POST /repos/{owner}/{repo}/dependency-graph/snapshots

Create a new snapshot of a repository's dependencies.

The authenticated user must have access to the repository.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.

Servers

https://api.github.com

Path parameters

Name	Type	Required	Description
`repo`	String	Yes	The name of the repository without the `.git` extension. The name is not case sensitive.
`owner`	String	Yes	The account owner of the repository. The name is not case sensitive.

Request headers

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"

Request body fields

Name	Type	Required	Description
`sha`	String	Yes	The commit SHA associated with this dependency snapshot. Maximum length: 40 characters.
`detector`	Object	Yes	A description of the detector used.
`detector.name`	String	Yes	The name of the detector used.
`detector.url`	String	Yes	The url of the detector used.
`detector.version`	String	Yes	The version of the detector used.
`job`	Object	Yes
`job.id`	String	Yes	The external ID of the job.
`job.correlator`	String	Yes	Correlator provides a key that is used to group snapshots submitted over time. Only the "latest" submitted snapshot for a given combination of `job.correlator` and `detector.name` will be considered when calculating a repository's current dependencies. Correlator should be as unique as it takes to distinguish all detection runs for a given "wave" of CI workflow you run. If you're using GitHub Actions, a good default value for this could be the environment variables GITHUB_WORKFLOW and GITHUB_JOB concatenated together. If you're using a build matrix, then you'll also need to add additional key(s) to distinguish between each submission inside a matrix variation.
`job.html_url`	String	No	The url for the job.
`scanned`	String	Yes	The time at which the snapshot was scanned.
`manifests`	Object	No	A collection of package manifests, which are a collection of related dependencies declared in a file or representing a logical group of dependencies.
`manifests.name`	Object	No
`manifests.name.name`	String	Yes	The name of the manifest.
`manifests.name.metadata`	Object	No	User-defined metadata to store domain-specific information limited to 8 keys with scalar values.
`manifests.name.resolved`	Object	No	A collection of resolved package dependencies.
`manifests.name.resolved.name`	Object	No
`manifests.name.resolved.name.dependencies[]`	Array	No	Array of package-url (PURLs) of direct child dependencies.
`manifests.name.resolved.name.package_url`	String	No	Package-url (PURL) of dependency. See https://github.com/package-url/purl-spec for more details.
`manifests.name.resolved.name.metadata`	Object	No	User-defined metadata to store domain-specific information limited to 8 keys with scalar values.
`manifests.name.resolved.name.relationship`	String	No	A notation of whether a dependency is requested directly by this manifest or is a dependency of another dependency. Possible values: `"indirect"` `"direct"`
`manifests.name.resolved.name.scope`	String	No	A notation of whether the dependency is required for the primary build artifact (runtime) or is only used for development. Future versions of this specification may allow for more granular scopes. Possible values: `"runtime"` `"development"`
`manifests.name.file`	Object	No
`manifests.name.file.source_location`	String	No	The path of the manifest file relative to the root of the Git repository.
`version`	Integer	Yes	The version of the repository snapshot submission.
`ref`	String	Yes	The repository branch that triggered this snapshot.
`metadata`	Object	No	User-defined metadata to store domain-specific information limited to 8 keys with scalar values.

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.