schema": { + "type": "string" + } + }, + { + "name": "scope", + "in": "query", + "description": "The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.
", + "schema": { + "type": "string", + "enum": [ + "development", + "runtime" + ] + } + }, + { + "name": "sort", + "in": "query", + "description": "The property by which to sort the results.\ncreated means when the alert was created.\nupdated means when the alert's state last changed.
The direction to sort the results by.
", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "default": "desc" + } + }, + { + "name": "before", + "description": "A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.
", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "after", + "description": "A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.
", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "first", + "description": "The number of results per page (max 100), starting from the first matching result.\nThis parameter must not be used in combination with last.
The number of results per page (max 100), starting from the last matching result.\nThis parameter must not be used in combination with first.
Response
", + "example": [ + { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "severity": "high", + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ], + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2", + "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null, + "repository": { + "id": 217723378, + "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=", + "name": "octo-repo", + "full_name": "octo-org/octo-repo", + "owner": { + "login": "octo-org", + "id": 6811672, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", + "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-org", + "html_url": "https://github.com/octo-org", + "followers_url": "https://api.github.com/users/octo-org/followers", + "following_url": "https://api.github.com/users/octo-org/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", + "organizations_url": "https://api.github.com/users/octo-org/orgs", + "repos_url": "https://api.github.com/users/octo-org/repos", + "events_url": "https://api.github.com/users/octo-org/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-org/received_events", + "type": "Organization", + "site_admin": false + }, + "private": true, + "html_url": "https://github.com/octo-org/octo-repo", + "description": null, + "fork": false, + "url": "https://api.github.com/repos/octo-org/octo-repo", + "archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}", + "assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}", + "blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}", + "collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}", + "commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}", + "compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}", + "contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors", + "deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments", + "downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads", + "events_url": "https://api.github.com/repos/octo-org/octo-repo/events", + "forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks", + "git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}", + "hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks", + "issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}", + "issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}", + "keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}", + "labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}", + "languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages", + "merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges", + "milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}", + "notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}", + "pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}", + "releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}", + "stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers", + "statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers", + "subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription", + "tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags", + "teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams", + "trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}" + } + }, + { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "severity": "medium", + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ], + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null, + "repository": { + "id": 664700648, + "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=", + "name": "hello-world", + "full_name": "octo-org/hello-world", + "owner": { + "login": "octo-org", + "id": 6811672, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", + "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-org", + "html_url": "https://github.com/octo-org", + "followers_url": "https://api.github.com/users/octo-org/followers", + "following_url": "https://api.github.com/users/octo-org/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", + "organizations_url": "https://api.github.com/users/octo-org/orgs", + "repos_url": "https://api.github.com/users/octo-org/repos", + "events_url": "https://api.github.com/users/octo-org/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-org/received_events", + "type": "Organization", + "site_admin": false + }, + "private": true, + "html_url": "https://github.com/octo-org/hello-world", + "description": null, + "fork": false, + "url": "https://api.github.com/repos/octo-org/hello-world", + "archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}", + "assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}", + "blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}", + "collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}", + "commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}", + "compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}", + "contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors", + "deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments", + "downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads", + "events_url": "https://api.github.com/repos/octo-org/hello-world/events", + "forks_url": "https://api.github.com/repos/octo-org/hello-world/forks", + "git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}", + "hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks", + "issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}", + "issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}", + "keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}", + "labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}", + "languages_url": "https://api.github.com/repos/octo-org/hello-world/languages", + "merges_url": "https://api.github.com/repos/octo-org/hello-world/merges", + "milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}", + "notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}", + "pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}", + "releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}", + "stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers", + "statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers", + "subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription", + "tags_url": "https://api.github.com/repos/octo-org/hello-world/tags", + "teams_url": "https://api.github.com/repos/octo-org/hello-world/teams", + "trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}" + } + } + ], + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A Dependabot alert.", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "The state of the Dependabot alert.", + "readOnly": true, + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "description": "Details for the vulnerable dependency.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "manifest_path": { + "type": "string", + "description": "The full path to the dependency manifest file, relative to the root of the repository.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The execution scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "Details for the GitHub Security Advisory.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string", + "description": "The unique GitHub Security Advisory ID assigned to the advisory.", + "readOnly": true + }, + "cve_id": { + "type": [ + "string", + "null" + ], + "description": "The unique CVE ID assigned to the advisory.", + "readOnly": true + }, + "summary": { + "type": "string", + "description": "A short, plain text summary of the advisory.", + "readOnly": true, + "maxLength": 1024 + }, + "description": { + "type": "string", + "description": "A long-form Markdown-supported description of the advisory.", + "readOnly": true + }, + "vulnerabilities": { + "type": "array", + "description": "Vulnerable version range information for the advisory.", + "readOnly": true, + "items": { + "type": "object", + "description": "Details pertaining to one vulnerable version range for the advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string", + "description": "The severity of the vulnerability.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "vulnerable_version_range": { + "type": "string", + "description": "Conditions that identify vulnerable versions of this vulnerability's package.", + "readOnly": true + }, + "first_patched_version": { + "type": [ + "object", + "null" + ], + "description": "Details pertaining to the package version that patches this vulnerability.", + "readOnly": true, + "properties": { + "identifier": { + "type": "string", + "description": "The package version that patches this vulnerability.", + "readOnly": true + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "severity": { + "type": "string", + "description": "The severity of the advisory.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "cvss": { + "type": "object", + "description": "Details for the advisory pertaining to the Common Vulnerability Scoring System.", + "readOnly": true, + "properties": { + "score": { + "type": "number", + "description": "The overall CVSS score of the advisory.", + "minimum": 0, + "maximum": 10, + "readOnly": true + }, + "vector_string": { + "type": [ + "string", + "null" + ], + "description": "The full CVSS vector string for the advisory.", + "readOnly": true + } + }, + "required": [ + "score", + "vector_string" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "description": "Details for the advisory pertaining to Common Weakness Enumeration.", + "readOnly": true, + "items": { + "type": "object", + "description": "A CWE weakness assigned to the advisory.", + "readOnly": true, + "properties": { + "cwe_id": { + "type": "string", + "description": "The unique CWE ID.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The short, plain text name of the CWE.", + "readOnly": true + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "identifiers": { + "type": "array", + "description": "Values that identify this advisory among security information sources.", + "readOnly": true, + "items": { + "type": "object", + "description": "An advisory identifier.", + "readOnly": true, + "properties": { + "type": { + "type": "string", + "description": "The type of advisory identifier.", + "readOnly": true, + "enum": [ + "CVE", + "GHSA" + ] + }, + "value": { + "type": "string", + "description": "The value of the advisory identifer.", + "readOnly": true + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "description": "Links to additional advisory information.", + "readOnly": true, + "items": { + "type": "object", + "description": "A link to additional advisory information.", + "readOnly": true, + "properties": { + "url": { + "type": "string", + "description": "The URL of the reference.", + "format": "uri", + "readOnly": true + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "description": "The time that the advisory was published in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the advisory was last modified in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the advisory was withdrawn in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "ghsa_id", + "cve_id", + "summary", + "description", + "vulnerabilities", + "severity", + "cvss", + "cwes", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "Details pertaining to one vulnerable version range for the advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string", + "description": "The severity of the vulnerability.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "vulnerable_version_range": { + "type": "string", + "description": "Conditions that identify vulnerable versions of this vulnerability's package.", + "readOnly": true + }, + "first_patched_version": { + "type": [ + "object", + "null" + ], + "description": "Details pertaining to the package version that patches this vulnerability.", + "readOnly": true, + "properties": { + "identifier": { + "type": "string", + "description": "The package version that patches this vulnerability.", + "readOnly": true + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "The reason that the alert was dismissed.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "repository": { + "title": "Simple Repository", + "description": "Simple Repository", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "A unique identifier of the repository.", + "examples": [ + 1296269 + ] + }, + "node_id": { + "type": "string", + "description": "The GraphQL identifier of the repository.", + "examples": [ + "MDEwOlJlcG9zaXRvcnkxMjk2MjY5" + ] + }, + "name": { + "type": "string", + "description": "The name of the repository.", + "examples": [ + "Hello-World" + ] + }, + "full_name": { + "type": "string", + "description": "The full, globally unique, name of the repository.", + "examples": [ + "octocat/Hello-World" + ] + }, + "owner": { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + }, + "private": { + "type": "boolean", + "description": "Whether the repository is private." + }, + "html_url": { + "type": "string", + "format": "uri", + "description": "The URL to view the repository on GitHub.com.", + "examples": [ + "https://github.com/octocat/Hello-World" + ] + }, + "description": { + "type": [ + "string", + "null" + ], + "description": "The repository description.", + "examples": [ + "This your first repo!" + ] + }, + "fork": { + "type": "boolean", + "description": "Whether the repository is a fork." + }, + "url": { + "type": "string", + "format": "uri", + "description": "The URL to get more information about the repository from the GitHub API.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World" + ] + }, + "archive_url": { + "type": "string", + "description": "A template for the API URL to download the repository as an archive.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}" + ] + }, + "assignees_url": { + "type": "string", + "description": "A template for the API URL to list the available assignees for issues in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/assignees{/user}" + ] + }, + "blobs_url": { + "type": "string", + "description": "A template for the API URL to create or retrieve a raw Git blob in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}" + ] + }, + "branches_url": { + "type": "string", + "description": "A template for the API URL to get information about branches in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/branches{/branch}" + ] + }, + "collaborators_url": { + "type": "string", + "description": "A template for the API URL to get information about collaborators of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}" + ] + }, + "comments_url": { + "type": "string", + "description": "A template for the API URL to get information about comments on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/comments{/number}" + ] + }, + "commits_url": { + "type": "string", + "description": "A template for the API URL to get information about commits on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/commits{/sha}" + ] + }, + "compare_url": { + "type": "string", + "description": "A template for the API URL to compare two commits or refs.