Back to GithubList code scanning analyses for a repository
Lists the details of all code scanning analyses for a repository,
starting with the most recent.
The response is paginated and you can use the page
and per_page
parameters
to list the analyses you're interested in.
By default 30 analyses are listed per page.
The rules_count
field in the response give the number of rules
that were run in the analysis.
For very old analyses this data is not available,
and 0
is returned in this field.
You must use an access token with the security_events
scope to use this endpoint with private repos,
the public_repo
scope also grants permission to read security events on public repos only.
GitHub Apps must have the security_events
read permission to use this endpoint.
Deprecation notice:
The tool_name
field is deprecated and will, in future, not be included in the response for this endpoint. The example response reflects this change. The tool name can now be found inside the tool
field.
Input
type: object
properties:
parameters:
type: object
properties:
owner:
type: string
description: The account owner of the repository. The name is not case sensitive.
repo:
type: string
description: The name of the repository. The name is not case sensitive.
tool_name:
type: string
description: The name of the tool used to generate the code scanning analysis.
tool_guid:
nullable: true
type: string
description: >-
The GUID of the tool used to generate the code scanning analysis, if
provided in the uploaded SARIF data.
page:
type: integer
default: 1
description: Page number of the results to fetch.
per_page:
type: integer
default: 30
description: The number of results per page (max 100).
ref:
type: string
description: |-
The full Git reference, formatted as `refs/heads/<branch name>`,
`refs/pull/<number>/merge`, or `refs/pull/<number>/head`.
sarif_id:
type: string
description: An identifier for the upload.
example: 6c81cd8e-b078-4ac3-a3be-1dad7dbd0b53
direction:
type: string
enum:
- asc
- desc
default: desc
description: The direction to sort the results by.
sort:
type: string
enum:
- created
default: created
description: The property by which to sort the results.
required:
- owner
- repo
title: Parameters
Output
type: array
items:
type: object
properties:
ref:
type: string
description: |-
The full Git reference, formatted as `refs/heads/<branch name>`,
`refs/pull/<number>/merge`, or `refs/pull/<number>/head`.
commit_sha:
description: The SHA of the commit to which the analysis you are uploading relates.
type: string
minLength: 40
maxLength: 40
pattern: ^[0-9a-fA-F]+$
analysis_key:
type: string
description: >-
Identifies the configuration under which the analysis was executed. For
example, in GitHub Actions this includes the workflow filename and job
name.
environment:
type: string
description: >-
Identifies the variable values associated with the environment in which
this analysis was performed.
category:
type: string
description: >-
Identifies the configuration under which the analysis was executed. Used
to distinguish between multiple analyses for the same tool and commit,
but performed on different languages or different parts of the code.
error:
type: string
example: error reading field xyz
created_at:
type: string
description: >-
The time that the analysis was created in ISO 8601 format:
`YYYY-MM-DDTHH:MM:SSZ`.
format: date-time
readOnly: true
results_count:
type: integer
description: The total number of results in the analysis.
rules_count:
type: integer
description: The total number of rules used in the analysis.
id:
type: integer
description: Unique identifier for this analysis.
url:
type: string
description: The REST API URL of the analysis resource.
format: uri
readOnly: true
sarif_id:
type: string
description: An identifier for the upload.
example: 6c81cd8e-b078-4ac3-a3be-1dad7dbd0b53
tool:
type: object
properties:
name:
type: string
description: The name of the tool used to generate the code scanning analysis.
version:
nullable: true
type: string
description: The version of the tool used to generate the code scanning analysis.
guid:
nullable: true
type: string
description: >-
The GUID of the tool used to generate the code scanning analysis, if
provided in the uploaded SARIF data.
deletable:
type: boolean
warning:
type: string
description: Warning generated when processing the analysis
example: 123 results were ignored