Back to GithubList Dependabot alerts for an enterprise
Lists Dependabot alerts for repositories that are owned by the specified enterprise.
To use this endpoint, you must be a member of the enterprise, and you must use an
access token with the repo
scope or security_events
scope.
Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization."
Input
type: object
properties:
parameters:
type: object
properties:
enterprise:
type: string
description: >-
The slug version of the enterprise name. You can also substitute this
value with the enterprise id.
state:
type: string
description: >-
A comma-separated list of states. If specified, only alerts with these
states will be returned.
Can be: `auto_dismissed`, `dismissed`, `fixed`, `open`
severity:
type: string
description: >-
A comma-separated list of severities. If specified, only alerts with
these severities will be returned.
Can be: `low`, `medium`, `high`, `critical`
ecosystem:
type: string
description: >-
A comma-separated list of ecosystems. If specified, only alerts for
these ecosystems will be returned.
Can be: `composer`, `go`, `maven`, `npm`, `nuget`, `pip`, `pub`,
`rubygems`, `rust`
package:
type: string
description: >-
A comma-separated list of package names. If specified, only alerts for
these packages will be returned.
scope:
type: string
enum:
- development
- runtime
description: >-
The scope of the vulnerable dependency. If specified, only alerts with
this scope will be returned.
sort:
type: string
enum:
- created
- updated
default: created
description: |-
The property by which to sort the results.
`created` means when the alert was created.
`updated` means when the alert's state last changed.
direction:
type: string
enum:
- asc
- desc
default: desc
description: The direction to sort the results by.
before:
type: string
description: >-
A cursor, as given in the [Link
header](https://docs.github.com/rest/guides/using-pagination-in-the-rest-api#using-link-headers).
If specified, the query only searches for results before this cursor.
after:
type: string
description: >-
A cursor, as given in the [Link
header](https://docs.github.com/rest/guides/using-pagination-in-the-rest-api#using-link-headers).
If specified, the query only searches for results after this cursor.
first:
type: integer
minimum: 1
maximum: 100
default: 30
description: >-
**Deprecated**. The number of results per page (max 100), starting
from the first matching result.
This parameter must not be used in combination with `last`.
Instead, use `per_page` in combination with `after` to fetch the first
page of results.
last:
type: integer
minimum: 1
maximum: 100
description: >-
**Deprecated**. The number of results per page (max 100), starting
from the last matching result.
This parameter must not be used in combination with `first`.
Instead, use `per_page` in combination with `before` to fetch the last
page of results.
per_page:
type: integer
default: 30
description: The number of results per page (max 100).
required:
- enterprise
title: Parameters
Output
type: array
items:
type: object
properties:
number:
type: integer
description: The security alert number.
readOnly: true
state:
type: string
description: The state of the Dependabot alert.
readOnly: true
enum:
- auto_dismissed
- dismissed
- fixed
- open
dependency:
type: object
properties:
package:
type: object
properties:
ecosystem:
type: string
description: The package's language or package management ecosystem.
readOnly: true
name:
type: string
description: The unique package name within its ecosystem.
readOnly: true
manifest_path:
type: string
description: >-
The full path to the dependency manifest file, relative to the root
of the repository.
readOnly: true
scope:
type: string
description: The execution scope of the vulnerable dependency.
readOnly: true
nullable: true
enum:
- development
- runtime
security_advisory:
type: object
properties:
ghsa_id:
type: string
description: The unique GitHub Security Advisory ID assigned to the advisory.
readOnly: true
cve_id:
type: string
description: The unique CVE ID assigned to the advisory.
readOnly: true
nullable: true
summary:
type: string
description: A short, plain text summary of the advisory.
readOnly: true
maxLength: 1024
description:
type: string
description: A long-form Markdown-supported description of the advisory.
readOnly: true
vulnerabilities:
type: array
description: Vulnerable version range information for the advisory.