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}" + ] + }, + "contents_url": { + "type": "string", + "description": "A template for the API URL to get the contents of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/contents/{+path}" + ] + }, + "contributors_url": { + "type": "string", + "format": "uri", + "description": "A template for the API URL to list the contributors to the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/contributors" + ] + }, + "deployments_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the deployments of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/deployments" + ] + }, + "downloads_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the downloads on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/downloads" + ] + }, + "events_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the events of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/events" + ] + }, + "forks_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the forks of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/forks" + ] + }, + "git_commits_url": { + "type": "string", + "description": "A template for the API URL to get information about Git commits of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}" + ] + }, + "git_refs_url": { + "type": "string", + "description": "A template for the API URL to get information about Git refs of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}" + ] + }, + "git_tags_url": { + "type": "string", + "description": "A template for the API URL to get information about Git tags of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}" + ] + }, + "issue_comment_url": { + "type": "string", + "description": "A template for the API URL to get information about issue comments on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}" + ] + }, + "issue_events_url": { + "type": "string", + "description": "A template for the API URL to get information about issue events on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}" + ] + }, + "issues_url": { + "type": "string", + "description": "A template for the API URL to get information about issues on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues{/number}" + ] + }, + "keys_url": { + "type": "string", + "description": "A template for the API URL to get information about deploy keys on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}" + ] + }, + "labels_url": { + "type": "string", + "description": "A template for the API URL to get information about labels of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/labels{/name}" + ] + }, + "languages_url": { + "type": "string", + "format": "uri", + "description": "The API URL to get information about the languages of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/languages" + ] + }, + "merges_url": { + "type": "string", + "format": "uri", + "description": "The API URL to merge branches in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/merges" + ] + }, + "milestones_url": { + "type": "string", + "description": "A template for the API URL to get information about milestones of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/milestones{/number}" + ] + }, + "notifications_url": { + "type": "string", + "description": "A template for the API URL to get information about notifications on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}" + ] + }, + "pulls_url": { + "type": "string", + "description": "A template for the API URL to get information about pull requests on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/pulls{/number}" + ] + }, + "releases_url": { + "type": "string", + "description": "A template for the API URL to get information about releases on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/releases{/id}" + ] + }, + "stargazers_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the stargazers on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/stargazers" + ] + }, + "statuses_url": { + "type": "string", + "description": "A template for the API URL to get information about statuses of a commit.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}" + ] + }, + "subscribers_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the subscribers on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/subscribers" + ] + }, + "subscription_url": { + "type": "string", + "format": "uri", + "description": "The API URL to subscribe to notifications for this repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/subscription" + ] + }, + "tags_url": { + "type": "string", + "format": "uri", + "description": "The API URL to get information about tags on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/tags" + ] + }, + "teams_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the teams on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/teams" + ] + }, + "trees_url": { + "type": "string", + "description": "A template for the API URL to create or retrieve a raw Git tree of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}" + ] + }, + "hooks_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the hooks on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/hooks" + ] + } + }, + "required": [ + "archive_url", + "assignees_url", + "blobs_url", + "branches_url", + "collaborators_url", + "comments_url", + "commits_url", + "compare_url", + "contents_url", + "contributors_url", + "deployments_url", + "description", + "downloads_url", + "events_url", + "fork", + "forks_url", + "full_name", + "git_commits_url", + "git_refs_url", + "git_tags_url", + "hooks_url", + "html_url", + "id", + "node_id", + "issue_comment_url", + "issue_events_url", + "issues_url", + "keys_url", + "labels_url", + "languages_url", + "merges_url", + "milestones_url", + "name", + "notifications_url", + "owner", + "private", + "pulls_url", + "releases_url", + "stargazers_url", + "statuses_url", + "subscribers_url", + "subscription_url", + "tags_url", + "teams_url", + "trees_url", + "url" + ] + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "created_at", + "updated_at", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "repository" + ], + "additionalProperties": false + } + } + } + } + ], + "previews": [], + "descriptionHTML": "Lists Dependabot alerts for repositories that are owned by the specified enterprise.\nTo use this endpoint, you must be a member of the enterprise, and you must use an\naccess token with the repo scope or security_events scope.\nAlerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see \"Managing security managers in your organization.\"
OK
" + }, + { + "httpStatusCode": "304", + "description": "Not modified
" + }, + { + "httpStatusCode": "403", + "description": "Forbidden
" + }, + { + "httpStatusCode": "404", + "description": "Resource not found
" + }, + { + "httpStatusCode": "422", + "description": "Validation failed, or the endpoint has been spammed.
" + } + ] + }, { "serverUrl": "https://api.github.com", "verb": "get", diff --git a/lib/rest/static/decorated/ghec.json b/lib/rest/static/decorated/ghec.json index b71f3c9058..e2456be829 100644 --- a/lib/rest/static/decorated/ghec.json +++ b/lib/rest/static/decorated/ghec.json @@ -209286,6 +209286,1744 @@ }, "dependabot": { "alerts": [ + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/dependabot/alerts", + "title": "List Dependabot alerts for an enterprise", + "category": "dependabot", + "subcategory": "alerts", + "parameters": [ + { + "name": "enterprise", + "description": "The slug version of the enterprise name. You can also substitute this value with the enterprise id.
", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "state", + "in": "query", + "description": "A comma-separated list of states. If specified, only alerts with these states will be returned.
\nCan be: dismissed, fixed, open
A comma-separated list of severities. If specified, only alerts with these severities will be returned.
\nCan be: low, medium, high, critical
A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.
\nCan be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust
A comma-separated list of package names. If specified, only alerts for these packages will be returned.
", + "schema": { + "type": "string" + } + }, + { + "name": "scope", + "in": "query", + "description": "The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.
", + "schema": { + "type": "string", + "enum": [ + "development", + "runtime" + ] + } + }, + { + "name": "sort", + "in": "query", + "description": "The property by which to sort the results.\ncreated means when the alert was created.\nupdated means when the alert's state last changed.
The direction to sort the results by.
", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "default": "desc" + } + }, + { + "name": "before", + "description": "A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.
", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "after", + "description": "A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.
", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "first", + "description": "The number of results per page (max 100), starting from the first matching result.\nThis parameter must not be used in combination with last.
The number of results per page (max 100), starting from the last matching result.\nThis parameter must not be used in combination with first.
Response
", + "example": [ + { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "severity": "high", + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ], + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2", + "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null, + "repository": { + "id": 217723378, + "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=", + "name": "octo-repo", + "full_name": "octo-org/octo-repo", + "owner": { + "login": "octo-org", + "id": 6811672, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", + "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-org", + "html_url": "https://github.com/octo-org", + "followers_url": "https://api.github.com/users/octo-org/followers", + "following_url": "https://api.github.com/users/octo-org/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", + "organizations_url": "https://api.github.com/users/octo-org/orgs", + "repos_url": "https://api.github.com/users/octo-org/repos", + "events_url": "https://api.github.com/users/octo-org/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-org/received_events", + "type": "Organization", + "site_admin": false + }, + "private": true, + "html_url": "https://github.com/octo-org/octo-repo", + "description": null, + "fork": false, + "url": "https://api.github.com/repos/octo-org/octo-repo", + "archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}", + "assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}", + "blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}", + "collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}", + "commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}", + "compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}", + "contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors", + "deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments", + "downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads", + "events_url": "https://api.github.com/repos/octo-org/octo-repo/events", + "forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks", + "git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}", + "hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks", + "issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}", + "issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}", + "keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}", + "labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}", + "languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages", + "merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges", + "milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}", + "notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}", + "pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}", + "releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}", + "stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers", + "statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers", + "subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription", + "tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags", + "teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams", + "trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}" + } + }, + { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "severity": "medium", + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ], + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null, + "repository": { + "id": 664700648, + "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=", + "name": "hello-world", + "full_name": "octo-org/hello-world", + "owner": { + "login": "octo-org", + "id": 6811672, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", + "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-org", + "html_url": "https://github.com/octo-org", + "followers_url": "https://api.github.com/users/octo-org/followers", + "following_url": "https://api.github.com/users/octo-org/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", + "organizations_url": "https://api.github.com/users/octo-org/orgs", + "repos_url": "https://api.github.com/users/octo-org/repos", + "events_url": "https://api.github.com/users/octo-org/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-org/received_events", + "type": "Organization", + "site_admin": false + }, + "private": true, + "html_url": "https://github.com/octo-org/hello-world", + "description": null, + "fork": false, + "url": "https://api.github.com/repos/octo-org/hello-world", + "archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}", + "assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}", + "blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}", + "collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}", + "commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}", + "compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}", + "contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors", + "deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments", + "downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads", + "events_url": "https://api.github.com/repos/octo-org/hello-world/events", + "forks_url": "https://api.github.com/repos/octo-org/hello-world/forks", + "git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}", + "hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks", + "issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}", + "issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}", + "keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}", + "labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}", + "languages_url": "https://api.github.com/repos/octo-org/hello-world/languages", + "merges_url": "https://api.github.com/repos/octo-org/hello-world/merges", + "milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}", + "notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}", + "pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}", + "releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}", + "stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers", + "statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers", + "subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription", + "tags_url": "https://api.github.com/repos/octo-org/hello-world/tags", + "teams_url": "https://api.github.com/repos/octo-org/hello-world/teams", + "trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}" + } + } + ], + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A Dependabot alert.", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "The state of the Dependabot alert.", + "readOnly": true, + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "description": "Details for the vulnerable dependency.