jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-15 06:01:36 -05:00
Code Issues Projects Releases Wiki Activity
Files
d8a8933aebc0b746484bd8db76cc75abaa90ed21
docs/content/rest/reference/code-scanning.md
hubwriter c9b4766254 Update docs for the code scanning API (#17653) 
* Add custom media type info and update subsection cross-refs

* Update the permissions for GH Apps page

* Add temporary JSON files

Replace these with the autogenerated ones from
github/github, when the associated PR over there
is merged.

* Change json+sarif to sarif+json

* Condition media types section

This new section will only become accurate in
GHES 3.1

* Add temporary copies of decorated & dereferenced files

* Add new endpoints to the permissions page

/rest/reference/permissions-required-for-github-apps

* Update temp JSON files

* Update JSON files

* Add  github-ae: '*'

* Add  github-ae: '*'

* Add  github-ae: '*'

* Update content/rest/reference/code-scanning.md

* Update JSON files

* Update content/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* Update content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* Update content/rest/reference/code-scanning.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* Update content/rest/reference/code-scanning.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* Update content/rest/reference/permissions-required-for-github-apps.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* Make review comment changes

* Remove development mode JSON files

* Update OpenAPI Descriptions (#17857)

* Update OpenAPI Descriptions

* Add decorated OpenAPI schema files

* Remove development mode JSON files

* Update OpenAPI JSON files (#17869)

* Update OpenAPI Descriptions

* Add decorated OpenAPI schema files

Co-authored-by: github-openapi-bot <security+github-openapi-bot@github.com>

* Remove development mode JSON files

* Update OpenAPI Descriptions (#17863)

* Update OpenAPI Descriptions

* Add decorated OpenAPI schema files

* Update content/rest/reference/permissions-required-for-github-apps.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* Update content/rest/reference/permissions-required-for-github-apps.md

* Update content/rest/reference/permissions-required-for-github-apps.md

* Update content/rest/reference/permissions-required-for-github-apps.md

* Update content/rest/reference/permissions-required-for-github-apps.md

* Update content/rest/reference/code-scanning.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>
Co-authored-by: github-openapi-bot <security+github-openapi-bot@github.com>
2021-02-16 22:07:48 +00:00

107 lines
4.1 KiB
Markdown
Raw Blame History

---
title: Code scanning
redirect_from:
- /v3/code-scanning
product: '{% data reusables.gated-features.code-scanning %}'
versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
---
{% data reusables.code-scanning.beta %}
The {% data variables.product.prodname_code_scanning %} API lets you retrieve and update {% data variables.product.prodname_code_scanning %} alerts from a repository. You can use the endpoints to create automated reports for the {% data variables.product.prodname_code_scanning %} alerts in an organization or upload analysis results generated using offline {% data variables.product.prodname_code_scanning %} tools. For more information, see "[Finding security vulnerabilities and errors in your code](/github/finding-security-vulnerabilities-and-errors-in-your-code)."
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
### Custom media type for {% data variables.product.prodname_code_scanning %}
There is one supported custom media type for the {% data variables.product.prodname_code_scanning %} REST API. You can use this with `GET` requests sent to the `/analyses/{analysis_id}` endpoint. When you use this media type with this operation, the response includes a subset of the actual data that was uploaded for the specified analysis, rather than details about the analysis, which is returned when you use the default media type. The response also includes additional data such as the `github/alertNumber` and `github/alertUrl` properties. The data is formatted as [SARIF version 2.1.0](https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html).
application/sarif+json
For more information, see "[Media types](/rest/overview/media-types)."
#### Response using the custom media type
This example response is from a `GET` request to the `/analyses/{analysis_id}` endpoint, using `application/sarif+json` as the `Accept` header value. The example has had indendation and line breaks added for readability. For more information about this endpoint, see "[Get a {% data variables.product.prodname_code_scanning %} analysis for a repository](#get-a-code-scanning-analysis-for-a-repository)."
```
{
"runs": [
{
"artifacts": [
{
"location": {
"index": 0,
"uri": "src/promiseUtils.js"
}
},
{
"location": {
"index": 1,
"uri": "main.js"
}
}
],
"conversion": {
"tool": {
"driver": {
"name": "GitHub Code Scanning"
}
}
},
"results": [
{
"correlationGuid": "7f75ba0b-61a9-11eb-b882-b4969152bf2c",
"level": "warning",
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"index": 0,
"uri": "src/promiseUtils.js"
},
"region": {
"endLine": 2,
"startColumn": 1,
"startLine": 2
}
}
}
],
"message": {
"text": "Function resolvingPromise is sometimes invoked as a constructor (for example [here](1)), and sometimes as a normal function (for example [here](2))."
},
"partialFingerprints": {
"primaryLocationLineHash": "5061c3315a741b7d:1"
},
"properties": {
"github/alertNumber": 4,
"github/alertUrl": "https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/4"
}
},
...
],
"tool": {
"driver": {
"name": "CodeQL",
"version": "2.0.0"
}
},
"versionControlProvenance": [
{
"branch": "refs/heads/master",
"repositoryUri": "https://github.com/octocat/hello-world",
"revisionId": "c18c69115354ff0166991962832dc2bd7756e655"
}
]
}
],
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0"
}
```
{% endif %}
{% include rest_operations_at_current_path %}
Reference in New Issue View Git Blame Copy Permalink