readOnly: true
items:
type: object
properties:
package:
type: object
properties:
ecosystem:
type: string
description: The package's language or package management ecosystem.
readOnly: true
name:
type: string
description: The unique package name within its ecosystem.
readOnly: true
severity:
type: string
description: The severity of the vulnerability.
readOnly: true
enum:
- low
- medium
- high
- critical
vulnerable_version_range:
type: string
description: >-
Conditions that identify vulnerable versions of this
vulnerability's package.
readOnly: true
first_patched_version:
type: object
properties:
identifier:
type: string
description: The package version that patches this vulnerability.
readOnly: true
severity:
type: string
description: The severity of the advisory.
readOnly: true
enum:
- low
- medium
- high
- critical
cvss:
type: object
properties:
score:
type: number
description: The overall CVSS score of the advisory.
minimum: 0
maximum: 10
readOnly: true
vector_string:
type: string
description: The full CVSS vector string for the advisory.
readOnly: true
nullable: true
cwes:
type: array
description: Details for the advisory pertaining to Common Weakness Enumeration.
readOnly: true
items:
type: object
properties:
cwe_id:
type: string
description: The unique CWE ID.
readOnly: true
name:
type: string
description: The short, plain text name of the CWE.
readOnly: true
identifiers:
type: array
description: >-
Values that identify this advisory among security information
sources.
readOnly: true
items:
type: object
properties:
type:
type: string
description: The type of advisory identifier.
readOnly: true
enum:
- CVE
- GHSA
value:
type: string
description: The value of the advisory identifer.
readOnly: true
references:
type: array
description: Links to additional advisory information.
readOnly: true
items:
type: object
properties:
url:
type: string
description: The URL of the reference.
format: uri
readOnly: true
published_at:
type: string
description: >-
The time that the advisory was published in ISO 8601 format:
`YYYY-MM-DDTHH:MM:SSZ`.
format: date-time
readOnly: true
updated_at:
type: string
description: >-
The time that the advisory was last modified in ISO 8601 format:
`YYYY-MM-DDTHH:MM:SSZ`.
format: date-time
readOnly: true
withdrawn_at:
type: string
description: >-
The time that the advisory was withdrawn in ISO 8601 format:
`YYYY-MM-DDTHH:MM:SSZ`.
format: date-time
readOnly: true
nullable: true
security_vulnerability:
type: object
properties:
package:
type: object
properties:
ecosystem:
type: string
description: The package's language or package management ecosystem.
readOnly: true
name:
type: string
description: The unique package name within its ecosystem.
readOnly: true
severity:
type: string
description: The severity of the vulnerability.
readOnly: true
enum:
- low
- medium
- high
- critical
vulnerable_version_range:
type: string
description: >-
Conditions that identify vulnerable versions of this vulnerability's
package.
readOnly: true
first_patched_version:
type: object
properties:
identifier:
type: string
description: The package version that patches this vulnerability.
readOnly: true
url:
type: string
description: The REST API URL of the alert resource.
format: uri
readOnly: true
html_url:
type: string
description: The GitHub URL of the alert resource.
format: uri
readOnly: true
created_at:
type: string
description: >-
The time that the alert was created in ISO 8601 format:
`YYYY-MM-DDTHH:MM:SSZ`.
format: date-time
readOnly: true
updated_at:
type: string
description: >-
The time that the alert was last updated in ISO 8601 format:
`YYYY-MM-DDTHH:MM:SSZ`.
format: date-time
readOnly: true
dismissed_at:
type: string
description: >-
The time that the alert was dismissed in ISO 8601 format:
`YYYY-MM-DDTHH:MM:SSZ`.