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "manifest_path": { + "type": "string", + "description": "The full path to the dependency manifest file, relative to the root of the repository.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The execution scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "Details for the GitHub Security Advisory.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string", + "description": "The unique GitHub Security Advisory ID assigned to the advisory.", + "readOnly": true + }, + "cve_id": { + "type": [ + "string", + "null" + ], + "description": "The unique CVE ID assigned to the advisory.", + "readOnly": true + }, + "summary": { + "type": "string", + "description": "A short, plain text summary of the advisory.", + "readOnly": true, + "maxLength": 1024 + }, + "description": { + "type": "string", + "description": "A long-form Markdown-supported description of the advisory.", + "readOnly": true + }, + "vulnerabilities": { + "type": "array", + "description": "Vulnerable version range information for the advisory.", + "readOnly": true, + "items": { + "type": "object", + "description": "Details pertaining to one vulnerable version range for the advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string", + "description": "The severity of the vulnerability.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "vulnerable_version_range": { + "type": "string", + "description": "Conditions that identify vulnerable versions of this vulnerability's package.", + "readOnly": true + }, + "first_patched_version": { + "type": [ + "object", + "null" + ], + "description": "Details pertaining to the package version that patches this vulnerability.", + "readOnly": true, + "properties": { + "identifier": { + "type": "string", + "description": "The package version that patches this vulnerability.", + "readOnly": true + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "severity": { + "type": "string", + "description": "The severity of the advisory.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "cvss": { + "type": "object", + "description": "Details for the advisory pertaining to the Common Vulnerability Scoring System.", + "readOnly": true, + "properties": { + "score": { + "type": "number", + "description": "The overall CVSS score of the advisory.", + "minimum": 0, + "maximum": 10, + "readOnly": true + }, + "vector_string": { + "type": [ + "string", + "null" + ], + "description": "The full CVSS vector string for the advisory.", + "readOnly": true + } + }, + "required": [ + "score", + "vector_string" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "description": "Details for the advisory pertaining to Common Weakness Enumeration.", + "readOnly": true, + "items": { + "type": "object", + "description": "A CWE weakness assigned to the advisory.", + "readOnly": true, + "properties": { + "cwe_id": { + "type": "string", + "description": "The unique CWE ID.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The short, plain text name of the CWE.", + "readOnly": true + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "identifiers": { + "type": "array", + "description": "Values that identify this advisory among security information sources.", + "readOnly": true, + "items": { + "type": "object", + "description": "An advisory identifier.", + "readOnly": true, + "properties": { + "type": { + "type": "string", + "description": "The type of advisory identifier.", + "readOnly": true, + "enum": [ + "CVE", + "GHSA" + ] + }, + "value": { + "type": "string", + "description": "The value of the advisory identifer.", + "readOnly": true + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "description": "Links to additional advisory information.", + "readOnly": true, + "items": { + "type": "object", + "description": "A link to additional advisory information.", + "readOnly": true, + "properties": { + "url": { + "type": "string", + "description": "The URL of the reference.", + "format": "uri", + "readOnly": true + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "description": "The time that the advisory was published in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the advisory was last modified in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the advisory was withdrawn in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "ghsa_id", + "cve_id", + "summary", + "description", + "vulnerabilities", + "severity", + "cvss", + "cwes", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "Details pertaining to one vulnerable version range for the advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string", + "description": "The severity of the vulnerability.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "vulnerable_version_range": { + "type": "string", + "description": "Conditions that identify vulnerable versions of this vulnerability's package.", + "readOnly": true + }, + "first_patched_version": { + "type": [ + "object", + "null" + ], + "description": "Details pertaining to the package version that patches this vulnerability.", + "readOnly": true, + "properties": { + "identifier": { + "type": "string", + "description": "The package version that patches this vulnerability.", + "readOnly": true + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "The reason that the alert was dismissed.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "repository": { + "title": "Simple Repository", + "description": "Simple Repository", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "A unique identifier of the repository.", + "examples": [ + 1296269 + ] + }, + "node_id": { + "type": "string", + "description": "The GraphQL identifier of the repository.", + "examples": [ + "MDEwOlJlcG9zaXRvcnkxMjk2MjY5" + ] + }, + "name": { + "type": "string", + "description": "The name of the repository.", + "examples": [ + "Hello-World" + ] + }, + "full_name": { + "type": "string", + "description": "The full, globally unique, name of the repository.", + "examples": [ + "octocat/Hello-World" + ] + }, + "owner": { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + }, + "private": { + "type": "boolean", + "description": "Whether the repository is private." + }, + "html_url": { + "type": "string", + "format": "uri", + "description": "The URL to view the repository on GitHub.com.", + "examples": [ + "https://github.com/octocat/Hello-World" + ] + }, + "description": { + "type": [ + "string", + "null" + ], + "description": "The repository description.", + "examples": [ + "This your first repo!" + ] + }, + "fork": { + "type": "boolean", + "description": "Whether the repository is a fork." + }, + "url": { + "type": "string", + "format": "uri", + "description": "The URL to get more information about the repository from the GitHub API.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World" + ] + }, + "archive_url": { + "type": "string", + "description": "A template for the API URL to download the repository as an archive.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}" + ] + }, + "assignees_url": { + "type": "string", + "description": "A template for the API URL to list the available assignees for issues in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/assignees{/user}" + ] + }, + "blobs_url": { + "type": "string", + "description": "A template for the API URL to create or retrieve a raw Git blob in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}" + ] + }, + "branches_url": { + "type": "string", + "description": "A template for the API URL to get information about branches in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/branches{/branch}" + ] + }, + "collaborators_url": { + "type": "string", + "description": "A template for the API URL to get information about collaborators of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}" + ] + }, + "comments_url": { + "type": "string", + "description": "A template for the API URL to get information about comments on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/comments{/number}" + ] + }, + "commits_url": { + "type": "string", + "description": "A template for the API URL to get information about commits on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/commits{/sha}" + ] + }, + "compare_url": { + "type": "string", + "description": "A template for the API URL to compare two commits or refs.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}" + ] + }, + "contents_url": { + "type": "string", + "description": "A template for the API URL to get the contents of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/contents/{+path}" + ] + }, + "contributors_url": { + "type": "string", + "format": "uri", + "description": "A template for the API URL to list the contributors to the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/contributors" + ] + }, + "deployments_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the deployments of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/deployments" + ] + }, + "downloads_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the downloads on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/downloads" + ] + }, + "events_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the events of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/events" + ] + }, + "forks_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the forks of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/forks" + ] + }, + "git_commits_url": { + "type": "string", + "description": "A template for the API URL to get information about Git commits of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}" + ] + }, + "git_refs_url": { + "type": "string", + "description": "A template for the API URL to get information about Git refs of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}" + ] + }, + "git_tags_url": { + "type": "string", + "description": "A template for the API URL to get information about Git tags of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}" + ] + }, + "issue_comment_url": { + "type": "string", + "description": "A template for the API URL to get information about issue comments on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}" + ] + }, + "issue_events_url": { + "type": "string", + "description": "A template for the API URL to get information about issue events on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}" + ] + }, + "issues_url": { + "type": "string", + "description": "A template for the API URL to get information about issues on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues{/number}" + ] + }, + "keys_url": { + "type": "string", + "description": "A template for the API URL to get information about deploy keys on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}" + ] + }, + "labels_url": { + "type": "string", + "description": "A template for the API URL to get information about labels of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/labels{/name}" + ] + }, + "languages_url": { + "type": "string", + "format": "uri", + "description": "The API URL to get information about the languages of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/languages" + ] + }, + "merges_url": { + "type": "string", + "format": "uri", + "description": "The API URL to merge branches in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/merges" + ] + }, + "milestones_url": { + "type": "string", + "description": "A template for the API URL to get information about milestones of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/milestones{/number}" + ] + }, + "notifications_url": { + "type": "string", + "description": "A template for the API URL to get information about notifications on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}" + ] + }, + "pulls_url": { + "type": "string", + "description": "A template for the API URL to get information about pull requests on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/pulls{/number}" + ] + }, + "releases_url": { + "type": "string", + "description": "A template for the API URL to get information about releases on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/releases{/id}" + ] + }, + "stargazers_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the stargazers on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/stargazers" + ] + }, + "statuses_url": { + "type": "string", + "description": "A template for the API URL to get information about statuses of a commit.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}" + ] + }, + "subscribers_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the subscribers on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/subscribers" + ] + }, + "subscription_url": { + "type": "string", + "format": "uri", + "description": "The API URL to subscribe to notifications for this repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/subscription" + ] + }, + "tags_url": { + "type": "string", + "format": "uri", + "description": "The API URL to get information about tags on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/tags" + ] + }, + "teams_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the teams on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/teams" + ] + }, + "trees_url": { + "type": "string", + "description": "A template for the API URL to create or retrieve a raw Git tree of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}" + ] + }, + "hooks_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the hooks on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/hooks" + ] + } + }, + "required": [ + "archive_url", + "assignees_url", + "blobs_url", + "branches_url", + "collaborators_url", + "comments_url", + "commits_url", + "compare_url", + "contents_url", + "contributors_url", + "deployments_url", + "description", + "downloads_url", + "events_url", + "fork", + "forks_url", + "full_name", + "git_commits_url", + "git_refs_url", + "git_tags_url", + "hooks_url", + "html_url", + "id", + "node_id", + "issue_comment_url", + "issue_events_url", + "issues_url", + "keys_url", + "labels_url", + "languages_url", + "merges_url", + "milestones_url", + "name", + "notifications_url", + "owner", + "private", + "pulls_url", + "releases_url", + "stargazers_url", + "statuses_url", + "subscribers_url", + "subscription_url", + "tags_url", + "teams_url", + "trees_url", + "url" + ] + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "created_at", + "updated_at", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "repository" + ], + "additionalProperties": false + } + } + } + } + ], + "previews": [], + "descriptionHTML": "Lists Dependabot alerts for repositories that are owned by the specified enterprise.\nTo use this endpoint, you must be a member of the enterprise, and you must use an\naccess token with the repo scope or security_events scope.\nAlerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see \"Managing security managers in your organization.\"
OK
" + }, + { + "httpStatusCode": "304", + "description": "Not modified
" + }, + { + "httpStatusCode": "403", + "description": "Forbidden
" + }, + { + "httpStatusCode": "404", + "description": "Resource not found
" + }, + { + "httpStatusCode": "422", + "description": "Validation failed, or the endpoint has been spammed.
