RepositoryVulnerabilityAlert [object]
A Dependabot alert for a repository with a dependency affected by a security vulnerability.
Implements
RepositoryNode [interface]
Represents a object that belongs to a repository.
Attributes
The repository associated with this node.
Attributes
DateTime [scalar]
An ISO-8601 encoded UTC date string.
When was the alert auto-dismissed?
When was the alert created?
DependabotUpdate [object]
A Dependabot Update for a dependency in a repository
Implements
Attributes
The error from a dependency update
The associated pull request
The repository associated with this node.
The associated Dependabot update
RepositoryVulnerabilityAlertDependencyScope [enum]
The possible scopes of an alert's dependency.
Possible values
A dependency that is only used in development
A dependency that is leveraged during application runtime
The scope of an alert's dependency
String [scalar]
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Comment explaining the reason the alert was dismissed
String [scalar]
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
The reason the alert was dismissed
When was the alert dismissed?
User [object]
A user is an individual's account on GitHub that owns repositories and can make new content.
Implements
Attributes
Determine if this repository owner has any items that can be pinned to their profile.
A URL pointing to the user's public avatar.
The user's public profile bio.
The user's public profile bio as HTML.
Could this user receive email notifications, if the organization had notification restrictions enabled?
A list of commit comments made by this user.
The user's public profile company.
The user's public profile company as HTML.
The collection of contributions this user has made to different repositories.
Identifies the date and time when the object was created.
Identifies the primary key from the database.
The user's publicly visible profile email.
A list of enterprises that the user belongs to.
The estimated next GitHub Sponsors payout for this user/organization in cents (USD).
A list of users the given user is followed by.
A list of users the given user is following.
Find gist by repo name.
A list of gist comments made by this user.
A list of the Gists the user has created.
True if this user/organization has a GitHub Sponsors listing.
The hovercard information for this user in a given context
The Node ID of the User object
The interaction ability settings for this user.
Whether or not this user is a participant in the GitHub Security Bug Bounty.
Whether or not this user is a participant in the GitHub Campus Experts Program.
Whether or not this user is a GitHub Developer Program member.
Whether or not this user is a GitHub employee.
Whether or not this user is following the viewer. Inverse of viewerIsFollowing
Whether or not this user is a member of the GitHub Stars Program.
Whether or not the user has marked themselves as for hire.
Whether or not this user is a site administrator.
Whether the given account is sponsoring this user/organization.
True if the viewer is sponsored by this user/organization.
Whether or not this user is the viewing user.
A list of issue comments made by this user.
A list of issues associated with this user.
Showcases a selection of repositories and gists that the profile owner has
either curated or that have been selected automatically based on popularity.
Calculate how much each sponsor has ever paid total to this maintainer via
GitHub Sponsors. Does not include sponsorships paid via Patreon.
A user-curated list of repositories
The user's public profile location.
The username used to login.
The estimated monthly GitHub Sponsors income for this user/organization in cents (USD).
The user's public profile name.
Find an organization by its login that the user belongs to.
Verified email addresses that match verified domains for a specified organization the user is a member of.
A list of organizations the user belongs to.
A list of packages under the owner.
A list of repositories and gists this profile owner can pin to their profile.
A list of repositories and gists this profile owner has pinned to their profile
Returns how many more items this profile owner can pin to their profile.
Find project by number.
Find a project by number.
A list of projects under the owner.
The HTTP path listing user's projects
The HTTP URL listing user's projects
A list of projects under the owner.
The user's profile pronouns
A list of public keys associated with this user.
A list of pull requests associated with this user.
Recent projects that this user has modified in the context of the owner.
A list of repositories that the user owns.
A list of repositories that the user recently contributed to.
Find Repository.
Discussion comments this user has authored.
Discussions this user has started.
The HTTP path for this user
Replies this user has saved
The user's social media accounts, ordered as they appear on the user's profile.
List of users and organizations this entity is sponsoring.
List of sponsors for this user or organization.
Events involving this sponsorable, such as new sponsorships.
The GitHub Sponsors listing for this user or organization.
The sponsorship from the viewer to this user/organization; that is, the sponsorship where you're the sponsor.
The sponsorship from this user/organization to the viewer; that is, the sponsorship you're receiving.
List of sponsorship updates sent from this sponsorable to sponsors.
