Pricing Templates

GET /orgs/{org}/attestations/{subject_digest}

List a collection of artifact attestations with a given subject digest that are associated with repositories owned by an organization.

The collection of attestations returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the attestations:read permission is required.

Please note: in order to offer meaningful security benefits, an attestation's signature and timestamps must be cryptographically verified, and the identity of the attestation signer must be validated. Attestations can be verified using the GitHub CLI attestation verify command. For more information, see our guide on how to use artifact attestations to establish a build's provenance.

Servers

https://api.github.com

Path parameters

Name	Type	Required	Description
`subject_digest`	String	Yes	The parameter should be set to the attestation's subject's SHA256 digest, in the form `sha256:HEX_DIGEST`.
`org`	String	Yes	The organization name. The name is not case sensitive.

Query parameters

Name	Type	Required	Description
`predicate_type`	String	No	Optional filter for fetching attestations with a given predicate type. This option accepts `provenance`, `sbom`, or freeform text for custom predicate types.
`per_page`	Integer	No	The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default value: 30
`after`	String	No	A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."
`before`	String	No	A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.

All third party trademarks (including logos and icons) are the property of their respective owners, which do not sponsor, authorize, or endorse this website.

Pricing Templates Integrations Blog Contact Us Help

Terms of Service Privacy Policy