" + } + ] + }, { "serverUrl": "https://api.github.com", "verb": "get", diff --git a/lib/rest/static/dereferenced/api.github.com.deref.json b/lib/rest/static/dereferenced/api.github.com.deref.json index 5bc20a80ed..7d5bebbd2d 100644 --- a/lib/rest/static/dereferenced/api.github.com.deref.json +++ b/lib/rest/static/dereferenced/api.github.com.deref.json @@ -21998,6 +21998,1814 @@ } } }, + "/enterprises/{enterprise}/dependabot/alerts": { + "get": { + "summary": "List Dependabot alerts for an enterprise", + "description": "Lists Dependabot alerts for repositories that are owned by the specified enterprise.\nTo use this endpoint, you must be a member of the enterprise, and you must use an\naccess token with the `repo` scope or `security_events` scope.\nAlerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see \"[Managing security managers in your organization](https://docs.github.com/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).\"", + "tags": [ + "dependabot" + ], + "operationId": "dependabot/list-alerts-for-enterprise", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/rest/dependabot/alerts#list-dependabot-alerts-for-an-enterprise" + }, + "parameters": [ + { + "name": "enterprise", + "description": "The slug version of the enterprise name. You can also substitute this value with the enterprise id.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "state", + "in": "query", + "description": "A comma-separated list of states. If specified, only alerts with these states will be returned.\n\nCan be: `dismissed`, `fixed`, `open`", + "schema": { + "type": "string" + } + }, + { + "name": "severity", + "in": "query", + "description": "A comma-separated list of severities. If specified, only alerts with these severities will be returned.\n\nCan be: `low`, `medium`, `high`, `critical`", + "schema": { + "type": "string" + } + }, + { + "name": "ecosystem", + "in": "query", + "description": "A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.\n\nCan be: `composer`, `go`, `maven`, `npm`, `nuget`, `pip`, `pub`, `rubygems`, `rust`", + "schema": { + "type": "string" + } + }, + { + "name": "package", + "in": "query", + "description": "A comma-separated list of package names. If specified, only alerts for these packages will be returned.", + "schema": { + "type": "string" + } + }, + { + "name": "scope", + "in": "query", + "description": "The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.", + "schema": { + "type": "string", + "enum": [ + "development", + "runtime" + ] + } + }, + { + "name": "sort", + "in": "query", + "description": "The property by which to sort the results.\n`created` means when the alert was created.\n`updated` means when the alert's state last changed.", + "schema": { + "type": "string", + "enum": [ + "created", + "updated" + ], + "default": "created" + } + }, + { + "name": "direction", + "description": "The direction to sort the results by.", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "default": "desc" + } + }, + { + "name": "before", + "description": "A cursor, as given in the [Link header](https://docs.github.com/rest/overview/resources-in-the-rest-api#link-header). If specified, the query only searches for results before this cursor.", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "after", + "description": "A cursor, as given in the [Link header](https://docs.github.com/rest/overview/resources-in-the-rest-api#link-header). If specified, the query only searches for results after this cursor.", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "first", + "description": "The number of results per page (max 100), starting from the first matching result.\nThis parameter must not be used in combination with `last`.", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "minimum": 1, + "maximum": 100, + "default": 30 + } + }, + { + "name": "last", + "description": "The number of results per page (max 100), starting from the last matching result.\nThis parameter must not be used in combination with `first`.", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "minimum": 1, + "maximum": 100 + } + } + ], + "responses": { + "200": { + "description": "Response", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A Dependabot alert.", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "The state of the Dependabot alert.", + "readOnly": true, + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "description": "Details for the vulnerable dependency.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "manifest_path": { + "type": "string", + "description": "The full path to the dependency manifest file, relative to the root of the repository.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The execution scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "Details for the GitHub Security Advisory.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string", + "description": "The unique GitHub Security Advisory ID assigned to the advisory.", + "readOnly": true + }, + "cve_id": { + "type": [ + "string", + "null" + ], + "description": "The unique CVE ID assigned to the advisory.", + "readOnly": true + }, + "summary": { + "type": "string", + "description": "A short, plain text summary of the advisory.", + "readOnly": true, + "maxLength": 1024 + }, + "description": { + "type": "string", + "description": "A long-form Markdown-supported description of the advisory.", + "readOnly": true + }, + "vulnerabilities": { + "type": "array", + "description": "Vulnerable version range information for the advisory.", + "readOnly": true, + "items": { + "type": "object", + "description": "Details pertaining to one vulnerable version range for the advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string", + "description": "The severity of the vulnerability.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "vulnerable_version_range": { + "type": "string", + "description": "Conditions that identify vulnerable versions of this vulnerability's package.", + "readOnly": true + }, + "first_patched_version": { + "type": [ + "object", + "null" + ], + "description": "Details pertaining to the package version that patches this vulnerability.", + "readOnly": true, + "properties": { + "identifier": { + "type": "string", + "description": "The package version that patches this vulnerability.", + "readOnly": true + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "severity": { + "type": "string", + "description": "The severity of the advisory.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "cvss": { + "type": "object", + "description": "Details for the advisory pertaining to the Common Vulnerability Scoring System.", + "readOnly": true, + "properties": { + "score": { + "type": "number", + "description": "The overall CVSS score of the advisory.", + "minimum": 0, + "maximum": 10, + "readOnly": true + }, + "vector_string": { + "type": [ + "string", + "null" + ], + "description": "The full CVSS vector string for the advisory.", + "readOnly": true + } + }, + "required": [ + "score", + "vector_string" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "description": "Details for the advisory pertaining to Common Weakness Enumeration.", + "readOnly": true, + "items": { + "type": "object", + "description": "A CWE weakness assigned to the advisory.", + "readOnly": true, + "properties": { + "cwe_id": { + "type": "string", + "description": "The unique CWE ID.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The short, plain text name of the CWE.", + "readOnly": true + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "identifiers": { + "type": "array", + "description": "Values that identify this advisory among security information sources.", + "readOnly": true, + "items": { + "type": "object", + "description": "An advisory identifier.", + "readOnly": true, + "properties": { + "type": { + "type": "string", + "description": "The type of advisory identifier.", + "readOnly": true, + "enum": [ + "CVE", + "GHSA" + ] + }, + "value": { + "type": "string", + "description": "The value of the advisory identifer.", + "readOnly": true + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "description": "Links to additional advisory information.", + "readOnly": true, + "items": { + "type": "object", + "description": "A link to additional advisory information.", + "readOnly": true, + "properties": { + "url": { + "type": "string", + "description": "The URL of the reference.", + "format": "uri", + "readOnly": true + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "description": "The time that the advisory was published in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the advisory was last modified in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the advisory was withdrawn in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "ghsa_id", + "cve_id", + "summary", + "description", + "vulnerabilities", + "severity", + "cvss", + "cwes", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "Details pertaining to one vulnerable version range for the advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string", + "description": "The severity of the vulnerability.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "vulnerable_version_range": { + "type": "string", + "description": "Conditions that identify vulnerable versions of this vulnerability's package.", + "readOnly": true + }, + "first_patched_version": { + "type": [ + "object", + "null" + ], + "description": "Details pertaining to the package version that patches this vulnerability.", + "readOnly": true, + "properties": { + "identifier": { + "type": "string", + "description": "The package version that patches this vulnerability.", + "readOnly": true + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "The reason that the alert was dismissed.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "repository": { + "title": "Simple Repository", + "description": "Simple Repository", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "A unique identifier of the repository.", + "examples": [ + 1296269 + ] + }, + "node_id": { + "type": "string", + "description": "The GraphQL identifier of the repository.", + "examples": [ + "MDEwOlJlcG9zaXRvcnkxMjk2MjY5" + ] + }, + "name": { + "type": "string", + "description": "The name of the repository.", + "examples": [ + "Hello-World" + ] + }, + "full_name": { + "type": "string", + "description": "The full, globally unique, name of the repository.", + "examples": [ + "octocat/Hello-World" + ] + }, + "owner": { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + }, + "private": { + "type": "boolean", + "description": "Whether the repository is private." + }, + "html_url": { + "type": "string", + "format": "uri", + "description": "The URL to view the repository on GitHub.com.", + "examples": [ + "https://github.com/octocat/Hello-World" + ] + }, + "description": { + "type": [ + "string", + "null" + ], + "description": "The repository description.", + "examples": [ + "This your first repo!" + ] + }, + "fork": { + "type": "boolean", + "description": "Whether the repository is a fork." + }, + "url": { + "type": "string", + "format": "uri", + "description": "The URL to get more information about the repository from the GitHub API.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World" + ] + }, + "archive_url": { + "type": "string", + "description": "A template for the API URL to download the repository as an archive.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}" + ] + }, + "assignees_url": { + "type": "string", + "description": "A template for the API URL to list the available assignees for issues in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/assignees{/user}" + ] + }, + "blobs_url": { + "type": "string", + "description": "A template for the API URL to create or retrieve a raw Git blob in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}" + ] + }, + "branches_url": { + "type": "string", + "description": "A template for the API URL to get information about branches in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/branches{/branch}" + ] + }, + "collaborators_url": { + "type": "string", + "description": "A template for the API URL to get information about collaborators of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}" + ] + }, + "comments_url": { + "type": "string", + "description": "A template for the API URL to get information about comments on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/comments{/number}" + ] + }, + "commits_url": { + "type": "string", + "description": "A template for the API URL to get information about commits on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/commits{/sha}" + ] + }, + "compare_url": { + "type": "string", + "description": "A template for the API URL to compare two commits or refs.