Skip to main content
我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们
Enterprise Cloud
简体中文
注册
 
REST API
Enterprise Cloud
简体中文
注册

 

依赖项审查

通过依赖项审查 API,您可以在将这些更改添加到环境之前了解依赖项更改以及这些更改的安全影响。

关于依赖项审查 API

Note: The Dependency Review API is currently in public beta and subject to change.

通过依赖项审查 API,您可以在将这些更改添加到环境之前了解依赖项更改以及这些更改的安全影响。 您可以查看存储库的两次提交之间的依赖项差异,包括具有已知漏洞的任何版本更新的漏洞数据。 有关依赖项审查的详细信息,请参阅“关于依赖项审查”。

Get a diff of the dependencies between commits

Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.

参数

标头
acceptstring

Setting to application/vnd.github+json is recommended.

路径参数
ownerstring必选

The account owner of the repository. The name is not case sensitive.

repostring必选

The name of the repository. The name is not case sensitive.

baseheadstring必选

The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format {base}...{head}.

查询参数
namestring

The full path, relative to the repository root, of the dependency manifest file.

HTTP 响应状态代码

状态代码描述
200

OK

403

Forbidden

404

Resource not found

代码示例

get/repos/{owner}/{repo}/dependency-graph/compare/{basehead}
curl \ -H "Accept: application/vnd.github+json" \ -H "Authorization: token <TOKEN>" \ https://api.github.com/repos/OWNER/REPO/dependency-graph/compare/BASEHEAD

Response

Status: 200
[ { "change_type": "removed", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "4.6.0", "package_url": "pkg:npm/helmet@4.6.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "package.json", "ecosystem": "npm", "name": "helmet", "version": "5.0.0", "package_url": "pkg:npm/helmet@5.0.0", "license": "MIT", "source_repository_url": "https://github.com/helmetjs/helmet", "vulnerabilities": [] }, { "change_type": "added", "manifest": "Gemfile", "ecosystem": "rubygems", "name": "ruby-openid", "version": "2.7.0", "package_url": "pkg:gem/ruby-openid@2.7.0", "license": null, "source_repository_url": "https://github.com/openid/ruby-openid", "vulnerabilities": [ { "severity": "critical", "advisory_ghsa_id": "GHSA-fqfj-cmh6-hj49", "advisory_summary": "Ruby OpenID", "advisory_url": "https://github.com/advisories/GHSA-fqfj-cmh6-hj49" } ] } ]