Preview the new Vulnerability Alerts and Dependency Graph APIs and Webhooks
We're releasing a Dependency Graph API in GraphQL that enables you to retrieve information about a repository's dependency graph. But that's not all; we are also adding a lightweight Repository Vulnerability Alerts API in GraphQL so you can get your security alerts through the API. You can stay up-to-date with the most recent changes using a webhooks that trigger when alerts are created, dismissed, or resolved.
Dependency Graph GraphQL API
We're introducing a new connection on Repository
called dependencyGraphManifests
which enables you to retrieve data about a repository's dependencies. Public repositories have dependency graph and security alerts enabled by default. For private repositories, you’ll need to Allow access in the Dependency graph section of your repository’s Insights tab.
To access this new API during the preview period, you must provide a custom media type in the Accept
header:
application/vnd.github.hawkgirl-preview
Repository Vulnerability Alerts GraphQL API
We're introducing a new connection on Repository
called vulnerabilityAlerts
which enables you to retrieve data about a repository's security alerts.
To access this new API during the preview period, you must provide a custom media type in the Accept
header:
application/vnd.github.vixen-preview
Repository Vulnerability Alerts Webhooks
We're introducing a new webhook event for repositories called repository_vulnerability_alert
. You can get webhooks for create
, dismiss
, and resolve
actions.
During the preview period, we may change aspects of these APIs based on developer feedback. If we do, we will announce the changes here on the developer blog, but we will not provide any advance notice.
If you have any questions or feedback, please let us know!