我如何获取可用的 dependentabot 警报列表通过 GitHub API?
我搜遍了文档 https://docs.github.com/en/rest但在那里找不到任何东西。
Thanks!
有这个存储库漏洞警报 https://docs.github.com/en/graphql/reference/objects#repositoryvulnerabilityalert可用的对象图形API https://docs.github.com/en/graphql.
例如,对于特定存储库,您可以使用以下查询获取所有警报(请在探险家 https://docs.github.com/en/graphql/overview/explorer) :
{
repository(name: "repo-name", owner: "repo-owner") {
vulnerabilityAlerts(first: 100) {
nodes {
createdAt
dismissedAt
securityVulnerability {
package {
name
}
advisory {
description
}
}
}
}
}
}
它还返回被忽略的警报,可以使用以下命令发现这些警报:dismissedAt
场地。但似乎没有办法只过滤“活动”警报
示例输出:
{
"data": {
"repository": {
"vulnerabilityAlerts": {
"nodes": [
{
"createdAt": "2018-03-05T19:13:26Z",
"dismissedAt": null,
"securityVulnerability": {
"package": {
"name": "moment"
},
"advisory": {
"description": "Affected versions of `moment` are vulnerable to a low severity regular expression denial of service when parsing dates as strings.\n\n\n## Recommendation\n\nUpdate to version 2.19.3 or later."
}
}
},
....
]
}
}
}
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)