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}" + ] + }, + "contents_url": { + "type": "string", + "description": "A template for the API URL to get the contents of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/contents/{+path}" + ] + }, + "contributors_url": { + "type": "string", + "format": "uri", + "description": "A template for the API URL to list the contributors to the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/contributors" + ] + }, + "deployments_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the deployments of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/deployments" + ] + }, + "downloads_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the downloads on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/downloads" + ] + }, + "events_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the events of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/events" + ] + }, + "forks_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the forks of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/forks" + ] + }, + "git_commits_url": { + "type": "string", + "description": "A template for the API URL to get information about Git commits of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}" + ] + }, + "git_refs_url": { + "type": "string", + "description": "A template for the API URL to get information about Git refs of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}" + ] + }, + "git_tags_url": { + "type": "string", + "description": "A template for the API URL to get information about Git tags of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}" + ] + }, + "issue_comment_url": { + "type": "string", + "description": "A template for the API URL to get information about issue comments on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}" + ] + }, + "issue_events_url": { + "type": "string", + "description": "A template for the API URL to get information about issue events on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}" + ] + }, + "issues_url": { + "type": "string", + "description": "A template for the API URL to get information about issues on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues{/number}" + ] + }, + "keys_url": { + "type": "string", + "description": "A template for the API URL to get information about deploy keys on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}" + ] + }, + "labels_url": { + "type": "string", + "description": "A template for the API URL to get information about labels of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/labels{/name}" + ] + }, + "languages_url": { + "type": "string", + "format": "uri", + "description": "The API URL to get information about the languages of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/languages" + ] + }, + "merges_url": { + "type": "string", + "format": "uri", + "description": "The API URL to merge branches in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/merges" + ] + }, + "milestones_url": { + "type": "string", + "description": "A template for the API URL to get information about milestones of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/milestones{/number}" + ] + }, + "notifications_url": { + "type": "string", + "description": "A template for the API URL to get information about notifications on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}" + ] + }, + "pulls_url": { + "type": "string", + "description": "A template for the API URL to get information about pull requests on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/pulls{/number}" + ] + }, + "releases_url": { + "type": "string", + "description": "A template for the API URL to get information about releases on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/releases{/id}" + ] + }, + "stargazers_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the stargazers on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/stargazers" + ] + }, + "statuses_url": { + "type": "string", + "description": "A template for the API URL to get information about statuses of a commit.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}" + ] + }, + "subscribers_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the subscribers on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/subscribers" + ] + }, + "subscription_url": { + "type": "string", + "format": "uri", + "description": "The API URL to subscribe to notifications for this repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/subscription" + ] + }, + "tags_url": { + "type": "string", + "format": "uri", + "description": "The API URL to get information about tags on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/tags" + ] + }, + "teams_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the teams on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/teams" + ] + }, + "trees_url": { + "type": "string", + "description": "A template for the API URL to create or retrieve a raw Git tree of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}" + ] + }, + "hooks_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the hooks on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/hooks" + ] + } + }, + "required": [ + "archive_url", + "assignees_url", + "blobs_url", + "branches_url", + "collaborators_url", + "comments_url", + "commits_url", + "compare_url", + "contents_url", + "contributors_url", + "deployments_url", + "description", + "downloads_url", + "events_url", + "fork", + "forks_url", + "full_name", + "git_commits_url", + "git_refs_url", + "git_tags_url", + "hooks_url", + "html_url", + "id", + "node_id", + "issue_comment_url", + "issue_events_url", + "issues_url", + "keys_url", + "labels_url", + "languages_url", + "merges_url", + "milestones_url", + "name", + "notifications_url", + "owner", + "private", + "pulls_url", + "releases_url", + "stargazers_url", + "statuses_url", + "subscribers_url", + "subscription_url", + "tags_url", + "teams_url", + "trees_url", + "url" + ] + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "created_at", + "updated_at", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "repository" + ], + "additionalProperties": false + } + }, + "examples": { + "default": { + "value": [ + { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "severity": "high", + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ], + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2", + "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null, + "repository": { + "id": 217723378, + "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=", + "name": "octo-repo", + "full_name": "octo-org/octo-repo", + "owner": { + "login": "octo-org", + "id": 6811672, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", + "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-org", + "html_url": "https://github.com/octo-org", + "followers_url": "https://api.github.com/users/octo-org/followers", + "following_url": "https://api.github.com/users/octo-org/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", + "organizations_url": "https://api.github.com/users/octo-org/orgs", + "repos_url": "https://api.github.com/users/octo-org/repos", + "events_url": "https://api.github.com/users/octo-org/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-org/received_events", + "type": "Organization", + "site_admin": false + }, + "private": true, + "html_url": "https://github.com/octo-org/octo-repo", + "description": null, + "fork": false, + "url": "https://api.github.com/repos/octo-org/octo-repo", + "archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}", + "assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}", + "blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}", + "collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}", + "commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}", + "compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}", + "contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors", + "deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments", + "downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads", + "events_url": "https://api.github.com/repos/octo-org/octo-repo/events", + "forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks", + "git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}", + "hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks", + "issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}", + "issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}", + "keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}", + "labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}", + "languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages", + "merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges", + "milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}", + "notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}", + "pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}", + "releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}", + "stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers", + "statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers", + "subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription", + "tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags", + "teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams", + "trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}" + } + }, + { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "severity": "medium", + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ], + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null, + "repository": { + "id": 664700648, + "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=", + "name": "hello-world", + "full_name": "octo-org/hello-world", + "owner": { + "login": "octo-org", + "id": 6811672, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", + "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-org", + "html_url": "https://github.com/octo-org", + "followers_url": "https://api.github.com/users/octo-org/followers", + "following_url": "https://api.github.com/users/octo-org/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", + "organizations_url": "https://api.github.com/users/octo-org/orgs", + "repos_url": "https://api.github.com/users/octo-org/repos", + "events_url": "https://api.github.com/users/octo-org/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-org/received_events", + "type": "Organization", + "site_admin": false + }, + "private": true, + "html_url": "https://github.com/octo-org/hello-world", + "description": null, + "fork": false, + "url": "https://api.github.com/repos/octo-org/hello-world", + "archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}", + "assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}", + "blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}", + "collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}", + "commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}", + "compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}", + "contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors", + "deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments", + "downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads", + "events_url": "https://api.github.com/repos/octo-org/hello-world/events", + "forks_url": "https://api.github.com/repos/octo-org/hello-world/forks", + "git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}", + "hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks", + "issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}", + "issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}", + "keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}", + "labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}", + "languages_url": "https://api.github.com/repos/octo-org/hello-world/languages", + "merges_url": "https://api.github.com/repos/octo-org/hello-world/merges", + "milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}", + "notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}", + "pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}", + "releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}", + "stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers", + "statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers", + "subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription", + "tags_url": "https://api.github.com/repos/octo-org/hello-world/tags", + "teams_url": "https://api.github.com/repos/octo-org/hello-world/teams", + "trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}" + } + } + ] + } + } + } + } + }, + "304": { + "description": "Not modified" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation failed, or the endpoint has been spammed.", + "content": { + "application/json": { + "schema": { + "title": "Validation Error Simple", + "description": "Validation Error Simple", + "type": "object", + "required": [ + "message", + "documentation_url" + ], + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": false, + "enabledForGitHubApps": false, + "previews": [ + + ], + "category": "dependabot", + "subcategory": "alerts" + } + } + }, "/enterprises/{enterprise}/secret-scanning/alerts": { "get": { "summary": "List secret scanning alerts for an enterprise", diff --git a/lib/rest/static/dereferenced/ghec.deref.json b/lib/rest/static/dereferenced/ghec.deref.json index 8a64dc3579..070d6c325a 100644 --- a/lib/rest/static/dereferenced/ghec.deref.json +++ b/lib/rest/static/dereferenced/ghec.deref.json @@ -22626,6 +22626,1814 @@ } } }, + "/enterprises/{enterprise}/dependabot/alerts": { + "get": { + "summary": "List Dependabot alerts for an enterprise", + "description": "Lists Dependabot alerts for repositories that are owned by the specified enterprise.