Secret scanning

ここには以下の内容があります:

List secret scanning alerts for a repository

Get a secret scanning alert

Update a secret scanning alert

プライベートリポジトリからのシークレットアラートを取得して更新するには、Secret Scanning APIが利用できます。

ノート: secret scanning APIは現在ベータで、変更されることがあります。

The secret scanning API lets you:

Enable or disable secret scanning for a repository. For more information, see "Repositories" in the REST API documentation.
Retrieve and update secret scanning alerts from a repository. For futher details, see the sections below.

secret scanning の詳細については、「secret scanning について」を参照してください。

List secret scanning alerts for a repository

Lists secret scanning alerts for a private repository, from newest to oldest. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

get /repos/{owner}/{repo}/secret-scanning/alerts

パラメータ

Name	Type	In	Description
`accept`	string	header	Setting to `application/vnd.github.v3+json` is recommended.
`owner`	string	path
`repo`	string	path
`state`	string	query	Set to `open` or `resolved` to only list secret scanning alerts in a specific state.
`secret_type`	string	query	A comma-separated list of secret types to return. By default all secret types are returned. See "About secret scanning for private repositories" for a complete list of secret types (API slug).
`resolution`	string	query	A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. Valid resolutions are `false_positive`, `wont_fix`, `revoked`, `pattern_edited`, `pattern_deleted` or `used_in_tests`.
`page`	integer	query	Page number of the results to fetch. Default: `1`
`per_page`	integer	query	Results per page (max 100) Default: `30`

コードサンプル

Shell

curl \
  -H "Accept: application/vnd.github.v3+json" \
  https://{hostname}/api/v3/repos/octocat/hello-world/secret-scanning/alerts

JavaScript (@octokit/core.js)

await octokit.request('GET /repos/{owner}/{repo}/secret-scanning/alerts', {
  owner: 'octocat',
  repo: 'hello-world'
})

Response

Status: 200 OK

[
  {
    "number": 2,
    "created_at": "2020-11-06T18:48:51Z",
    "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2",
    "html_url": "https://github.com/owner/private-repo/security/secret-scanning/2",
    "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2/locations",
    "state": "resolved",
    "resolution": "false_positive",
    "resolved_at": "2020-11-07T02:47:13Z",
    "resolved_by": {
      "login": "monalisa",
      "id": 2,
      "node_id": "MDQ6VXNlcjI=",
      "avatar_url": "https://alambic.github.com/avatars/u/2?",
      "gravatar_id": "",
      "url": "https://api.github.com/users/monalisa",
      "html_url": "https://github.com/monalisa",
      "followers_url": "https://api.github.com/users/monalisa/followers",
      "following_url": "https://api.github.com/users/monalisa/following{/other_user}",
      "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
      "organizations_url": "https://api.github.com/users/monalisa/orgs",
      "repos_url": "https://api.github.com/users/monalisa/repos",
      "events_url": "https://api.github.com/users/monalisa/events{/privacy}",
      "received_events_url": "https://api.github.com/users/monalisa/received_events",
      "type": "User",
      "site_admin": true
    },
    "secret_type": "adafruit_io_key",
    "secret": "aio_XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
  },
  {
    "number": 1,
    "created_at": "2020-11-06T18:18:30Z",
    "url": "https://api.github.com/repos/owner/repo/secret-scanning/alerts/1",
    "html_url": "https://github.com/owner/repo/security/secret-scanning/1",
    "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/1/locations",
    "state": "open",
    "resolution": null,
    "resolved_at": null,
    "resolved_by": null,
    "secret_type": "mailchimp_api_key",
    "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2"
  }
]

Repository is public or secret scanning is disabled for the repository

Status: 404 Not Found

Service unavailable

Status: 503 Service Unavailable

Notes

Works with GitHub Apps

Get a secret scanning alert

Gets a single secret scanning alert detected in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts read permission to use this endpoint.

get /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}

パラメータ

Name	Type	In	Description
`accept`	string	header	Setting to `application/vnd.github.v3+json` is recommended.
`owner`	string	path
`repo`	string	path
`alert_number`	integer	path	The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the `number` field in the response from the `GET /repos/{owner}/{repo}/code-scanning/alerts` operation.