format: date-time
readOnly: true
nullable: true
dismissed_by:
type: object
title: Simple User
properties:
name:
nullable: true
type: string
email:
nullable: true
type: string
login:
type: string
example: octocat
id:
type: integer
example: 1
node_id:
type: string
example: MDQ6VXNlcjE=
avatar_url:
type: string
format: uri
example: https://github.com/images/error/octocat_happy.gif
gravatar_id:
type: string
example: 41d064eb2195891e12d0413f63227ea7
nullable: true
url:
type: string
format: uri
example: https://api.github.com/users/octocat
html_url:
type: string
format: uri
example: https://github.com/octocat
followers_url:
type: string
format: uri
example: https://api.github.com/users/octocat/followers
following_url:
type: string
example: https://api.github.com/users/octocat/following{/other_user}
gists_url:
type: string
example: https://api.github.com/users/octocat/gists{/gist_id}
starred_url:
type: string
example: https://api.github.com/users/octocat/starred{/owner}{/repo}
subscriptions_url:
type: string
format: uri
example: https://api.github.com/users/octocat/subscriptions
organizations_url:
type: string
format: uri
example: https://api.github.com/users/octocat/orgs
repos_url:
type: string
format: uri
example: https://api.github.com/users/octocat/repos
events_url:
type: string
example: https://api.github.com/users/octocat/events{/privacy}
received_events_url:
type: string
format: uri
example: https://api.github.com/users/octocat/received_events
type:
type: string
example: User
site_admin:
type: boolean
starred_at:
type: string
example: '"2020-07-09T00:17:55Z"'
dismissed_reason:
type: string
description: The reason that the alert was dismissed.
nullable: true
enum:
- fix_started
- inaccurate
- no_bandwidth
- not_used
- tolerable_risk
dismissed_comment:
type: string
description: An optional comment associated with the alert's dismissal.
nullable: true
maxLength: 280
fixed_at:
type: string
description: >-
The time that the alert was no longer detected and was considered fixed
in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.
format: date-time
readOnly: true
nullable: true
auto_dismissed_at:
type: string
description: >-
The time that the alert was auto-dismissed in ISO 8601 format:
`YYYY-MM-DDTHH:MM:SSZ`.
format: date-time
readOnly: true
nullable: true
repository:
type: object
title: Simple Repository
properties:
id:
type: integer
example: 1296269
description: A unique identifier of the repository.
node_id:
type: string
example: MDEwOlJlcG9zaXRvcnkxMjk2MjY5
description: The GraphQL identifier of the repository.
name:
type: string
example: Hello-World
description: The name of the repository.
full_name:
type: string
example: octocat/Hello-World
description: The full, globally unique, name of the repository.
owner:
type: object
title: Simple User
properties:
name:
nullable: true
type: string
email:
nullable: true
type: string
login:
type: string
example: octocat
id:
type: integer
example: 1
node_id:
type: string
example: MDQ6VXNlcjE=
avatar_url:
type: string
format: uri
example: https://github.com/images/error/octocat_happy.gif
gravatar_id:
type: string
example: 41d064eb2195891e12d0413f63227ea7
nullable: true
url:
type: string
format: uri
example: https://api.github.com/users/octocat
html_url:
type: string
format: uri
example: https://github.com/octocat
followers_url:
type: string
format: uri
example: https://api.github.com/users/octocat/followers
following_url:
type: string
example: https://api.github.com/users/octocat/following{/other_user}
gists_url:
type: string
example: https://api.github.com/users/octocat/gists{/gist_id}
starred_url:
type: string
example: https://api.github.com/users/octocat/starred{/owner}{/repo}
subscriptions_url:
type: string
format: uri
example: https://api.github.com/users/octocat/subscriptions
organizations_url:
type: string
format: uri
example: https://api.github.com/users/octocat/orgs
repos_url:
type: string
format: uri
example: https://api.github.com/users/octocat/repos
events_url:
type: string
example: https://api.github.com/users/octocat/events{/privacy}
received_events_url:
type: string
format: uri
example: https://api.github.com/users/octocat/received_events
type:
type: string
example: User
site_admin:
type: boolean
starred_at:
type: string
example: '"2020-07-09T00:17:55Z"'
private:
type: boolean
description: Whether the repository is private.
