GET /orgs/{org}/dependabot/alerts

Lists Dependabot alerts for an organization.

The authenticated user must be an owner or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Servers

https://api.github.com

Path parameters

Name	Type	Required	Description
`org`	String	Yes	The organization name. The name is not case sensitive.

Query parameters

Name	Type	Required	Description
`sort`	String	No	The property by which to sort the results. `created` means when the alert was created. `updated` means when the alert's state last changed. `epss_percentage` sorts alerts by the Exploit Prediction Scoring System (EPSS) percentage. Possible values: `"updated"` `"epss_percentage"` `"created"` Default value: "created"
`scope`	String	No	The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. Possible values: `"runtime"` `"development"`
`first`	Integer	No	Deprecated. The number of results per page (max 100), starting from the first matching result. This parameter must not be used in combination with `last`. Instead, use `per_page` in combination with `after` to fetch the first page of results. Default value: 30
`state`	String	No	A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: `auto_dismissed`, `dismissed`, `fixed`, `open`
`epss_percentage`	String	No	CVE Exploit Prediction Scoring System (EPSS) percentage. Can be specified as: An exact number (`n`) Comparators such as `>n`, `<n`, `>=n`, `<=n` A range like `n..n`, where `n` is a number from 0.0 to 1.0 Filters the list of alerts based on EPSS percentages. If specified, only alerts with the provided EPSS percentages will be returned.
`before`	String	No	A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."
`severity`	String	No	A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: `low`, `medium`, `high`, `critical`
`ecosystem`	String	No	A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: `composer`, `go`, `maven`, `npm`, `nuget`, `pip`, `pub`, `rubygems`, `rust`
`direction`	String	No	The direction to sort the results by. Possible values: `"desc"` `"asc"` Default value: "desc"
`after`	String	No	A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."
`per_page`	Integer	No	The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default value: 30
`last`	Integer	No	Deprecated. The number of results per page (max 100), starting from the last matching result. This parameter must not be used in combination with `first`. Instead, use `per_page` in combination with `before` to fetch the last page of results.
`package`	String	No	A comma-separated list of package names. If specified, only alerts for these packages will be returned.

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.