\nTo use this endpoint, you must be a member of the enterprise, and you must use an\naccess token with the `repo` scope or `security_events` scope.\nAlerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see \"[Managing security managers in your organization](https://docs.github.com/enterprise-cloud@latest//organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).\"", + "tags": [ + "dependabot" + ], + "operationId": "dependabot/list-alerts-for-enterprise", + "externalDocs": { + "description": "API method documentation", + "url": "https://docs.github.com/enterprise-cloud@latest//rest/dependabot/alerts#list-dependabot-alerts-for-an-enterprise" + }, + "parameters": [ + { + "name": "enterprise", + "description": "The slug version of the enterprise name. You can also substitute this value with the enterprise id.", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "state", + "in": "query", + "description": "A comma-separated list of states. If specified, only alerts with these states will be returned.\n\nCan be: `dismissed`, `fixed`, `open`", + "schema": { + "type": "string" + } + }, + { + "name": "severity", + "in": "query", + "description": "A comma-separated list of severities. If specified, only alerts with these severities will be returned.\n\nCan be: `low`, `medium`, `high`, `critical`", + "schema": { + "type": "string" + } + }, + { + "name": "ecosystem", + "in": "query", + "description": "A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.\n\nCan be: `composer`, `go`, `maven`, `npm`, `nuget`, `pip`, `pub`, `rubygems`, `rust`", + "schema": { + "type": "string" + } + }, + { + "name": "package", + "in": "query", + "description": "A comma-separated list of package names. If specified, only alerts for these packages will be returned.", + "schema": { + "type": "string" + } + }, + { + "name": "scope", + "in": "query", + "description": "The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned.", + "schema": { + "type": "string", + "enum": [ + "development", + "runtime" + ] + } + }, + { + "name": "sort", + "in": "query", + "description": "The property by which to sort the results.\n`created` means when the alert was created.\n`updated` means when the alert's state last changed.", + "schema": { + "type": "string", + "enum": [ + "created", + "updated" + ], + "default": "created" + } + }, + { + "name": "direction", + "description": "The direction to sort the results by.", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "default": "desc" + } + }, + { + "name": "before", + "description": "A cursor, as given in the [Link header](https://docs.github.com/enterprise-cloud@latest//rest/overview/resources-in-the-rest-api#link-header). If specified, the query only searches for results before this cursor.", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "after", + "description": "A cursor, as given in the [Link header](https://docs.github.com/enterprise-cloud@latest//rest/overview/resources-in-the-rest-api#link-header). If specified, the query only searches for results after this cursor.", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "first", + "description": "The number of results per page (max 100), starting from the first matching result.\nThis parameter must not be used in combination with `last`.", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "minimum": 1, + "maximum": 100, + "default": 30 + } + }, + { + "name": "last", + "description": "The number of results per page (max 100), starting from the last matching result.\nThis parameter must not be used in combination with `first`.", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "minimum": 1, + "maximum": 100 + } + } + ], + "responses": { + "200": { + "description": "Response", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "description": "A Dependabot alert.", + "properties": { + "number": { + "type": "integer", + "description": "The security alert number.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "The state of the Dependabot alert.", + "readOnly": true, + "enum": [ + "dismissed", + "fixed", + "open" + ] + }, + "dependency": { + "type": "object", + "description": "Details for the vulnerable dependency.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "manifest_path": { + "type": "string", + "description": "The full path to the dependency manifest file, relative to the root of the repository.", + "readOnly": true + }, + "scope": { + "type": [ + "string", + "null" + ], + "description": "The execution scope of the vulnerable dependency.", + "readOnly": true, + "enum": [ + "development", + "runtime", + null + ] + } + } + }, + "security_advisory": { + "type": "object", + "description": "Details for the GitHub Security Advisory.", + "readOnly": true, + "properties": { + "ghsa_id": { + "type": "string", + "description": "The unique GitHub Security Advisory ID assigned to the advisory.", + "readOnly": true + }, + "cve_id": { + "type": [ + "string", + "null" + ], + "description": "The unique CVE ID assigned to the advisory.", + "readOnly": true + }, + "summary": { + "type": "string", + "description": "A short, plain text summary of the advisory.", + "readOnly": true, + "maxLength": 1024 + }, + "description": { + "type": "string", + "description": "A long-form Markdown-supported description of the advisory.", + "readOnly": true + }, + "vulnerabilities": { + "type": "array", + "description": "Vulnerable version range information for the advisory.", + "readOnly": true, + "items": { + "type": "object", + "description": "Details pertaining to one vulnerable version range for the advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string", + "description": "The severity of the vulnerability.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "vulnerable_version_range": { + "type": "string", + "description": "Conditions that identify vulnerable versions of this vulnerability's package.", + "readOnly": true + }, + "first_patched_version": { + "type": [ + "object", + "null" + ], + "description": "Details pertaining to the package version that patches this vulnerability.", + "readOnly": true, + "properties": { + "identifier": { + "type": "string", + "description": "The package version that patches this vulnerability.", + "readOnly": true + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + } + }, + "severity": { + "type": "string", + "description": "The severity of the advisory.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "cvss": { + "type": "object", + "description": "Details for the advisory pertaining to the Common Vulnerability Scoring System.", + "readOnly": true, + "properties": { + "score": { + "type": "number", + "description": "The overall CVSS score of the advisory.", + "minimum": 0, + "maximum": 10, + "readOnly": true + }, + "vector_string": { + "type": [ + "string", + "null" + ], + "description": "The full CVSS vector string for the advisory.", + "readOnly": true + } + }, + "required": [ + "score", + "vector_string" + ], + "additionalProperties": false + }, + "cwes": { + "type": "array", + "description": "Details for the advisory pertaining to Common Weakness Enumeration.", + "readOnly": true, + "items": { + "type": "object", + "description": "A CWE weakness assigned to the advisory.", + "readOnly": true, + "properties": { + "cwe_id": { + "type": "string", + "description": "The unique CWE ID.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The short, plain text name of the CWE.", + "readOnly": true + } + }, + "required": [ + "cwe_id", + "name" + ], + "additionalProperties": false + } + }, + "identifiers": { + "type": "array", + "description": "Values that identify this advisory among security information sources.", + "readOnly": true, + "items": { + "type": "object", + "description": "An advisory identifier.", + "readOnly": true, + "properties": { + "type": { + "type": "string", + "description": "The type of advisory identifier.", + "readOnly": true, + "enum": [ + "CVE", + "GHSA" + ] + }, + "value": { + "type": "string", + "description": "The value of the advisory identifer.", + "readOnly": true + } + }, + "required": [ + "value", + "type" + ], + "additionalProperties": false + } + }, + "references": { + "type": "array", + "description": "Links to additional advisory information.", + "readOnly": true, + "items": { + "type": "object", + "description": "A link to additional advisory information.", + "readOnly": true, + "properties": { + "url": { + "type": "string", + "description": "The URL of the reference.", + "format": "uri", + "readOnly": true + } + }, + "required": [ + "url" + ], + "additionalProperties": false + } + }, + "published_at": { + "type": "string", + "description": "The time that the advisory was published in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the advisory was last modified in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "withdrawn_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the advisory was withdrawn in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + } + }, + "required": [ + "ghsa_id", + "cve_id", + "summary", + "description", + "vulnerabilities", + "severity", + "cvss", + "cwes", + "identifiers", + "references", + "published_at", + "updated_at", + "withdrawn_at" + ], + "additionalProperties": false + }, + "security_vulnerability": { + "type": "object", + "description": "Details pertaining to one vulnerable version range for the advisory.", + "readOnly": true, + "properties": { + "package": { + "type": "object", + "description": "Details for the vulnerable package.", + "readOnly": true, + "properties": { + "ecosystem": { + "type": "string", + "description": "The package's language or package management ecosystem.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The unique package name within its ecosystem.", + "readOnly": true + } + }, + "required": [ + "ecosystem", + "name" + ], + "additionalProperties": false + }, + "severity": { + "type": "string", + "description": "The severity of the vulnerability.", + "readOnly": true, + "enum": [ + "low", + "medium", + "high", + "critical" + ] + }, + "vulnerable_version_range": { + "type": "string", + "description": "Conditions that identify vulnerable versions of this vulnerability's package.", + "readOnly": true + }, + "first_patched_version": { + "type": [ + "object", + "null" + ], + "description": "Details pertaining to the package version that patches this vulnerability.", + "readOnly": true, + "properties": { + "identifier": { + "type": "string", + "description": "The package version that patches this vulnerability.", + "readOnly": true + } + }, + "required": [ + "identifier" + ], + "additionalProperties": false + } + }, + "required": [ + "package", + "severity", + "vulnerable_version_range", + "first_patched_version" + ], + "additionalProperties": false + }, + "url": { + "type": "string", + "description": "The REST API URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "html_url": { + "type": "string", + "description": "The GitHub URL of the alert resource.", + "format": "uri", + "readOnly": true + }, + "created_at": { + "type": "string", + "description": "The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "updated_at": { + "type": "string", + "description": "The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "dismissed_by": { + "anyOf": [ + { + "type": "null" + }, + { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + } + ] + }, + "dismissed_reason": { + "type": [ + "string", + "null" + ], + "description": "The reason that the alert was dismissed.", + "enum": [ + "fix_started", + "inaccurate", + "no_bandwidth", + "not_used", + "tolerable_risk", + null + ] + }, + "dismissed_comment": { + "type": [ + "string", + "null" + ], + "description": "An optional comment associated with