From db8473bbdf5616a506e9e2b27557791f01c14495 Mon Sep 17 00:00:00 2001 From: Kynan Ware <47394200+BagToad@users.noreply.github.com> Date: Tue, 14 Apr 2026 14:10:32 -0600 Subject: [PATCH 1/5] Add GitHub CLI tab to Copilot code review page (#60149) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com> --- .../copilot/concepts/agents/code-review.md | 1 + .../request-a-code-review/use-code-review.md | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/content/copilot/concepts/agents/code-review.md b/content/copilot/concepts/agents/code-review.md index 15d9cbcf3116..c2f4d94eb787 100644 --- a/content/copilot/concepts/agents/code-review.md +++ b/content/copilot/concepts/agents/code-review.md @@ -26,6 +26,7 @@ This article provides an overview of {% data variables.copilot.copilot_code-revi {% data variables.copilot.copilot_code-review_short %} is supported in: * {% data variables.product.prodname_dotcom_the_website %} +* {% data variables.product.prodname_cli %} * {% data variables.product.prodname_mobile %} * {% data variables.product.prodname_vscode_shortname %} * {% data variables.product.prodname_vs %} diff --git a/content/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review.md b/content/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review.md index af4667d86ae9..467fa8a47db1 100644 --- a/content/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review.md +++ b/content/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review.md @@ -235,3 +235,43 @@ These instructions explain how to use {% data variables.copilot.copilot_code-rev 1. If there is more than one comment, use the up and down arrows, at the top right of the popup, to navigate between comments. {% endjetbrains %} + +{% cli %} + +## Prerequisites + +* **Access to {% data variables.product.prodname_copilot_short %}**. {% data reusables.copilot.subscription-prerequisite %} +* **{% data variables.product.prodname_cli %}**. You must have the {% data variables.product.prodname_cli %} installed and authenticated. See [AUTOTITLE](/github-cli/github-cli/quickstart). + +## Using {% data variables.copilot.copilot_code-review_short %} + +These instructions explain how to use {% data variables.copilot.copilot_code-review_short %} with the {% data variables.product.prodname_cli %}. To see instructions for other popular coding environments, click the appropriate tab at the top of the page. + +### Requesting a review when creating a pull request + +You can request a review from {% data variables.product.prodname_copilot_short %} when creating a new pull request using `gh pr create`: + +```shell copy +gh pr create --reviewer @copilot +``` + +You can also select {% data variables.product.prodname_copilot_short %} interactively from the searchable reviewer prompt during `gh pr create`. + +```text +? Reviewers [Use arrows to move, space to select, to all, to none, type to filter] + [ ] Search (7472 more) + [x] monalisa (Mona Lisa) +> [x] Copilot (AI) +``` + +### Requesting a review on an existing pull request + +To request a review from {% data variables.product.prodname_copilot_short %} on an existing pull request, use `gh pr edit`. If you are not on the pull request's branch, specify the pull request number: + +```shell copy +gh pr edit PR-NUMBER --add-reviewer @copilot +``` + +Replace `PR-NUMBER` with the number of the pull request you want reviewed. If you have the pull request's branch checked out, you can omit the number. + +{% endcli %} From a37d99191cb9ee0daccd08aa6fc3e9d116dfbc0f Mon Sep 17 00:00:00 2001 From: Steve S Date: Tue, 14 Apr 2026 16:52:02 -0400 Subject: [PATCH 2/5] Pass feature checks to internal link checker (#60769) --- src/links/scripts/check-links-internal.ts | 28 ++++++++++++++--------- src/versions/middleware/features.ts | 6 ++--- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/links/scripts/check-links-internal.ts b/src/links/scripts/check-links-internal.ts index 54e3aa8f5882..c957fff48065 100644 --- a/src/links/scripts/check-links-internal.ts +++ b/src/links/scripts/check-links-internal.ts @@ -41,6 +41,7 @@ import { uploadArtifact } from '@/links/scripts/upload-artifact' import { createReportIssue, linkReports } from '@/workflows/issue-report' import github from '@/workflows/github' import excludedLinks from '@/links/lib/excluded-links' +import { getFeaturesByVersion } from '@/versions/middleware/features' import type { Page, Permalink, Context } from '@/types' import * as coreLib from '@actions/core' @@ -171,6 +172,17 @@ async function checkVersion( console.log(` Checking ${relevantPages.length} pages for ${version}/${language}`) + // Build a base context once per version — feature flags and version info are the same for all pages + const baseContext: Context = { + currentVersion: version, + currentLanguage: language, + currentVersionObj: versionObj, + [versionObj.shortName]: true, + pages: pageMap, + redirects, + ...getFeaturesByVersion(version), + } as Context + for (const page of relevantPages) { // Find the permalink for this version const permalink = page.permalinks?.find((p) => p.pageVersion === version) @@ -178,18 +190,12 @@ async function checkVersion( totalPagesChecked++ - // Create context for rendering - const context: Context = { - currentVersion: version, - currentLanguage: language, - currentVersionObj: versionObj, - page, - pages: pageMap, - redirects, - } as Context + // Mutate the page property in place — safe because the loop is sequential (each iteration + // awaits before the next begins), so there is no concurrent access to baseContext. + baseContext.page = page // Get links from rendered page - const links = await getLinksFromRenderedPage(page, permalink, context) + const links = await getLinksFromRenderedPage(page, permalink, baseContext) totalLinksChecked += links.length // Check each link @@ -233,7 +239,7 @@ async function checkVersion( // Check anchors if enabled if (options.checkAnchors) { - const anchorFlaws = await checkAnchorsOnPage(page, permalink, context) + const anchorFlaws = await checkAnchorsOnPage(page, permalink, baseContext) brokenLinks.push(...anchorFlaws) } diff --git a/src/versions/middleware/features.ts b/src/versions/middleware/features.ts index 7467a847d313..5870e701477e 100644 --- a/src/versions/middleware/features.ts +++ b/src/versions/middleware/features.ts @@ -26,8 +26,8 @@ type FeatureVersions = { let allFeatures: Record -const cache = new Map() -function getFeaturesByVersion(currentVersion: string): Record { +const cache = new Map>() +export function getFeaturesByVersion(currentVersion: string): Record { if (!cache.has(currentVersion)) { if (!allFeatures) { // As of Oct 2022, the `data/features/**` reading is *not* JIT. @@ -55,5 +55,5 @@ function getFeaturesByVersion(currentVersion: string): Record { cache.set(currentVersion, featureFlags) } - return cache.get(currentVersion) + return cache.get(currentVersion) as Record } From 6310125da98e44e18a611ce3d76c5579b8119420 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 14 Apr 2026 23:15:37 +0200 Subject: [PATCH 3/5] Explain what a pull request merge branch is (#60712) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com> --- .../events-that-trigger-workflows.md | 11 +++++++++- .../about-pull-requests.md | 20 +++++++++++++++++++ data/reusables/actions/ref-description.md | 2 +- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md b/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md index 18ea075b2636..186211d44b84 100644 --- a/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md +++ b/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md @@ -515,7 +515,16 @@ on: Runs your workflow when activity on a pull request in the workflow's repository occurs. For example, if no activity types are specified, the workflow runs when a pull request is opened or reopened or when the head branch of the pull request is updated. For activity related to pull request reviews, pull request review comments, or pull request comments, use the [`pull_request_review`](#pull_request_review), [`pull_request_review_comment`](#pull_request_review_comment), or [`issue_comment`](#issue_comment) events instead. For information about the pull request APIs, see [AUTOTITLE](/graphql/reference/objects#pullrequest) in the GraphQL API documentation or [AUTOTITLE](/rest/pulls). -Note that `GITHUB_SHA` for this event is the last merge commit of the pull request merge branch. If you want to get the commit ID for the last commit to the head branch of the pull request, use `github.event.pull_request.head.sha` instead. +Note that `GITHUB_SHA` for this event is the last merge commit of the pull request merge branch. If you want to get the commit ID for the last commit to the head branch of the pull request, use `github.event.pull_request.head.sha` instead. For more information