ownerstringrequired
repostringrequired
alert_numberintegerrequiredread-only
The security alert number.
Update a code scanning alert
Updates the status of a single code scanning alert. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events write permission to use this endpoint.
patch
{protocol}://{hostname}/api/v3/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}
Path Parameters
Body
application/json
Body
application/json
statestringrequired
Sets the state of the code scanning alert. Can be one of open or dismissed. You must provide dismissed_reason when you set the state to dismissed.
Allowed values:opendismissed
dismissed_reasonstring | null
Required when the state is dismissed. The reason for dismissing or closing the alert. Can be one of: false positive, won't fix, and used in tests.
Allowed values:false positivewon't fixused in tests
Response
application/json
Response
application/json
Response
code-scanning-alert
numberintegerrequiredread-only
The security alert number.
created_atstring(date-time)requiredread-only
The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
urlstring(uri)requiredread-only
The REST API URL of the alert resource.
html_urlstring(uri)requiredread-only
The GitHub URL of the alert resource.
instances_urlstring(uri)requiredread-only
The REST API URL for fetching the list of instances for an alert.
statestringrequired
State of a code scanning alert.
Allowed values:opencloseddismissedfixed
dismissed_byobject | nullrequired
Simple User
Show Child Parameters
dismissed_atstring | null(date-time)requiredread-only
The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
dismissed_reasonstring | nullrequired
Required when the state is dismissed. The reason for dismissing or closing the alert. Can be one of: false positive, won't fix, and used in tests.
Allowed values:false positivewon't fixused in tests
ruleobjectrequired
Show Child Parameters
toolobjectrequired
Show Child Parameters
most_recent_instanceobjectrequired
Show Child Parameters
instancesDEPRECATED
patch/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}
Path Parameters
Body
{
"state": "dismissed",
"dismissed_reason": "false positive"
}
application/json
List code scanning analyses for a repository
Lists the details of all code scanning analyses for a repository,
starting with the most recent.
The response is paginated and you can use the page and per_page parameters
to list the analyses you’re interested in.
By default 30 analyses are listed per page.
The rules_count field in the response give the number of rules
that were run in the analysis.
For very old analyses this data is not available,
and 0 is returned in this field.
You must use an access token with the security_events scope to use this endpoint.
GitHub Apps must have the security_events read permission to use this endpoint.
Deprecation notice:
The tool_name field is deprecated and will, in future, not be included in the response for this endpoint. The example response reflects this change. The tool name can now be found inside the tool field.
get
{protocol}://{hostname}/api/v3/repos/{owner}/{repo}/code-scanning/analyses
Query Parameters
tool_namestring
The name of the tool used to generate the code scanning analysis.
tool_guidstring | null
The GUID of the tool used to generate the code scanning analysis, if provided in the uploaded SARIF data.
pageinteger
Page number of the results to fetch.
Default:1
per_pageinteger
Results per page (max 100)
Default:30
refstring
The full Git reference, formatted as refs/heads/<branch name>,
refs/pull/<number>/merge, or refs/pull/<number>/head.
sarif_idstring
An identifier for the upload.
Example:6c81cd8e-b078-4ac3-a3be-1dad7dbd0b53
Path Parameters
ownerstringrequired
repostringrequired
Response
application/json
Response
application/json
Response
refstringrequired
The full Git reference, formatted as refs/heads/<branch name>,
refs/pull/<number>/merge, or refs/pull/<number>/head.
commit_shastringrequired
The SHA of the commit to which the analysis you are uploading relates.
Match pattern:^[0-9a-fA-F]+$
>= 40 characters<= 40 characters
analysis_keystringrequired
Identifies the configuration under which the analysis was executed. For example, in GitHub Actions this includes the workflow filename and job name.
environmentstringrequired
Identifies the variable values associated with the environment in which this analysis was performed.
categorystring
Identifies the configuration under which the analysis was executed. Used to distinguish between multiple analyses for the same tool and commit, but performed on different languages or different parts of the code.
errorstringrequired
Example:error reading field xyz
created_atstring(date-time)requiredread-only
The time that the analysis was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
results_countintegerrequired
The total number of results in the analysis.
rules_countintegerrequired
The total number of rules used in the analysis.
idintegerrequired
Unique identifier for this analysis.
urlstring(uri)requiredread-only
The REST API URL of the analysis resource.
sarif_idstringrequired
An identifier for the upload.
Example:6c81cd8e-b078-4ac3-a3be-1dad7dbd0b53
toolobjectrequired
Show Child Parameters
deletablebooleanrequired
warningstringrequired
Warning generated when processing the analysis
Example:123 results were ignored
tool_namestring
get/repos/{owner}/{repo}/code-scanning/analyses
Path Parameters
Query Parameters
application/json
Upload an analysis as SARIF data
Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events write permission to use this endpoint.
There are two places where you can upload code scanning results.
