app_idinteger
Filters check suites by GitHub App id.
Example:1
check_namestring
Returns check runs with the specified name.
per_pageinteger
Results per page (max 100)
Default:30
pageinteger
Page number of the results to fetch.
Default:1
List check suites for a Git reference
Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array and a null value for head_branch.
Lists check suites for a commit ref. The ref can be a SHA, branch name, or a tag name. GitHub Apps must have the checks:read permission on a private repository or pull access to a public repository to list check suites. OAuth Apps and authenticated users must have the repo scope to get check suites in a private repository.
get
http://HOSTNAME/api/v3/repos/{owner}/{repo}/commits/{ref}/check-suites
Query Parameters
Path Parameters
ownerstringrequired
repostringrequired
refstringrequired
ref parameter
Response
200 application/json
Response
200 application/json
Response
total_countintegerrequired
check_suitesarray[object]required
A suite of checks performed on the code of a given code change
Show Child Parameters
get/repos/{owner}/{repo}/commits/{ref}/check-suites
Path Parameters
Query Parameters
200 application/json
code-scanning
Retrieve code scanning alerts from a repository.
List code scanning alerts for a repository
Lists all open code scanning alerts for the default branch (usually main
or master). You must use an access token with the security_events scope to use
this endpoint. GitHub Apps must have the security_events read permission to use
this endpoint.
The response includes a most_recent_instance object.
This provides details of the most recent instance of this alert
for the default branch or for the specified Git reference
(if you used ref in the request).
get
http://HOSTNAME/api/v3/repos/{owner}/{repo}/code-scanning/alerts
Query Parameters
tool_namestring
The name of the tool used to generate the code scanning analysis.
tool_guidstring | null
The GUID of the tool used to generate the code scanning analysis, if provided in the uploaded SARIF data.
pageinteger
Page number of the results to fetch.
Default:1
per_pageinteger
Results per page (max 100)
Default:30
refstring
The full Git reference, formatted as refs/heads/<branch name>,
refs/pull/<number>/merge, or refs/pull/<number>/head.
statestring
State of a code scanning alert.
Allowed values:opencloseddismissedfixed
Path Parameters
ownerstringrequired
repostringrequired
Response
application/json
Response
application/json
Response
numberintegerrequiredread-only
The security alert number.
created_atstring(date-time)requiredread-only
The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
urlstring(uri)requiredread-only
The REST API URL of the alert resource.
html_urlstring(uri)requiredread-only
The GitHub URL of the alert resource.
instances_urlstring(uri)requiredread-only
The REST API URL for fetching the list of instances for an alert.
statestringrequired
State of a code scanning alert.
Allowed values:opencloseddismissedfixed
dismissed_byobject | nullrequired
Simple User
Show Child Parameters
dismissed_atstring | null(date-time)requiredread-only
The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
dismissed_reasonstring | nullrequired
Required when the state is dismissed. The reason for dismissing or closing the alert. Can be one of: false positive, won't fix, and used in tests.
Allowed values:false positivewon't fixused in tests
ruleobjectrequired
Show Child Parameters
toolobjectrequired
Show Child Parameters
most_recent_instanceobjectrequired
Show Child Parameters
get/repos/{owner}/{repo}/code-scanning/alerts
Path Parameters
Query Parameters
application/json
Get a code scanning alert
Gets a single code scanning alert. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events read permission to use this endpoint.
Deprecation notice:
The instances field is deprecated and will, in future, not be included in the response for this endpoint. The example response reflects this change. The same information can now be retrieved via a GET request to the URL specified by instances_url.
get
http://HOSTNAME/api/v3/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}
Path Parameters
ownerstringrequired
repostringrequired
alert_numberintegerrequiredread-only
The security alert number.
Response
application/json
Response
application/json
Response
code-scanning-alert
numberintegerrequiredread-only
The security alert number.
created_atstring(date-time)requiredread-only
The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
urlstring(uri)requiredread-only
The REST API URL of the alert resource.
html_urlstring(uri)requiredread-only
The GitHub URL of the alert resource.
instances_urlstring(uri)requiredread-only
The REST API URL for fetching the list of instances for an alert.
statestringrequired
State of a code scanning alert.
Allowed values:opencloseddismissedfixed
dismissed_byobject | nullrequired
Simple User
Show Child Parameters
dismissed_atstring | null(date-time)requiredread-only
The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
dismissed_reasonstring | nullrequired
Required when the state is dismissed. The reason for dismissing or closing the alert. Can be one of: false positive, won't fix, and used in tests.
Allowed values:false positivewon't fixused in tests
ruleobjectrequired
Show Child Parameters
toolobjectrequired
Show Child Parameters
most_recent_instanceobjectrequired
Show Child Parameters
instancesDEPRECATED
get/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}
Path Parameters
application/json
Update a code scanning alert
Updates the status of a single code scanning alert. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events write permission to use this endpoint.
patch
http://HOSTNAME/api/v3/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}
Path Parameters
ownerstringrequired
repostringrequired
alert_numberintegerrequiredread-only
The security alert number.
Body
application/json
Body
application/json
statestringrequired
Sets the state of the code scanning alert. Can be one of open or dismissed. You must provide dismissed_reason when you set the state to dismissed.
Allowed values:opendismissed
dismissed_reasonstring | null
Required when the state is dismissed. The reason for dismissing or closing the alert. Can be one of: false positive, won't fix, and used in tests.
Allowed values:false positivewon't fixused in tests
Response
application/json
Response
application/json
Response
code-scanning-alert
numberintegerrequiredread-only
The security alert number.
created_atstring(date-time)requiredread-only
The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
urlstring(uri)requiredread-only
The REST API URL of the alert resource.
html_urlstring(uri)requiredread-only
The GitHub URL of the alert resource.
instances_urlstring(uri)requiredread-only
The REST API URL for fetching the list of instances for an alert.
statestringrequired
State of a code scanning alert.
Allowed values:opencloseddismissedfixed
dismissed_byobject | nullrequired
Simple User
Show Child Parameters
dismissed_atstring | null(date-time)requiredread-only
The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.
dismissed_reasonstring | nullrequired
Required when the state is dismissed. The reason for dismissing or closing the alert. Can be one of: false positive, won't fix, and used in tests.
Allowed values:false positivewon't fixused in tests
ruleobjectrequired
Show Child Parameters
toolobjectrequired
Show Child Parameters
most_recent_instanceobjectrequired
Show Child Parameters
instancesDEPRECATED
patch/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}
Path Parameters
Body
{
"state": "dismissed",
"dismissed_reason": "false positive"
}
application/json