The sponsorships where this user or organization is the maintainer receiving the funds.
The sponsorships where this user or organization is the funder.
Repositories the user has starred.
The user's description of what they're currently doing.
Suggested names for user lists
Repositories the user has contributed to, ordered by contribution rank, plus repositories the user has created
The amount in United States cents (e.g., 500 = $5.00 USD) that this entity has
spent on GitHub to fund sponsorships. Only returns a value when viewed by the
user themselves or by a user who can manage sponsorships for the requested organization.
The user's Twitter username.
Identifies the date and time when the object was last updated.
The HTTP URL for this user
Can the viewer pin repositories and gists to the profile?
Can the current viewer create new projects on this owner.
Whether or not the viewer is able to follow the user.
Whether or not the viewer is able to sponsor this user/organization.
Whether or not this user is followed by the viewer. Inverse of isFollowingViewer.
True if the viewer is sponsoring this user/organization.
A list of repositories the given user is watching.
A URL pointing to the user's public website/blog.
The user who dismissed the alert
When was the alert fixed?
ID [scalar]
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
The Node ID of the RepositoryVulnerabilityAlert object
Int [scalar]
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Identifies the alert number.
Repository [object]
A repository contains the content for a project.
Implements
Attributes
Whether or not a pull request head branch that is behind its base branch can
always be updated even if it is not required to be up to date before merging.
Identifies the date and time when the repository was archived.
A list of users that can be assigned to issues in this repository.
Whether or not Auto-merge can be enabled on pull requests in this repository.
A list of branch protection rules for this repository.
Returns the code of conduct for this repository
Information extracted from the repository's CODEOWNERS file.
A list of collaborators associated with the repository.
A list of commit comments associated with the repository.
Returns a list of contact links associated to the repository
Returns the contributing guidelines for this repository.
Identifies the date and time when the object was created.
Identifies the primary key from the database.
The Ref associated with the repository's default branch.
Whether or not branches are automatically deleted when merged in this repository.
A list of dependency manifests contained in the repository
A list of deploy keys that are on this repository.
Deployments associated with the repository
The description of the repository.
The description of the repository rendered to HTML.
Returns a single discussion from the current repository by number.
A list of discussion categories that are available in the repository.
A discussion category by slug.
A list of discussions that have been opened in the repository.
The number of kilobytes this repository occupies on disk.
Returns a single active environment from the current repository by name.
A list of environments that are in this repository.
Returns how many forks there are of this repository in the whole network.
Whether this repository allows forks.
A list of direct forked repositories.
The funding links for this repository
Indicates if the repository has the Discussions feature enabled.
Indicates if the repository has issues feature enabled.
Indicates if the repository has the Projects feature enabled.
Indicates if the repository displays a Sponsor button for financial contributions.
Whether vulnerability alerts are enabled for the repository.
Indicates if the repository has wiki feature enabled.
The repository's URL.
The Node ID of the Repository object
The interaction ability settings for this repository.
Indicates if the repository is unmaintained.
Returns true if blank issue creation is allowed
Returns whether or not this repository disabled.
Returns whether or not this repository is empty.
Identifies if the repository is a fork.
Indicates if a repository is either owned by an organization, or is a private fork of an organization repository.
Indicates if the repository has been locked or not.
Identifies if the repository is a mirror.
Identifies if the repository is private or internal.
Returns true if this repository has a security policy
Identifies if the repository is a template that can be used to generate new repositories.
Is this repository a user configuration repository?
Returns a single issue from the current repository by number.
Returns a single issue-like object from the current repository by number.
Returns a list of issue templates associated to the repository
A list of issues that have been opened in the repository.
Returns a single label by name
A list of labels associated with the repository.
A list containing a breakdown of the language composition of the repository.
Get the latest release for the repository if one exists.
The license associated with the repository
The reason the repository has been locked.
A list of Users that can be mentioned in the context of the repository.
Whether or not PRs are merged with a merge commit on this repository.
How the default commit message will be generated when merging a pull request.
How the default commit title will be generated when merging a pull request.
The merge queue for a specified branch, otherwise the default branch if not provided.
Returns a single milestone from the current repository by number.
A list of milestones associated with the repository.
The repository's original mirror URL.
The name of the repository.
The repository's name with owner.
A Git object in the repository
The image used to represent this repository in Open Graph data.
