堆栈内存溢出
  简体   繁体   English

如何使用 Github API 检查是否为 Repo 启用了 Dependabot?

[英]How can I check if Dependabot is enabled for a Repo using Github APIs?

 原文  2021-08-03 05:53:33       github/ automation/ github-actions/ github-api/ github-graphql

问题描述

I've gone through Github Rest API v3 and Github GraphQL API v4 but I'm unable to find a resource/endpoint to check if dependabot is enabled via the API?我已经通过 Github Rest API v3 和 Github GraphQL API v4 但我无法找到资源/端点来检查是否通过 88103030 启用了依赖机器人? I've gone through loads of documentation but was unable to find anything helpful.我浏览了大量文档,但找不到任何有用的信息。 Could someone please point me to the correct document or tell me which resource to use?有人可以指点我正确的文件或告诉我使用哪个资源吗? Thanks!谢谢!

4 个解决方案

解决方案1
 0  2021-08-04 13:30:06

There was a dependabot API docs that could have helped, but it was deprecated in August 3rd 2021.有一个dependabot API 文档可以提供帮助,但它在 2021 年 8 月 3 日被弃用。

However, a workaround would be to check if the dependabot.yml file is present in your repository or not using a GET request to api.github.com/repos/name/repo/contents/fileNameOrPath .然而,一个解决方法是检查dependabot.yml文件存在于你的仓库或不使用GET请求api.github.com/repos/name/repo/contents/fileNameOrPath

Reference about the dependabot.yml file 关于dependabot.yml文件的参考

解决方案2
 0  2021-11-24 18:18:36

Now that Dependabot is merged into GitHub, there are two different components that could be enabled in the Security & analysis section of the settings of a given GitHub repo:现在 Dependabot 已合并到 GitHub,可以在给定 GitHub 存储库设置的安全和分析部分启用两个不同的组件:

  1. Dependabot alerts Dependabot 警报
  2. Dependabot security updates Dependabot 安全更新

(Both require Dependency graph to also be enabled in the same section) (两者都需要在同一部分中启用依赖关系图)

The first is just whether alerts are created, the second is whether automated pull requests are generated when a fix is available.第一个是是否创建警报,第二个是在修复可用时是否生成自动拉取请求。

Checking if Dependabot alerts are enabled检查 Dependabot 警报是否已启用

According to the GitHub REST API Reference , you can check whether Dependabot alerts are enabled via the GitHub REST API at the following endpoint: https://api.github.com/repos/{owner}/{repo}/vulnerability-alerts根据GitHub REST API Reference ,您可以通过以下端点的 GitHub REST API 检查是否启用了 Dependabot 警报: https://api.github.com/repos/{owner}/{repo}/vulnerability-alerts ://api.github.com/repos/{owner}/{repo}/vulnerability-alerts

A 204 response confirms the feature is enabled, a 404 means it is not. 204 响应确认该功能已启用,404 表示未启用。

Checking if Dependabot security updates are enabled检查是否启用了 Dependabot 安全更新

Curiously, the GitHub REST API Reference lists requests to enable or disable the feature, but not to get the current status of the feature for a given repo.奇怪的是,GitHub REST API 参考列出了启用禁用该功能的请求,而不是获取给定存储库的该功能的当前状态。

For that, as GuiFalourd indicated using the GraphQL API to check for the presence of a .github/dependabot.yml file is the way to go, using something like the following against the Graph endpoint https://api.github.com/graphql为此,正如 GuiFalourd 指出的那样,使用 GraphQL API 检查.github/dependabot.yml文件的存在是.github/dependabot.yml的方法,对 Graph 端点使用类似以下内容https://api.github.com/graphql

Query询问

{
    repository(name: "{repo}", owner: "{owner}") {
        object(expression: "HEAD:.github/") {
            ... on Tree {
                entries {
                    name
                }
            }
        }
    }
}

Response if file is present:如果文件存在则响应:

{
    "data": {
        "repository": {
            "object": {
                "entries": [
                    {
                        "name": "dependabot.yml"
                    }
                ]
            }
        }
    }
}

Response if file is not present:如果文件不存在则响应:

{
    "data": {
        "repository": {
            "object": null
        }
    }
}

解决方案3
 0  2022-02-22 10:16:48

Answer by @epopisces is to the point, I was also looking for the same thing. @epopisces 的回答很重要,我也在寻找同样的东西。 Now addition to what he said.现在补充一下他说的。 Checking the status of Dependabot security updates is possible via GET request (GET /repos/{owner}/{repo}) to a particular repo, which can have security and analysis tag in response(only if we have Advanced security license).通过 GET 请求 (GET /repos/{owner}/{repo}) 可以检查 Dependabot 安全更新的状态到一个特定的 repo,它可以有安全和分析标签作为响应(只有当我们有高级安全许可证时)。 No other way to know the status yet via API.没有其他方法可以通过 API 了解状态。

https://docs.github.com/en/rest/reference/repos#get-a-repository https://docs.github.com/en/rest/reference/repos#get-a-repository

解决方案4
 0  2023-01-22 12:35:04

As of 2023-01-10 the Repository object type now exposes a hasVulnerabilityAlertsEnabled field in the GraphQL API. So, for example, the following query:2023年 1 月 10 日起, Repository object 类型现在在 GraphQL API 中公开了一个hasVulnerabilityAlertsEnabled字段。例如,以下查询:

{
  repository(name: "platform-samples", owner: "github") {
    id
    hasVulnerabilityAlertsEnabled
  }
}

Gives the following result:给出以下结果:

{
  "data": {
    "repository": {
      "id": "MDEwOlJlcG9zaXRvcnk4NDQ1ODc3",
      "hasVulnerabilityAlertsEnabled": true
    }
  }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何检查 GitHub 存储库的存在? - How can I check the existance of a GitHub repo? 我可以从 GitHub Dependabot 中排除目录吗? - Can I exclude directories from GitHub Dependabot? 在 Github 回购协议上解除 dependabot 警报 - Undismiss dependabot allert on Github repo 我如何查看Heroku的github仓库? - How can I check out a github repo from Heroku? 如何为github.com回购启用“审阅者”功能? - How “Reviewers” feature can be enabled for github.com repo? GitHub Dependabot 没有发布到 GHCR 的权限 我如何才能授予它访问权限 - GitHub Dependabot Doesn't Have Permissions To Publish to GHCR How Can I Give It Access 我如何获得GitHub存储库的描述? - How can i get the description of a GitHub repo? 如何在不使用 github cli 的情况下登录现有的 github 存储库 - How can I log in to an existing github repo without using github cli 无法解决 github Dependabot 警报 - Can't resolve github Dependabot alert 如何从GitHub存储库中删除CircleCI检查? - How do I remove a CircleCI check from a GitHub repo?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM