alerts
Creates, updates, deletes, gets or lists an alerts resource.
Overview
| Name | alerts |
| Type | Resource |
| Id | github.dependabot.alerts |
Fields
The following fields are returned by SELECT queries:
- get_alert
- list_alerts_for_repo
- list_alerts_for_enterprise
- list_alerts_for_org
Response
| Name | Datatype | Description |
|---|---|---|
assignees | array | The users assigned to this alert. |
auto_dismissed_at | string (date-time) | The time that the alert was auto-dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
created_at | string (date-time) | The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
dependency | object | Details for the vulnerable dependency. |
dismissal_request | object | Information about an active dismissal request for this Dependabot alert. (title: Dependabot alert dismissal request) |
dismissed_at | string (date-time) | The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
dismissed_by | object | A GitHub user. (title: Simple User) |
dismissed_comment | string | An optional comment associated with the alert's dismissal. |
dismissed_reason | string | The reason that the alert was dismissed. (fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk) |
fixed_at | string (date-time) | The time that the alert was no longer detected and was considered fixed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
html_url | string (uri) | The GitHub URL of the alert resource. |
number | integer | The security alert number. |
security_advisory | object | Details for the GitHub Security Advisory. |
security_vulnerability | object | Details pertaining to one vulnerable version range for the advisory. |
state | string | The state of the Dependabot alert. (auto_dismissed, dismissed, fixed, open) |
updated_at | string (date-time) | The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
url | string (uri) | The REST API URL of the alert resource. |
Response
| Name | Datatype | Description |
|---|---|---|
assignees | array | The users assigned to this alert. |
auto_dismissed_at | string (date-time) | The time that the alert was auto-dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
created_at | string (date-time) | The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
dependency | object | Details for the vulnerable dependency. |
dismissal_request | object | Information about an active dismissal request for this Dependabot alert. (title: Dependabot alert dismissal request) |
dismissed_at | string (date-time) | The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
dismissed_by | object | A GitHub user. (title: Simple User) |
dismissed_comment | string | An optional comment associated with the alert's dismissal. |
dismissed_reason | string | The reason that the alert was dismissed. (fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk) |
fixed_at | string (date-time) | The time that the alert was no longer detected and was considered fixed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
html_url | string (uri) | The GitHub URL of the alert resource. |
number | integer | The security alert number. |
security_advisory | object | Details for the GitHub Security Advisory. |
security_vulnerability | object | Details pertaining to one vulnerable version range for the advisory. |
state | string | The state of the Dependabot alert. (auto_dismissed, dismissed, fixed, open) |
updated_at | string (date-time) | The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
url | string (uri) | The REST API URL of the alert resource. |
Response
| Name | Datatype | Description |
|---|---|---|
assignees | array | The users assigned to this alert. |
auto_dismissed_at | string (date-time) | The time that the alert was auto-dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
created_at | string (date-time) | The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
dependency | object | Details for the vulnerable dependency. |
dismissal_request | object | Information about an active dismissal request for this Dependabot alert. (title: Dependabot alert dismissal request) |
dismissed_at | string (date-time) | The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
dismissed_by | object | A GitHub user. (title: Simple User) |
dismissed_comment | string | An optional comment associated with the alert's dismissal. |
dismissed_reason | string | The reason that the alert was dismissed. (fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk) |
fixed_at | string (date-time) | The time that the alert was no longer detected and was considered fixed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
html_url | string (uri) | The GitHub URL of the alert resource. |
number | integer | The security alert number. |
repository | object | A GitHub repository. (title: Simple Repository) |
security_advisory | object | Details for the GitHub Security Advisory. |
security_vulnerability | object | Details pertaining to one vulnerable version range for the advisory. |
state | string | The state of the Dependabot alert. (auto_dismissed, dismissed, fixed, open) |
updated_at | string (date-time) | The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
url | string (uri) | The REST API URL of the alert resource. |
Response
| Name | Datatype | Description |
|---|---|---|
assignees | array | The users assigned to this alert. |
auto_dismissed_at | string (date-time) | The time that the alert was auto-dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
created_at | string (date-time) | The time that the alert was created in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
dependency | object | Details for the vulnerable dependency. |
dismissal_request | object | Information about an active dismissal request for this Dependabot alert. (title: Dependabot alert dismissal request) |
dismissed_at | string (date-time) | The time that the alert was dismissed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
dismissed_by | object | A GitHub user. (title: Simple User) |
dismissed_comment | string | An optional comment associated with the alert's dismissal. |
dismissed_reason | string | The reason that the alert was dismissed. (fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk) |
fixed_at | string (date-time) | The time that the alert was no longer detected and was considered fixed in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
html_url | string (uri) | The GitHub URL of the alert resource. |
number | integer | The security alert number. |
repository | object | A GitHub repository. (title: Simple Repository) |
security_advisory | object | Details for the GitHub Security Advisory. |
security_vulnerability | object | Details pertaining to one vulnerable version range for the advisory. |
state | string | The state of the Dependabot alert. (auto_dismissed, dismissed, fixed, open) |
updated_at | string (date-time) | The time that the alert was last updated in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
url | string (uri) | The REST API URL of the alert resource. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_alert | select | owner, repo, alert_number | OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead. | |
list_alerts_for_repo | select | owner, repo | classification, state, severity, ecosystem, package, manifest, epss_percentage, has, assignee, scope, sort, direction, before, after, per_page | OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead. |
list_alerts_for_enterprise | select | enterprise | classification, state, severity, ecosystem, package, epss_percentage, has, assignee, scope, sort, direction, before, after, per_page | Lists Dependabot alerts for repositories that are owned by the specified enterprise. The authenticated user must be a member of the enterprise to use this endpoint. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization." OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. |
list_alerts_for_org | select | org | classification, state, severity, ecosystem, package, epss_percentage, artifact_registry_url, artifact_registry, has, assignee, runtime_risk, scope, sort, direction, before, after, per_page | Lists Dependabot alerts for an organization. The authenticated user must be an owner or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead. |
update_alert | update | owner, repo, alert_number, state, assignees | The authenticated user must have access to security alerts for the repository to use this endpoint. For more information, see "Granting access to security alerts." OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
alert_number | integer | The number that identifies a Dependabot alert in its repository. You can find this at the end of the URL for a Dependabot alert within GitHub, or in number fields in the response from the GET /repos/{owner}/{repo}/dependabot/alerts operation. |
enterprise | string | The slug version of the enterprise name. |
org | string | The organization name. The name is not case sensitive. |
owner | string | The account owner of the repository. The name is not case sensitive. |
repo | string | The name of the repository without the .git extension. The name is not case sensitive. |
after | string | A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
artifact_registry | string | A comma-separated list of Artifact Registry name strings. If specified, only alerts for repositories with storage records matching these registries will be returned. Can be: jfrog-artifactory |
artifact_registry_url | string | A comma-separated list of artifact registry URLs. If specified, only alerts for repositories with storage records matching these URLs will be returned. |
assignee | string | Filter alerts by assignees. Provide a comma-separated list of user handles (e.g., octocat or octocat,hubot) to return alerts assigned to any of the specified users. Use * to list alerts with at least one assignee or none to list alerts with no assignees. |
before | string | A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
classification | string | A comma-separated list of vulnerability classifications. If specified, only alerts for vulnerabilities with these classifications will be returned. Can be: malware, general |
direction | string | The direction to sort the results by. |
ecosystem | string | A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: composer, go, maven, npm, nuget, pip, pub, rubygems, rust |
epss_percentage | string | CVE Exploit Prediction Scoring System (EPSS) percentage. Can be specified as: - An exact number (n) - Comparators such as >n, <n, >=n, <=n - A range like n..n, where n is a number from 0.0 to 1.0 Filters the list of alerts based on EPSS percentages. If specified, only alerts with the provided EPSS percentages will be returned. |
has | | Filters the list of alerts based on whether the alert has the given value. If specified, only alerts meeting this criterion will be returned. Multiple has filters can be passed to filter for alerts that have all of the values. |
manifest | string | A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned. |
package | string | A comma-separated list of package names. If specified, only alerts for these packages will be returned. |
per_page | integer | The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
runtime_risk | string | A comma-separated list of runtime risk strings. If specified, only alerts for repositories with deployment records matching these risks will be returned. Can be: critical-resource, internet-exposed, sensitive-data, lateral-movement |
scope | string | The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. |
severity | string | A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: low, medium, high, critical |
sort | string | The property by which to sort the results. created means when the alert was created. updated means when the alert's state last changed. epss_percentage sorts alerts by the Exploit Prediction Scoring System (EPSS) percentage. |
state | string | A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: auto_dismissed, dismissed, fixed, open |
SELECT examples
- get_alert
- list_alerts_for_repo
- list_alerts_for_enterprise
- list_alerts_for_org
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
SELECT
assignees,
auto_dismissed_at,
created_at,
dependency,
dismissal_request,
dismissed_at,
dismissed_by,
dismissed_comment,
dismissed_reason,
fixed_at,
html_url,
number,
security_advisory,
security_vulnerability,
state,
updated_at,
url
FROM github.dependabot.alerts
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
AND alert_number = '{{ alert_number }}' -- required
;
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
SELECT
assignees,
auto_dismissed_at,
created_at,
dependency,
dismissal_request,
dismissed_at,
dismissed_by,
dismissed_comment,
dismissed_reason,
fixed_at,
html_url,
number,
security_advisory,
security_vulnerability,
state,
updated_at,
url
FROM github.dependabot.alerts
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
AND classification = '{{ classification }}'
AND state = '{{ state }}'
AND severity = '{{ severity }}'
AND ecosystem = '{{ ecosystem }}'
AND package = '{{ package }}'
AND manifest = '{{ manifest }}'
AND epss_percentage = '{{ epss_percentage }}'
AND has = '{{ has }}'
AND assignee = '{{ assignee }}'
AND scope = '{{ scope }}'
AND sort = '{{ sort }}'
AND direction = '{{ direction }}'
AND before = '{{ before }}'
AND after = '{{ after }}'
AND per_page = '{{ per_page }}'
;
Lists Dependabot alerts for repositories that are owned by the specified enterprise.
The authenticated user must be a member of the enterprise to use this endpoint.
Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization."
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint.
SELECT
assignees,
auto_dismissed_at,
created_at,
dependency,
dismissal_request,
dismissed_at,
dismissed_by,
dismissed_comment,
dismissed_reason,
fixed_at,
html_url,
number,
repository,
security_advisory,
security_vulnerability,
state,
updated_at,
url
FROM github.dependabot.alerts
WHERE enterprise = '{{ enterprise }}' -- required
AND classification = '{{ classification }}'
AND state = '{{ state }}'
AND severity = '{{ severity }}'
AND ecosystem = '{{ ecosystem }}'
AND package = '{{ package }}'
AND epss_percentage = '{{ epss_percentage }}'
AND has = '{{ has }}'
AND assignee = '{{ assignee }}'
AND scope = '{{ scope }}'
AND sort = '{{ sort }}'
AND direction = '{{ direction }}'
AND before = '{{ before }}'
AND after = '{{ after }}'
AND per_page = '{{ per_page }}'
;
Lists Dependabot alerts for an organization.
The authenticated user must be an owner or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
SELECT
assignees,
auto_dismissed_at,
created_at,
dependency,
dismissal_request,
dismissed_at,
dismissed_by,
dismissed_comment,
dismissed_reason,
fixed_at,
html_url,
number,
repository,
security_advisory,
security_vulnerability,
state,
updated_at,
url
FROM github.dependabot.alerts
WHERE org = '{{ org }}' -- required
AND classification = '{{ classification }}'
AND state = '{{ state }}'
AND severity = '{{ severity }}'
AND ecosystem = '{{ ecosystem }}'
AND package = '{{ package }}'
AND epss_percentage = '{{ epss_percentage }}'
AND artifact_registry_url = '{{ artifact_registry_url }}'
AND artifact_registry = '{{ artifact_registry }}'
AND has = '{{ has }}'
AND assignee = '{{ assignee }}'
AND runtime_risk = '{{ runtime_risk }}'
AND scope = '{{ scope }}'
AND sort = '{{ sort }}'
AND direction = '{{ direction }}'
AND before = '{{ before }}'
AND after = '{{ after }}'
AND per_page = '{{ per_page }}'
;
UPDATE examples
- update_alert
The authenticated user must have access to security alerts for the repository to use this endpoint. For more information, see "Granting access to security alerts."
OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
UPDATE github.dependabot.alerts
SET
state = '{{ state }}',
dismissed_reason = '{{ dismissed_reason }}',
dismissed_comment = '{{ dismissed_comment }}',
assignees = '{{ assignees }}'
WHERE
owner = '{{ owner }}' --required
AND repo = '{{ repo }}' --required
AND alert_number = '{{ alert_number }}' --required
AND state = '{{ state }}' --required
AND assignees = '{{ assignees }}' --required
RETURNING
assignees,
auto_dismissed_at,
created_at,
dependency,
dismissal_request,
dismissed_at,
dismissed_by,
dismissed_comment,
dismissed_reason,
fixed_at,
html_url,
number,
security_advisory,
security_vulnerability,
state,
updated_at,
url;