The User owner of the repository.
A list of packages under the owner.
The repository parent, if this is a fork.
A list of discussions that have been pinned in this repository.
A list of pinned issues for this repository.
The primary language of the repository's code.
Find project by number.
Finds and returns the Project according to the provided Project number.
A list of projects under the owner.
The HTTP path listing the repository's projects
The HTTP URL listing the repository's projects
List of projects linked to this repository.
Returns a single pull request from the current repository by number.
Returns a list of pull request templates associated to the repository
A list of pull requests that have been opened in the repository.
Identifies the date and time when the repository was last pushed to.
Whether or not rebase-merging is enabled on this repository.
Recent projects that this user has modified in the context of the owner.
Fetch a given ref from the repository
Fetch a list of refs from the repository
Lookup a single release given various criteria.
List of releases which are dependent on this repository.
A list of applied repository-topic associations for this repository.
The HTTP path for this repository
Returns a single ruleset from the current repository by ID.
A list of rulesets for this repository.
The security policy URL.
A description of the repository, rendered to HTML without any links in it.
Whether or not squash-merging is enabled on this repository.
How the default commit message will be generated when squash merging a pull request.
How the default commit title will be generated when squash merging a pull request.
Whether a squash merge commit can use the pull request title as default.
The SSH URL to clone this repository
Returns a count of how many stargazers there are on this object
A list of users who have starred this starrable.
Returns a list of all submodules in this repository parsed from the
.gitmodules file as of the default branch's HEAD commit.
Temporary authentication token for cloning this repository.
The repository from which this repository was generated, if any.
Identifies the date and time when the object was last updated.
The HTTP URL for this repository
Whether this repository has a custom image to use with Open Graph as opposed to being represented by the owner's avatar.
Indicates whether the viewer has admin permissions on this repository.
Can the current viewer create new projects on this owner.
Check if the viewer is able to change their subscription status for the repository.
Indicates whether the viewer can update the topics of this repository.
The last commit email for the viewer.
The last used merge method by the viewer or the default for the repository.
Returns a boolean indicating whether the viewing user has starred this starrable.
The users permission level on the repository. Will return null if authenticated as an GitHub App.
A list of emails this viewer can commit with.
Identifies if the viewer is watching, not watching, or ignoring the subscribable entity.
Indicates the repository's visibility level.
Returns a single vulnerability alert from the current repository by number.
A list of vulnerability alerts that are on this repository.
A list of users watching the repository.
Whether contributors are required to sign off on web-based commits in this repository.
The associated repository
SecurityAdvisory [object]
A GitHub Security Advisory
Implements
Attributes
The classification of the advisory
The CVSS associated with this advisory
CWEs associated with this Advisory
Identifies the primary key from the database.
This is a long plaintext description of the advisory
The GitHub Security Advisory ID
The Node ID of the SecurityAdvisory object
A list of identifiers for this advisory
The permalink for the advisory's dependabot alerts page
The organization that originated the advisory
The permalink for the advisory
When the advisory was published
A list of references for this advisory
The severity of the advisory
A short plaintext summary of the advisory
When the advisory was last updated
Vulnerabilities associated with this Advisory
When the advisory was withdrawn, if it has been withdrawn
The associated security advisory
SecurityVulnerability [object]
An individual vulnerability within an Advisory
Attributes
The Advisory associated with this Vulnerability
The first version containing a fix for the vulnerability
A description of the vulnerable package
The severity of the vulnerability within this package
When the vulnerability was last updated
A string that describes the vulnerable package versions.
This string follows a basic syntax with a few forms.
= 0.2.0denotes a single vulnerable version.<= 1.0.8denotes a version range up to and including the specified version< 0.1.11denotes a version range up to, but excluding, the specified version>= 4.3.0, < 4.3.5denotes a version range with a known minimum and maximum version.>= 0.0.1denotes a version range with a known minimum, but no known maximum
The associated security vulnerability
RepositoryVulnerabilityAlertState [enum]
The possible states of an alert
Possible values
An alert that has been automatically closed by Dependabot.
An alert that has been manually closed by a user.
An alert that has been resolved by a code change.
An alert that is still open.
Identifies the state of the alert.
String [scalar]
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
The vulnerable manifest filename
String [scalar]
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
The vulnerable manifest path
String [scalar]
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
The vulnerable requirements