コードサンプル

Shell

curl \
  -H "Accept: application/vnd.github.v3+json" \
  https://{hostname}/api/v3/repos/octocat/hello-world/secret-scanning/alerts/42

JavaScript (@octokit/core.js)

await octokit.request('GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}', {
  owner: 'octocat',
  repo: 'hello-world',
  alert_number: 42
})

Response

Status: 200 OK

{
  "number": 42,
  "created_at": "2020-11-06T18:18:30Z",
  "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42",
  "html_url": "https://github.com/owner/private-repo/security/secret-scanning/42",
  "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42/locations",
  "state": "open",
  "resolution": null,
  "resolved_at": null,
  "resolved_by": null,
  "secret_type": "mailchimp_api_key",
  "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2"
}

Not modified

Status: 304 Not Modified

Repository is public, or secret scanning is disabled for the repository, or the resource is not found

Status: 404 Not Found

Service unavailable

Status: 503 Service Unavailable

Notes

Works with GitHub Apps

Update a secret scanning alert

Updates the status of a secret scanning alert in a private repository. To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.

GitHub Apps must have the secret_scanning_alerts write permission to use this endpoint.

patch /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}

パラメータ

Name	Type	In	Description
`accept`	string	header	Setting to `application/vnd.github.v3+json` is recommended.
`owner`	string	path
`repo`	string	path
`alert_number`	integer	path	The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the `number` field in the response from the `GET /repos/{owner}/{repo}/code-scanning/alerts` operation.
`state`	string	body	Required. Sets the state of the secret scanning alert. Can be either `open` or `resolved`. You must provide `resolution` when you set the state to `resolved`.
`resolution`	string or nullable	body	Required when the `state` is `resolved`. The reason for resolving the alert. Can be one of `false_positive`, `wont_fix`, `revoked`, or `used_in_tests`.

コードサンプル

Shell

curl \
  -X PATCH \
  -H "Accept: application/vnd.github.v3+json" \
  https://{hostname}/api/v3/repos/octocat/hello-world/secret-scanning/alerts/42 \
  -d '{"state":"state"}'

JavaScript (@octokit/core.js)

await octokit.request('PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}', {
  owner: 'octocat',
  repo: 'hello-world',
  alert_number: 42,
  state: 'state'
})

Response

Status: 200 OK

{
  "number": 42,
  "created_at": "2020-11-06T18:18:30Z",
  "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42",
  "html_url": "https://github.com/owner/private-repo/security/secret-scanning/42",
  "locations_url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/42/locations",
  "state": "resolved",
  "resolution": "used_in_tests",
  "resolved_at": "2020-11-16T22:42:07Z",
  "resolved_by": {
    "login": "monalisa",
    "id": 2,
    "node_id": "MDQ6VXNlcjI=",
    "avatar_url": "https://alambic.github.com/avatars/u/2?",
    "gravatar_id": "",
    "url": "https://api.github.com/users/monalisa",
    "html_url": "https://github.com/monalisa",
    "followers_url": "https://api.github.com/users/monalisa/followers",
    "following_url": "https://api.github.com/users/monalisa/following{/other_user}",
    "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
    "organizations_url": "https://api.github.com/users/monalisa/orgs",
    "repos_url": "https://api.github.com/users/monalisa/repos",
    "events_url": "https://api.github.com/users/monalisa/events{/privacy}",
    "received_events_url": "https://api.github.com/users/monalisa/received_events",
    "type": "User",
    "site_admin": true
  },
  "secret_type": "mailchimp_api_key",
  "secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2"
}

Repository is public, or secret scanning is disabled for the repository, or the resource is not found

Status: 404 Not Found

State does not match the resolution

Status: 422 Unprocessable Entity

Service unavailable

Status: 503 Service Unavailable

Notes

Works with GitHub Apps