the alert's dismissal.", + "maxLength": 280 + }, + "fixed_at": { + "type": [ + "string", + "null" + ], + "description": "The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.", + "format": "date-time", + "readOnly": true + }, + "repository": { + "title": "Simple Repository", + "description": "Simple Repository", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "A unique identifier of the repository.", + "examples": [ + 1296269 + ] + }, + "node_id": { + "type": "string", + "description": "The GraphQL identifier of the repository.", + "examples": [ + "MDEwOlJlcG9zaXRvcnkxMjk2MjY5" + ] + }, + "name": { + "type": "string", + "description": "The name of the repository.", + "examples": [ + "Hello-World" + ] + }, + "full_name": { + "type": "string", + "description": "The full, globally unique, name of the repository.", + "examples": [ + "octocat/Hello-World" + ] + }, + "owner": { + "title": "Simple User", + "description": "Simple User", + "type": "object", + "properties": { + "name": { + "type": [ + "string", + "null" + ] + }, + "email": { + "type": [ + "string", + "null" + ] + }, + "login": { + "type": "string", + "examples": [ + "octocat" + ] + }, + "id": { + "type": "integer", + "examples": [ + 1 + ] + }, + "node_id": { + "type": "string", + "examples": [ + "MDQ6VXNlcjE=" + ] + }, + "avatar_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/images/error/octocat_happy.gif" + ] + }, + "gravatar_id": { + "type": [ + "string", + "null" + ], + "examples": [ + "41d064eb2195891e12d0413f63227ea7" + ] + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat" + ] + }, + "html_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://github.com/octocat" + ] + }, + "followers_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/followers" + ] + }, + "following_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/following{/other_user}" + ] + }, + "gists_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/gists{/gist_id}" + ] + }, + "starred_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/starred{/owner}{/repo}" + ] + }, + "subscriptions_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/subscriptions" + ] + }, + "organizations_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/orgs" + ] + }, + "repos_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/repos" + ] + }, + "events_url": { + "type": "string", + "examples": [ + "https://api.github.com/users/octocat/events{/privacy}" + ] + }, + "received_events_url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/users/octocat/received_events" + ] + }, + "type": { + "type": "string", + "examples": [ + "User" + ] + }, + "site_admin": { + "type": "boolean" + }, + "starred_at": { + "type": "string", + "examples": [ + "\"2020-07-09T00:17:55Z\"" + ] + } + }, + "required": [ + "avatar_url", + "events_url", + "followers_url", + "following_url", + "gists_url", + "gravatar_id", + "html_url", + "id", + "node_id", + "login", + "organizations_url", + "received_events_url", + "repos_url", + "site_admin", + "starred_url", + "subscriptions_url", + "type", + "url" + ] + }, + "private": { + "type": "boolean", + "description": "Whether the repository is private." + }, + "html_url": { + "type": "string", + "format": "uri", + "description": "The URL to view the repository on GitHub.com.", + "examples": [ + "https://github.com/octocat/Hello-World" + ] + }, + "description": { + "type": [ + "string", + "null" + ], + "description": "The repository description.", + "examples": [ + "This your first repo!" + ] + }, + "fork": { + "type": "boolean", + "description": "Whether the repository is a fork." + }, + "url": { + "type": "string", + "format": "uri", + "description": "The URL to get more information about the repository from the GitHub API.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World" + ] + }, + "archive_url": { + "type": "string", + "description": "A template for the API URL to download the repository as an archive.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}" + ] + }, + "assignees_url": { + "type": "string", + "description": "A template for the API URL to list the available assignees for issues in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/assignees{/user}" + ] + }, + "blobs_url": { + "type": "string", + "description": "A template for the API URL to create or retrieve a raw Git blob in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}" + ] + }, + "branches_url": { + "type": "string", + "description": "A template for the API URL to get information about branches in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/branches{/branch}" + ] + }, + "collaborators_url": { + "type": "string", + "description": "A template for the API URL to get information about collaborators of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}" + ] + }, + "comments_url": { + "type": "string", + "description": "A template for the API URL to get information about comments on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/comments{/number}" + ] + }, + "commits_url": { + "type": "string", + "description": "A template for the API URL to get information about commits on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/commits{/sha}" + ] + }, + "compare_url": { + "type": "string", + "description": "A template for the API URL to compare two commits or refs.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}" + ] + }, + "contents_url": { + "type": "string", + "description": "A template for the API URL to get the contents of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/contents/{+path}" + ] + }, + "contributors_url": { + "type": "string", + "format": "uri", + "description": "A template for the API URL to list the contributors to the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/contributors" + ] + }, + "deployments_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the deployments of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/deployments" + ] + }, + "downloads_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the downloads on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/downloads" + ] + }, + "events_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the events of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/events" + ] + }, + "forks_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the forks of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/forks" + ] + }, + "git_commits_url": { + "type": "string", + "description": "A template for the API URL to get information about Git commits of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}" + ] + }, + "git_refs_url": { + "type": "string", + "description": "A template for the API URL to get information about Git refs of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}" + ] + }, + "git_tags_url": { + "type": "string", + "description": "A template for the API URL to get information about Git tags of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}" + ] + }, + "issue_comment_url": { + "type": "string", + "description": "A template for the API URL to get information about issue comments on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}" + ] + }, + "issue_events_url": { + "type": "string", + "description": "A template for the API URL to get information about issue events on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}" + ] + }, + "issues_url": { + "type": "string", + "description": "A template for the API URL to get information about issues on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/issues{/number}" + ] + }, + "keys_url": { + "type": "string", + "description": "A template for the API URL to get information about deploy keys on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}" + ] + }, + "labels_url": { + "type": "string", + "description": "A template for the API URL to get information about labels of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/labels{/name}" + ] + }, + "languages_url": { + "type": "string", + "format": "uri", + "description": "The API URL to get information about the languages of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/languages" + ] + }, + "merges_url": { + "type": "string", + "format": "uri", + "description": "The API URL to merge branches in the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/merges" + ] + }, + "milestones_url": { + "type": "string", + "description": "A template for the API URL to get information about milestones of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/milestones{/number}" + ] + }, + "notifications_url": { + "type": "string", + "description": "A template for the API URL to get information about notifications on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}" + ] + }, + "pulls_url": { + "type": "string", + "description": "A template for the API URL to get information about pull requests on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/pulls{/number}" + ] + }, + "releases_url": { + "type": "string", + "description": "A template for the API URL to get information about releases on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/releases{/id}" + ] + }, + "stargazers_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the stargazers on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/stargazers" + ] + }, + "statuses_url": { + "type": "string", + "description": "A template for the API URL to get information about statuses of a commit.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}" + ] + }, + "subscribers_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the subscribers on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/subscribers" + ] + }, + "subscription_url": { + "type": "string", + "format": "uri", + "description": "The API URL to subscribe to notifications for this repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/subscription" + ] + }, + "tags_url": { + "type": "string", + "format": "uri", + "description": "The API URL to get information about tags on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/tags" + ] + }, + "teams_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the teams on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/teams" + ] + }, + "trees_url": { + "type": "string", + "description": "A template for the API URL to create or retrieve a raw Git tree of the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}" + ] + }, + "hooks_url": { + "type": "string", + "format": "uri", + "description": "The API URL to list the hooks on the repository.", + "examples": [ + "https://api.github.com/repos/octocat/Hello-World/hooks" + ] + } + }, + "required": [ + "archive_url", + "assignees_url", + "blobs_url", + "branches_url", + "collaborators_url", + "comments_url", + "commits_url", + "compare_url", + "contents_url", + "contributors_url", + "deployments_url", + "description", + "downloads_url", + "events_url", + "fork", + "forks_url", + "full_name", + "git_commits_url", + "git_refs_url", + "git_tags_url", + "hooks_url", + "html_url", + "id", + "node_id", + "issue_comment_url", + "issue_events_url", + "issues_url", + "keys_url", + "labels_url", + "languages_url", + "merges_url", + "milestones_url", + "name", + "notifications_url", + "owner", + "private", + "pulls_url", + "releases_url", + "stargazers_url", + "statuses_url", + "subscribers_url", + "subscription_url", + "tags_url", + "teams_url", + "trees_url", + "url" + ] + } + }, + "required": [ + "number", + "state", + "dependency", + "security_advisory", + "security_vulnerability", + "url", + "html_url", + "created_at", + "updated_at", + "dismissed_at", + "dismissed_by", + "dismissed_reason", + "dismissed_comment", + "fixed_at", + "repository" + ], + "additionalProperties": false + } + }, + "examples": { + "default": { + "value": [ + { + "number": 2, + "state": "dismissed", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-rf4j-j272-fj86", + "cve_id": "CVE-2018-6188", + "summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive", + "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 1.11.8, < 1.11.10", + "first_patched_version": { + "identifier": "1.11.10" + } + } + ], + "severity": "high", + "cvss": { + "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "score": 7.5 + }, + "cwes": [ + { + "cwe_id": "CWE-200", + "name": "Exposure of Sensitive Information to an Unauthorized Actor" + } + ], + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-rf4j-j272-fj86" + }, + { + "type": "CVE", + "value": "CVE-2018-6188" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + }, + { + "url": "https://github.com/advisories/GHSA-rf4j-j272-fj86" + }, + { + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "http://www.securitytracker.com/id/1040422" + } + ], + "published_at": "2018-10-03T21:13:54Z", + "updated_at": "2022-04-26T18:35:37Z", + "withdrawn_at": null + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "django" + }, + "severity": "high", + "vulnerable_version_range": ">= 2.0.0, < 2.0.2", + "first_patched_version": { + "identifier": "2.0.2" + } + }, + "url": "https://api.github.com/repos/octo-org/octo-repo/dependabot/alerts/2", + "html_url": "https://github.com/octo-org/octo-repo/security/dependabot/2", + "created_at": "2022-06-15T07:43:03Z", + "updated_at": "2022-08-23T14:29:47Z", + "dismissed_at": "2022-08-23T14:29:47Z", + "dismissed_by": { + "login": "octocat", + "id": 1, + "node_id": "MDQ6VXNlcjE=", + "avatar_url": "https://github.com/images/error/octocat_happy.gif", + "gravatar_id": "", + "url": "https://api.github.com/users/octocat", + "html_url": "https://github.com/octocat", + "followers_url": "https://api.github.com/users/octocat/followers", + "following_url": "https://api.github.com/users/octocat/following{/other_user}", + "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", + "organizations_url": "https://api.github.com/users/octocat/orgs", + "repos_url": "https://api.github.com/users/octocat/repos", + "events_url": "https://api.github.com/users/octocat/events{/privacy}", + "received_events_url": "https://api.github.com/users/octocat/received_events", + "type": "User", + "site_admin": false + }, + "dismissed_reason": "tolerable_risk", + "dismissed_comment": "This alert is accurate but we use a sanitizer.", + "fixed_at": null, + "repository": { + "id": 217723378, + "node_id": "MDEwOlJlcG9zaXRvcnkyMTc3MjMzNzg=", + "name": "octo-repo", + "full_name": "octo-org/octo-repo", + "owner": { + "login": "octo-org", + "id": 6811672, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", + "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-org", + "html_url": "https://github.com/octo-org", + "followers_url": "https://api.github.com/users/octo-org/followers", + "following_url": "https://api.github.com/users/octo-org/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", + "organizations_url": "https://api.github.com/users/octo-org/orgs", + "repos_url": "https://api.github.com/users/octo-org/repos", + "events_url": "https://api.github.com/users/octo-org/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-org/received_events", + "type": "Organization", + "site_admin": false + }, + "private": true, + "html_url": "https://github.com/octo-org/octo-repo", + "description": null, + "fork": false, + "url": "https://api.github.com/repos/octo-org/octo-repo", + "archive_url": "https://api.github.com/repos/octo-org/octo-repo/{archive_format}{/ref}", + "assignees_url": "https://api.github.com/repos/octo-org/octo-repo/assignees{/user}", + "blobs_url": "https://api.github.com/repos/octo-org/octo-repo/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/octo-org/octo-repo/branches{/branch}", + "collaborators_url": "https://api.github.com/repos/octo-org/octo-repo/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/octo-org/octo-repo/comments{/number}", + "commits_url": "https://api.github.com/repos/octo-org/octo-repo/commits{/sha}", + "compare_url": "https://api.github.com/repos/octo-org/octo-repo/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/octo-org/octo-repo/contents/{+path}", + "contributors_url": "https://api.github.com/repos/octo-org/octo-repo/contributors", + "deployments_url": "https://api.github.com/repos/octo-org/octo-repo/deployments", + "downloads_url": "https://api.github.com/repos/octo-org/octo-repo/downloads", + "events_url": "https://api.github.com/repos/octo-org/octo-repo/events", + "forks_url": "https://api.github.com/repos/octo-org/octo-repo/forks", + "git_commits_url": "https://api.github.com/repos/octo-org/octo-repo/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/octo-org/octo-repo/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/octo-org/octo-repo/git/tags{/sha}", + "hooks_url": "https://api.github.com/repos/octo-org/octo-repo/hooks", + "issue_comment_url": "https://api.github.com/repos/octo-org/octo-repo/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/octo-org/octo-repo/issues/events{/number}", + "issues_url": "https://api.github.com/repos/octo-org/octo-repo/issues{/number}", + "keys_url": "https://api.github.com/repos/octo-org/octo-repo/keys{/key_id}", + "labels_url": "https://api.github.com/repos/octo-org/octo-repo/labels{/name}", + "languages_url": "https://api.github.com/repos/octo-org/octo-repo/languages", + "merges_url": "https://api.github.com/repos/octo-org/octo-repo/merges", + "milestones_url": "https://api.github.com/repos/octo-org/octo-repo/milestones{/number}", + "notifications_url": "https://api.github.com/repos/octo-org/octo-repo/notifications{?since,all,participating}", + "pulls_url": "https://api.github.com/repos/octo-org/octo-repo/pulls{/number}", + "releases_url": "https://api.github.com/repos/octo-org/octo-repo/releases{/id}", + "stargazers_url": "https://api.github.com/repos/octo-org/octo-repo/stargazers", + "statuses_url": "https://api.github.com/repos/octo-org/octo-repo/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/octo-org/octo-repo/subscribers", + "subscription_url": "https://api.github.com/repos/octo-org/octo-repo/subscription", + "tags_url": "https://api.github.com/repos/octo-org/octo-repo/tags", + "teams_url": "https://api.github.com/repos/octo-org/octo-repo/teams", + "trees_url": "https://api.github.com/repos/octo-org/octo-repo/git/trees{/sha}" + } + }, + { + "number": 1, + "state": "open", + "dependency": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "manifest_path": "path/to/requirements.txt", + "scope": "runtime" + }, + "security_advisory": { + "ghsa_id": "GHSA-8f4m-hccc-8qph", + "cve_id": "CVE-2021-20191", + "summary": "Insertion of Sensitive Information into Log File in ansible", + "description": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality.", + "vulnerabilities": [ + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.9.0, < 2.9.18", + "first_patched_version": { + "identifier": "2.9.18" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": ">= 2.10.0, < 2.10.7", + "first_patched_version": { + "identifier": "2.10.7" + } + } + ], + "severity": "medium", + "cvss": { + "vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "score": 5.5 + }, + "cwes": [ + { + "cwe_id": "CWE-532", + "name": "Insertion of Sensitive Information into Log File" + } + ], + "identifiers": [ + { + "type": "GHSA", + "value": "GHSA-8f4m-hccc-8qph" + }, + { + "type": "CVE", + "value": "CVE-2021-20191" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2021-20191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" + } + ], + "published_at": "2021-06-01T17:38:00Z", + "updated_at": "2021-08-12T23:06:00Z", + "withdrawn_at": null + }, + "security_vulnerability": { + "package": { + "ecosystem": "pip", + "name": "ansible" + }, + "severity": "medium", + "vulnerable_version_range": "< 2.8.19", + "first_patched_version": { + "identifier": "2.8.19" + } + }, + "url": "https://api.github.com/repos/octo-org/hello-world/dependabot/alerts/1", + "html_url": "https://github.com/octo-org/hello-world/security/dependabot/1", + "created_at": "2022-06-14T15:21:52Z", + "updated_at": "2022-06-14T15:21:52Z", + "dismissed_at": null, + "dismissed_by": null, + "dismissed_reason": null, + "dismissed_comment": null, + "fixed_at": null, + "repository": { + "id": 664700648, + "node_id": "MDEwOlJlcG9zaXRvcnk2NjQ3MDA2NDg=", + "name": "hello-world", + "full_name": "octo-org/hello-world", + "owner": { + "login": "octo-org", + "id": 6811672, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY4MTE2NzI=", + "avatar_url": "https://avatars3.githubusercontent.com/u/6811672?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/octo-org", + "html_url": "https://github.com/octo-org", + "followers_url": "https://api.github.com/users/octo-org/followers", + "following_url": "https://api.github.com/users/octo-org/following{/other_user}", + "gists_url": "https://api.github.com/users/octo-org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/octo-org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/octo-org/subscriptions", + "organizations_url": "https://api.github.com/users/octo-org/orgs", + "repos_url": "https://api.github.com/users/octo-org/repos", + "events_url": "https://api.github.com/users/octo-org/events{/privacy}", + "received_events_url": "https://api.github.com/users/octo-org/received_events", + "type": "Organization", + "site_admin": false + }, + "private": true, + "html_url": "https://github.com/octo-org/hello-world", + "description": null, + "fork": false, + "url": "https://api.github.com/repos/octo-org/hello-world", + "archive_url": "https://api.github.com/repos/octo-org/hello-world/{archive_format}{/ref}", + "assignees_url": "https://api.github.com/repos/octo-org/hello-world/assignees{/user}", + "blobs_url": "https://api.github.com/repos/octo-org/hello-world/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/octo-org/hello-world/branches{/branch}", + "collaborators_url": "https://api.github.com/repos/octo-org/hello-world/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/octo-org/hello-world/comments{/number}", + "commits_url": "https://api.github.com/repos/octo-org/hello-world/commits{/sha}", + "compare_url": "https://api.github.com/repos/octo-org/hello-world/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/octo-org/hello-world/contents/{+path}", + "contributors_url": "https://api.github.com/repos/octo-org/hello-world/contributors", + "deployments_url": "https://api.github.com/repos/octo-org/hello-world/deployments", + "downloads_url": "https://api.github.com/repos/octo-org/hello-world/downloads", + "events_url": "https://api.github.com/repos/octo-org/hello-world/events", + "forks_url": "https://api.github.com/repos/octo-org/hello-world/forks", + "git_commits_url": "https://api.github.com/repos/octo-org/hello-world/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/octo-org/hello-world/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/octo-org/hello-world/git/tags{/sha}", + "hooks_url": "https://api.github.com/repos/octo-org/hello-world/hooks", + "issue_comment_url": "https://api.github.com/repos/octo-org/hello-world/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/octo-org/hello-world/issues/events{/number}", + "issues_url": "https://api.github.com/repos/octo-org/hello-world/issues{/number}", + "keys_url": "https://api.github.com/repos/octo-org/hello-world/keys{/key_id}", + "labels_url": "https://api.github.com/repos/octo-org/hello-world/labels{/name}", + "languages_url": "https://api.github.com/repos/octo-org/hello-world/languages", + "merges_url": "https://api.github.com/repos/octo-org/hello-world/merges", + "milestones_url": "https://api.github.com/repos/octo-org/hello-world/milestones{/number}", + "notifications_url": "https://api.github.com/repos/octo-org/hello-world/notifications{?since,all,participating}", + "pulls_url": "https://api.github.com/repos/octo-org/hello-world/pulls{/number}", + "releases_url": "https://api.github.com/repos/octo-org/hello-world/releases{/id}", + "stargazers_url": "https://api.github.com/repos/octo-org/hello-world/stargazers", + "statuses_url": "https://api.github.com/repos/octo-org/hello-world/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/octo-org/hello-world/subscribers", + "subscription_url": "https://api.github.com/repos/octo-org/hello-world/subscription", + "tags_url": "https://api.github.com/repos/octo-org/hello-world/tags", + "teams_url": "https://api.github.com/repos/octo-org/hello-world/teams", + "trees_url": "https://api.github.com/repos/octo-org/hello-world/git/trees{/sha}" + } + } + ] + } + } + } + } + }, + "304": { + "description": "Not modified" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "404": { + "description": "Resource not found", + "content": { + "application/json": { + "schema": { + "title": "Basic Error", + "description": "Basic Error", + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "url": { + "type": "string" + }, + "status": { + "type": "string" + } + } + } + } + } + }, + "422": { + "description": "Validation failed, or the endpoint has been spammed.", + "content": { + "application/json": { + "schema": { + "title": "Validation Error Simple", + "description": "Validation Error Simple", + "type": "object", + "required": [ + "message", + "documentation_url" + ], + "properties": { + "message": { + "type": "string" + }, + "documentation_url": { + "type": "string" + }, + "errors": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + }, + "x-github": { + "githubCloudOnly": false, + "enabledForGitHubApps": false, + "previews": [ + + ], + "category": "dependabot", + "subcategory": "alerts" + } + } + }, "/enterprises/{enterprise}/license-sync-status": { "get": { "summary": "Get a license sync status",