Gets a single code scanning alert. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events read permission to use this endpoint.
The security alert_number is found at the end of the security alert's URL. For example, the security alert ID for https://github.com/Octo-org/octo-repo/security/code-scanning/88 is 88.
octokit.codeScanning.getAlert({owner,repo,alert_number,});
| name | required | description |
|---|---|---|
| owner | yes | |
| repo | yes | |
| alert_number | yes | |
| alert_id | no |
See also: GitHub Developer Guide documentation.
Lists all open code scanning alerts for the default branch (usually main or master). You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events read permission to use this endpoint.
octokit.codeScanning.listAlertsForRepo({owner,repo,});
| name | required | description |
|---|---|---|
| owner | yes | |
| repo | yes | |
| state | no | Set to |
| ref | no | Set a full Git reference to list alerts for a specific branch. The |
See also: GitHub Developer Guide documentation.
List the details of recent code scanning analyses for a repository. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events read permission to use this endpoint.
octokit.codeScanning.listRecentAnalyses({owner,repo,});
| name | required | description |
|---|---|---|
| owner | yes | |
| repo | yes | |
| ref | no | Set a full Git reference to list alerts for a specific branch. The |
| tool_name | no | Set a single code scanning tool name to filter alerts by tool. |
See also: GitHub Developer Guide documentation.
Updates the status of a single code scanning alert. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events write permission to use this endpoint.
octokit.codeScanning.updateAlert({owner,repo,alert_number,state,});
| name | required | description |
|---|---|---|
| owner | yes | |
| repo | yes | |
| alert_number | yes | The security alert number, found at the end of the security alert's URL. |
| state | yes | Sets the state of the code scanning alert. Can be one of |
| dismissed_reason | no | Required when the state is dismissed. The reason for dismissing or closing the alert. Can be one of: |
See also: GitHub Developer Guide documentation.
Upload a SARIF file containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events write permission to use this endpoint.
octokit.codeScanning.uploadSarif({owner,repo,commit_sha,ref,sarif,tool_name,});
| name | required | description |
|---|---|---|
| owner | yes | |
| repo | yes | |
| commit_sha | yes | The commit SHA of the code scanning analysis file. |
| ref | yes | The full Git reference of the code scanning analysis file, formatted as |
| sarif | yes | A Base64 string representing the SARIF file to upload. You must first compress your SARIF file using |
| checkout_uri | no | The base directory used in the analysis, as it appears in the SARIF file. This property is used to convert file paths from absolute to relative, so that alerts can be mapped to their correct location in the repository. |
| started_at | no | The time that the analysis run began. This is a timestamp in ISO 8601 format: |
| tool_name | yes | The name of the tool used to generate the code scanning analysis alert. |
See also: GitHub Developer Guide documentation.