html_url:
type: string
format: uri
example: https://github.com/octocat/Hello-World
description: The URL to view the repository on GitHub.com.
description:
type: string
example: This your first repo!
nullable: true
description: The repository description.
fork:
type: boolean
description: Whether the repository is a fork.
url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World
description: >-
The URL to get more information about the repository from the GitHub
API.
archive_url:
type: string
example: >-
https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}
description: A template for the API URL to download the repository as an archive.
assignees_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/assignees{/user}
description: >-
A template for the API URL to list the available assignees for
issues in the repository.
blobs_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}
description: >-
A template for the API URL to create or retrieve a raw Git blob in
the repository.
branches_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/branches{/branch}
description: >-
A template for the API URL to get information about branches in the
repository.
collaborators_url:
type: string
example: >-
https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}
description: >-
A template for the API URL to get information about collaborators of
the repository.
comments_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/comments{/number}
description: >-
A template for the API URL to get information about comments on the
repository.
commits_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/commits{/sha}
description: >-
A template for the API URL to get information about commits on the
repository.
compare_url:
type: string
example: >-
https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}
description: A template for the API URL to compare two commits or refs.
contents_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/contents/{+path}
description: A template for the API URL to get the contents of the repository.
contributors_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/contributors
description: >-
A template for the API URL to list the contributors to the
repository.
deployments_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/deployments
description: The API URL to list the deployments of the repository.
downloads_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/downloads
description: The API URL to list the downloads on the repository.
events_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/events
description: The API URL to list the events of the repository.
forks_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/forks
description: The API URL to list the forks of the repository.
git_commits_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}
description: >-
A template for the API URL to get information about Git commits of
the repository.
git_refs_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}
description: >-
A template for the API URL to get information about Git refs of the
repository.
git_tags_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}
description: >-
A template for the API URL to get information about Git tags of the
repository.
issue_comment_url:
type: string
example: >-
https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}
description: >-
A template for the API URL to get information about issue comments
on the repository.
issue_events_url:
type: string
example: >-
https://api.github.com/repos/octocat/Hello-World/issues/events{/number}
description: >-
A template for the API URL to get information about issue events on
the repository.
issues_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/issues{/number}
description: >-
A template for the API URL to get information about issues on the
repository.
keys_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/keys{/key_id}
description: >-
A template for the API URL to get information about deploy keys on
the repository.
labels_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/labels{/name}
description: >-
A template for the API URL to get information about labels of the
repository.
languages_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/languages
description: >-
The API URL to get information about the languages of the
repository.
merges_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/merges
description: The API URL to merge branches in the repository.
milestones_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/milestones{/number}
description: >-
A template for the API URL to get information about milestones of
the repository.
notifications_url:
type: string
example: >-
https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}
description: >-
A template for the API URL to get information about notifications on
the repository.
pulls_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/pulls{/number}
description: >-
A template for the API URL to get information about pull requests on
the repository.
releases_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/releases{/id}
description: >-
A template for the API URL to get information about releases on the
repository.
stargazers_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/stargazers
description: The API URL to list the stargazers on the repository.
statuses_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/statuses/{sha}
description: >-
A template for the API URL to get information about statuses of a
commit.
subscribers_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/subscribers
description: The API URL to list the subscribers on the repository.
subscription_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/subscription
description: The API URL to subscribe to notifications for this repository.
tags_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/tags
description: The API URL to get information about tags on the repository.
teams_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/teams
description: The API URL to list the teams on the repository.
trees_url:
type: string
example: https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}
description: >-
A template for the API URL to create or retrieve a raw Git tree of
the repository.
hooks_url:
type: string
format: uri
example: https://api.github.com/repos/octocat/Hello-World/hooks
description: The API URL to list the hooks on the repository.