REST-API-Endpunkte für Artefaktmetadaten
Verwende diese Endpunkte, um Metadaten für Artefakte in deiner Organisation abzurufen und zu verwalten. Artefaktmetadaten enthalten Informationen zu Buildartefakten, deren Herkunft und zugehörige Details.
When you view Dependabot or code scanning alerts for an organization, you can use artifact metadata to filter and prioritize alerts, see Prioritizing Dependabot and code scanning alerts using production context.
Create an artifact deployment record
Create or update deployment records for an artifact associated with an organization. This endpoint allows you to record information about a specific artifact, such as its name, digest, environments, cluster, and deployment.
Differenzierte Zugriffstoken für "Create an artifact deployment record"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss mindestens einen der folgenden Berechtigungssätze aufweisen.:
- "Contents" repository permissions (write)
- "Artifact metadata" repository permissions (write)
Parameter für „Create an artifact deployment record“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
| Name, type, BESCHREIBUNG |
|---|
name string ErforderlichThe name of the artifact. |
digest string ErforderlichThe hex encoded digest of the artifact. |
version string The artifact version. |
status string ErforderlichThe status of the artifact. Can be either deployed or decommissioned. Kann eine der Folgenden sein: |
logical_environment string ErforderlichThe stage of the deployment. |
physical_environment string The physical region of the deployment. |
cluster string The deployment cluster. |
deployment_name string ErforderlichThe name of the deployment. |
tags object The tags associated with the deployment. |
runtime_risks array of strings A list of runtime risks associated with the deployment.
Supported values are: |
github_repository string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter. |
HTTP-Antwortstatuscodes für „Create an artifact deployment record“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | Artifact deployment record stored successfully. |
Codebeispiele für „Create an artifact deployment record“
Anforderungsbeispiel
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record \
-d '{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","status":"deployed","logical_environment":"prod","physical_environment":"pacific-east","cluster":"moda-1","deployment_name":"deployment-pod","tags":{"data-access":"sensitive"}}'Artifact deployment record stored successfully.
Status: 200{
"total_count": 1,
"deployment_records": [
{
"id": 123,
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"logical_environment": "prod",
"physical_environment": "pacific-east",
"cluster": "moda-1",
"deployment_name": "prod-deployment",
"tags": {
"data": "sensitive"
},
"created": "2011-01-26T19:14:43Z",
"updated_at": "2011-01-26T19:14:43Z",
"attestation_id": 456
}
]
}Set cluster deployment records
Set deployment records for a given cluster.
Differenzierte Zugriffstoken für "Set cluster deployment records"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss mindestens einen der folgenden Berechtigungssätze aufweisen.:
- "Contents" repository permissions (write)
- "Artifact metadata" repository permissions (write)
Parameter für „Set cluster deployment records“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
cluster string ErforderlichThe cluster name. |
| Name, type, BESCHREIBUNG | |||||||||
|---|---|---|---|---|---|---|---|---|---|
logical_environment string ErforderlichThe stage of the deployment. | |||||||||
physical_environment string The physical region of the deployment. | |||||||||
deployments array of objects ErforderlichThe list of deployments to record. | |||||||||
Properties of |
| Name, type, BESCHREIBUNG |
|---|
name string ErforderlichThe name of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name parameter must also be identical across all entries. |
digest string ErforderlichThe hex encoded digest of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name and version parameters must also be identical across all entries. |
version string The artifact version. Note that if multiple deployments have identical 'digest' parameter values, the version parameter must also be identical across all entries. |
status string The deployment status of the artifact. Kann eine der Folgenden sein: |
deployment_name string ErforderlichThe unique identifier for the deployment represented by the new record. To accommodate differing containers and namespaces within a record set, the following format is recommended: {namespaceName}-{deploymentName}-{containerName} |
github_repository string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter. |
tags object Key-value pairs to tag the deployment record. |
runtime_risks array of strings A list of runtime risks associated with the deployment.
Supported values are: |
HTTP-Antwortstatuscodes für „Set cluster deployment records“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | Artifact deployment record stored successfully. |
Codebeispiele für „Set cluster deployment records“
Anforderungsbeispiel
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record/cluster/CLUSTER \
-d '{"logical_environment":"prod","physical_environment":"pacific-east","deployments":[{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","version":"2.1.0","status":"deployed","deployment_name":"deployment-pod","tags":{"runtime-risk":"sensitive-data"}}]}'Artifact deployment record stored successfully.