- If you upload to a pull request, for example
--ref refs/pull/42/mergeor--ref refs/pull/42/head, then the results appear as alerts in a pull request check. For more information, see “Triaging code scanning alerts in pull requests.” - If you upload to a branch, for example
--ref refs/heads/my-branch, then the results appear in the Security tab for your repository. For more information, see “Managing code scanning alerts for your repository.”
You must compress the SARIF-formatted analysis data that you want to upload, using gzip, and then encode it as a Base64 format string. For example:
gzip -c analysis-data.sarif | base64 -w0
SARIF upload supports a maximum of 1000 results per analysis run. Any results over this limit are ignored. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.
The 202 Accepted, response includes an id value.
You can use this ID to check the status of the upload by using this for the /sarifs/{sarif_id} endpoint.
For more information, see “Get information about a SARIF upload.”
post
{protocol}://{hostname}/api/v3/repos/{owner}/{repo}/code-scanning/sarifs
Path Parameters
ownerstringrequired
repostringrequired
Body
application/json
Body
application/json
commit_shastringrequired
The SHA of the commit to which the analysis you are uploading relates.
Match pattern:^[0-9a-fA-F]+$
>= 40 characters<= 40 characters
refstringrequired
The full Git reference, formatted as refs/heads/<branch name>,
refs/pull/<number>/merge, or refs/pull/<number>/head.
sarifstringrequired
A Base64 string representing the SARIF file to upload. You must first compress your SARIF file using gzip and then translate the contents of the file into a Base64 encoding string. For more information, see “SARIF support for code scanning.”
checkout_uristring(uri)
The base directory used in the analysis, as it appears in the SARIF file.
This property is used to convert file paths from absolute to relative, so that alerts can be mapped to their correct location in the repository.
Example:file:///github/workspace/
started_atstring(date-time)
The time that the analysis run began. This is a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
tool_namestring
The name of the tool used to generate the code scanning analysis. If this parameter is not used, the tool name defaults to “API”. If the uploaded SARIF contains a tool GUID, this will be available for filtering using the tool_guid parameter of operations such as GET /repos/{owner}/{repo}/code-scanning/alerts.
Response
application/json
Response
application/json
Response
code-scanning-sarifs-receipt
idstring
An identifier for the upload.
Example:6c81cd8e-b078-4ac3-a3be-1dad7dbd0b53
urlstring(uri)read-only
The REST API URL for checking the status of the upload.
post/repos/{owner}/{repo}/code-scanning/sarifs
Path Parameters
Body
{
"commit_sha": "commit_sha",
"ref": "ref",
"sarif": "sarif"
}
application/json
Get all codes of conduct
get
{protocol}://{hostname}/api/v3/codes_of_conduct
Response
application/json
Response
application/json
Response
Code Of Conduct
keystringrequired
Example:contributor_covenant
namestringrequired
Example:Contributor Covenant
urlstring(uri)required
Example:https://api.github.com/codes_of_conduct/contributor_covenant
bodystring
Example:# Contributor Covenant Code of Conduct ## Our Pledge In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. ## Our Standards Examples of behavior that contributes to creating a positive environment include: * Using welcoming and inclusive language * Being respectful of differing viewpoints and experiences * Gracefully accepting constructive criticism * Focusing on what is best for the community * Showing empathy towards other community members Examples of unacceptable behavior by participants include: * The use of sexualized language or imagery and unwelcome sexual attention or advances * Trolling, insulting/derogatory comments, and personal or political attacks * Public or private harassment * Publishing others' private information, such as a physical or electronic address, without explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting ## Our Responsibilities Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. ## Scope This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [EMAIL]. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] [homepage]: http://contributor-covenant.org [version]: http://contributor-covenant.org/version/1/4/
html_urlstring | null(uri)required
get/codes_of_conduct
application/json
Get a code of conduct
get
{protocol}://{hostname}/api/v3/codes_of_conduct/{key}
Path Parameters
keystringrequired
Response
application/json
Response
application/json
Response
Code Of Conduct
Code Of Conduct
keystringrequired
Example:contributor_covenant
namestringrequired
Example:Contributor Covenant
urlstring(uri)required
Example:https://api.github.com/codes_of_conduct/contributor_covenant
bodystring
Example:# Contributor Covenant Code of Conduct ## Our Pledge In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. ## Our Standards Examples of behavior that contributes to creating a positive environment include: * Using welcoming and inclusive language * Being respectful of differing viewpoints and experiences * Gracefully accepting constructive criticism * Focusing on what is best for the community * Showing empathy towards other community members Examples of unacceptable behavior by participants include: * The use of sexualized language or imagery and unwelcome sexual attention or advances * Trolling, insulting/derogatory comments, and personal or political attacks * Public or private harassment * Publishing others' private information, such as a physical or electronic address, without explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting ## Our Responsibilities Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. ## Scope This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [EMAIL]. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] [homepage]: http://contributor-covenant.org [version]: http://contributor-covenant.org/version/1/4/
html_urlstring | null(uri)required
get/codes_of_conduct/{key}
Path Parameters
application/json