Status: 200{
"total_count": 1,
"deployment_records": [
{
"id": 123,
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"logical_environment": "prod",
"physical_environment": "pacific-east",
"cluster": "moda-1",
"deployment_name": "prod-deployment",
"tags": {
"data": "sensitive"
},
"created": "2011-01-26T19:14:43Z",
"updated_at": "2011-01-26T19:14:43Z",
"attestation_id": 456
}
]
}Create artifact metadata storage record
Create metadata storage records for artifacts associated with an organization. This endpoint will create a new artifact storage record on behalf of any artifact matching the provided digest and associated with a repository owned by the organization.
Differenzierte Zugriffstoken für "Create artifact metadata storage record"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss mindestens einen der folgenden Berechtigungssätze aufweisen.:
- "Contents" repository permissions (write)
- "Artifact metadata" repository permissions (write)
Parameter für „Create artifact metadata storage record“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
| Name, type, BESCHREIBUNG |
|---|
name string ErforderlichThe name of the artifact. |
digest string ErforderlichThe digest of the artifact (algorithm:hex-encoded-digest). |
version string The artifact version. |
artifact_url string The URL where the artifact is stored. |
path string The path of the artifact. |
registry_url string ErforderlichThe base URL of the artifact registry. |
repository string The repository name within the registry. |
status string The status of the artifact (e.g., active, inactive). Standard: Kann eine der Folgenden sein: |
github_repository string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter. |
HTTP-Antwortstatuscodes für „Create artifact metadata storage record“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | Artifact metadata storage record stored successfully. |
Codebeispiele für „Create artifact metadata storage record“
Anforderungsbeispiel
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/metadata/storage-record \
-d '{"name":"libfoo","version":"1.2.3","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","artifact_url":"https://reg.example.com/artifactory/bar/libfoo-1.2.3","registry_url":"https://reg.example.com/artifactory/","repository":"bar","status":"active"}'Artifact metadata storage record stored successfully.
Status: 200{
"total_count": 1,
"storage_records": [
{
"name": "libfoo",
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
"registry_url": "https://reg.example.com/artifactory/",
"repository": "bar",
"status": "active",
"created_at": "2023-10-01T12:00:00Z",
"updated_at": "2023-10-01T12:00:00Z"
}
]
}List artifact deployment records
List deployment records for an artifact metadata associated with an organization.
Differenzierte Zugriffstoken für "List artifact deployment records"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss mindestens einen der folgenden Berechtigungssätze aufweisen.:
- "Contents" repository permissions (read)
- "Artifact metadata" repository permissions (read)
Parameter für „List artifact deployment records“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
subject_digest string ErforderlichThe SHA256 digest of the artifact, in the form |
HTTP-Antwortstatuscodes für „List artifact deployment records“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | Successful response |
Codebeispiele für „List artifact deployment records“
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/deployment-recordsSuccessful response
Status: 200{
"total_count": 1,
"deployment_records": [
{
"id": 123,
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"logical_environment": "prod",
"physical_environment": "pacific-east",
"cluster": "moda-1",
"deployment_name": "prod-deployment",
"tags": {
"data": "sensitive"
},
"created": "2011-01-26T19:14:43Z",
"updated_at": "2011-01-26T19:14:43Z",
"attestation_id": 456
}
]
}List artifact storage records
List a collection of artifact storage records with a given subject digest that are associated with repositories owned by an organization.
The collection of storage records returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the content:read permission is required.
Differenzierte Zugriffstoken für "List artifact storage records"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss mindestens einen der folgenden Berechtigungssätze aufweisen.:
- "Contents" repository permissions (read)
- "Artifact metadata" repository permissions (read)
Parameter für „List artifact storage records“
| Name, type, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, type, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
subject_digest string ErforderlichThe parameter should be set to the attestation's subject's SHA256 digest, in the form |
HTTP-Antwortstatuscodes für „List artifact storage records“
| Statuscode | BESCHREIBUNG |
|---|---|
200 | OK |
Codebeispiele für „List artifact storage records“
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/storage-recordsResponse
Status: 200{
"storage_records": [
{
"name": "libfoo-1.2.3",
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
"registry_url": "https://reg.example.com/artifactory/",
"repository": "bar",
"status": "active",
"created_at": "2023-10-01T12:00:00Z",
"updated_at": "2023-10-01T12:00:00Z"
}
]
}