about merge branches, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests#pull-request-refs-and-merge-branches). + +### How the merge branch affects your workflow + +For open, mergeable pull requests, workflows triggered by the `pull_request` event set `GITHUB_REF` to the merge branch. Because `actions/checkout` uses `GITHUB_REF` by default, it checks out the merge branch. Your CI tests run against the merged result, not just the head branch alone: + +* `GITHUB_REF` is set to `refs/pull/PULL_REQUEST_NUMBER/merge` +* `GITHUB_SHA` is the SHA of the merge commit on the merge branch + +To test only the head branch commits without simulating a merge, check out the head branch using `github.event.pull_request.head.sha` in your workflow. For example, you can run a workflow when a pull request has been opened or reopened. diff --git a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md index ddceef8f136e..d354a7e47883 100644 --- a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md +++ b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests.md @@ -35,6 +35,26 @@ When you create a pull request, you can choose to make it a draft pull request. {% data reusables.pull_requests.mark-ready-review %} You can convert a pull request to a draft at any time. See [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request). +## Pull request refs and merge branches + +When you open a pull request, {% data variables.product.github %} creates up to two temporary, read-only Git references for it: + +| Ref | Description | +| --- | --- | +| `refs/pull/PULL_REQUEST_NUMBER/head` | Points to the latest commit on the pull request's head branch. | +| `refs/pull/PULL_REQUEST_NUMBER/merge` | A merge branch—a simulated merge commit that represents what the repository would look like if the pull request were merged right now. This ref is only available when the pull request has no merge conflicts. | + +The merge branch automatically updates when the head branch or base branch changes. To fetch it locally: + +```shell +git fetch origin refs/pull/PULL_REQUEST_NUMBER/merge +git checkout FETCH_HEAD +``` + +Replace `PULL_REQUEST_NUMBER` with the number of your pull request. + +For information about how {% data variables.product.prodname_actions %} uses the merge branch, see [AUTOTITLE](/actions/reference/workflows-and-actions/events-that-trigger-workflows#how-the-merge-branch-affects-your-workflow). + ## Differences between commits on compare and pull request pages The compare and pull request pages use different methods to calculate the diff for changed files: diff --git a/data/reusables/actions/ref-description.md b/data/reusables/actions/ref-description.md index 55364ac1c021..193cbb2718b4 100644 --- a/data/reusables/actions/ref-description.md +++ b/data/reusables/actions/ref-description.md @@ -1 +1 @@ -The fully-formed ref of the branch or tag that triggered the workflow run. For workflows triggered by `push`, this is the branch or tag ref that was pushed. For workflows triggered by `pull_request` that were not merged, this is the pull request merge branch. If the pull request was merged, this is the head branch. For workflows triggered by `release`, this is the release tag created. For other triggers, this is the branch or tag ref that triggered the workflow run. This is only set if a branch or tag is available for the event type. The ref given is fully-formed, meaning that for branches the format is `refs/heads/`. For pull requests events except `pull_request_target` that were not merged, it is `refs/pull//merge`. `pull_request_target` events have the `ref` from the base branch. For tags it is `refs/tags/`. For example, `refs/heads/feature-branch-1`. +The fully-formed ref of the branch or tag that triggered the workflow run. For workflows triggered by `push`, this is the branch or tag ref that was pushed. For workflows triggered by `pull_request` that were not merged, this is the pull request merge branch. If the pull request was merged, this is the branch it was merged into. For workflows triggered by `release`, this is the release tag created. For other triggers, this is the branch or tag ref that triggered the workflow run. This is only set if a branch or tag is available for the event type. The ref given is fully-formed, meaning that for branches the format is `refs/heads/`. For pull request events except `pull_request_target` that were not merged, it is `refs/pull//merge`. `pull_request_target` events have the `ref` from the base branch. For tags it is `refs/tags/`. For example, `refs/heads/feature-branch-1`. For more information about pull request merge branches, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests#pull-request-refs-and-merge-branches). From 52ca96dda979082039d5f2358cfb8d6164e4cd3f Mon Sep 17 00:00:00 2001 From: Kevin Heis Date: Tue, 14 Apr 2026 15:10:04 -0700 Subject: [PATCH 4/5] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20Skip=20remark=20pipeli?= =?UTF-8?q?ne=20when=20article=20api=20content=20has=20no=20internal=20lin?= =?UTF-8?q?ks=20(#60770)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- src/content-render/index.ts | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/content-render/index.ts b/src/content-render/index.ts index 8cfd7771b05d..6591d079c024 100644 --- a/src/content-render/index.ts +++ b/src/content-render/index.ts @@ -38,9 +38,12 @@ export async function renderContent( try { template = await renderLiquid(template, context) if (context.markdownRequested) { - const md = await renderMarkdown(template, context) - - return md + // Skip the remark pipeline when there are no internal links to rewrite, + // since link rewriting is the only transformation the pipeline performs. + if (!/\]\(\s* Date: Tue, 14 Apr 2026 15:45:41 -0700 Subject: [PATCH 5/5] Update OpenAPI Description (#60772) Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> --- .../fine-grained-pat-permissions.json | 18 ++ .../data/fpt-2022-11-28/fine-grained-pat.json | 12 ++ .../server-to-server-permissions.json | 22 +++ .../fpt-2022-11-28/server-to-server-rest.json | 12 ++ .../fpt-2022-11-28/user-to-server-rest.json | 12 ++ .../fine-grained-pat-permissions.json | 18 ++ .../data/fpt-2026-03-10/fine-grained-pat.json | 12 ++ .../server-to-server-permissions.json | 22 +++ .../fpt-2026-03-10/server-to-server-rest.json | 12 ++ .../fpt-2026-03-10/user-to-server-rest.json | 12 ++ .../fine-grained-pat-permissions.json | 18 ++ .../ghec-2022-11-28/fine-grained-pat.json | 12 ++ .../server-to-server-permissions.json | 22 +++ .../server-to-server-rest.json | 12 ++ .../ghec-2022-11-28/user-to-server-rest.json | 12 ++ .../fine-grained-pat-permissions.json | 18 ++ .../ghec-2026-03-10/fine-grained-pat.json | 12 ++ .../server-to-server-permissions.json | 22 +++ .../server-to-server-rest.json | 12 ++ .../ghec-2026-03-10/user-to-server-rest.json | 12 ++ src/github-apps/lib/config.json | 2 +- .../data/fpt-2022-11-28/dependency-graph.json | 171 ++++++++++++++++++ .../data/fpt-2026-03-10/dependency-graph.json | 171 ++++++++++++++++++ .../ghec-2022-11-28/dependency-graph.json | 171 ++++++++++++++++++ .../ghec-2026-03-10/dependency-graph.json | 171 ++++++++++++++++++ src/rest/lib/config.json | 2 +- src/webhooks/lib/config.json | 2 +- 27 files changed, 991 insertions(+), 3 deletions(-) diff --git a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json index ecd0ca7fe1a6..60908391ae70 100644 --- a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json @@ -5547,6 +5547,24 @@ "additional-permissions": false, "access": "read" }, + { + "category": "dependency-graph", + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependency-graph", + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "additional-permissions": false, + "access": "read" + }, { "category": "dependency-graph", "slug": "create-a-snapshot-of-dependencies-for-a-repository", diff --git a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json index eea778a68df7..3cdbf95020e7 100644 --- a/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/fpt-2022-11-28/fine-grained-pat.json @@ -2400,6 +2400,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json index 483913f46f4f..abad69559359 100644 --- a/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json @@ -7234,6 +7234,28 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "dependency-graph", + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependency-graph", + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "dependency-graph", "slug": "create-a-snapshot-of-dependencies-for-a-repository", diff --git a/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json b/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json index 5c7bdb03c6d3..181ac5310971 100644 --- a/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/fpt-2022-11-28/server-to-server-rest.json @@ -2412,6 +2412,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json b/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json index 2f70d14ccbf8..13c9fde5a1a8 100644 --- a/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/fpt-2022-11-28/user-to-server-rest.json @@ -2678,6 +2678,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/fpt-2026-03-10/fine-grained-pat-permissions.json b/src/github-apps/data/fpt-2026-03-10/fine-grained-pat-permissions.json index ecd0ca7fe1a6..60908391ae70 100644 --- a/src/github-apps/data/fpt-2026-03-10/fine-grained-pat-permissions.json +++ b/src/github-apps/data/fpt-2026-03-10/fine-grained-pat-permissions.json @@ -5547,6 +5547,24 @@ "additional-permissions": false, "access": "read" }, + { + "category": "dependency-graph", + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependency-graph", + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "additional-permissions": false, + "access": "read" + }, { "category": "dependency-graph", "slug": "create-a-snapshot-of-dependencies-for-a-repository", diff --git a/src/github-apps/data/fpt-2026-03-10/fine-grained-pat.json b/src/github-apps/data/fpt-2026-03-10/fine-grained-pat.json index eea778a68df7..3cdbf95020e7 100644 --- a/src/github-apps/data/fpt-2026-03-10/fine-grained-pat.json +++ b/src/github-apps/data/fpt-2026-03-10/fine-grained-pat.json @@ -2400,6 +2400,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/fpt-2026-03-10/server-to-server-permissions.json b/src/github-apps/data/fpt-2026-03-10/server-to-server-permissions.json index 483913f46f4f..abad69559359 100644 --- a/src/github-apps/data/fpt-2026-03-10/server-to-server-permissions.json +++ b/src/github-apps/data/fpt-2026-03-10/server-to-server-permissions.json @@ -7234,6 +7234,28 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "dependency-graph", + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependency-graph", + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "dependency-graph", "slug": "create-a-snapshot-of-dependencies-for-a-repository", diff --git a/src/github-apps/data/fpt-2026-03-10/server-to-server-rest.json b/src/github-apps/data/fpt-2026-03-10/server-to-server-rest.json index 5c7bdb03c6d3..181ac5310971 100644 --- a/src/github-apps/data/fpt-2026-03-10/server-to-server-rest.json +++ b/src/github-apps/data/fpt-2026-03-10/server-to-server-rest.json @@ -2412,6 +2412,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/fpt-2026-03-10/user-to-server-rest.json b/src/github-apps/data/fpt-2026-03-10/user-to-server-rest.json index 2f70d14ccbf8..13c9fde5a1a8 100644 --- a/src/github-apps/data/fpt-2026-03-10/user-to-server-rest.json +++ b/src/github-apps/data/fpt-2026-03-10/user-to-server-rest.json @@ -2678,6 +2678,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json index 7b210009981a..0c86fc53a737 100644 --- a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json @@ -6129,6 +6129,24 @@ "additional-permissions": false, "access": "read" }, + { + "category": "dependency-graph", + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependency-graph", + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "additional-permissions": false, + "access": "read" + }, { "category": "dependency-graph", "slug": "create-a-snapshot-of-dependencies-for-a-repository", diff --git a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json index 22ca553d6b90..2456259f18dc 100644 --- a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json @@ -2444,6 +2444,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json index c1533514dfbf..3023951e8d61 100644 --- a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json @@ -8594,6 +8594,28 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "dependency-graph", + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependency-graph", + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "dependency-graph", "slug": "create-a-snapshot-of-dependencies-for-a-repository", diff --git a/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json index a78ac01c33d9..25883260f787 100644 --- a/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json @@ -2522,6 +2522,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json index be1a63455654..ff9bedd50c35 100644 --- a/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json @@ -2770,6 +2770,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/ghec-2026-03-10/fine-grained-pat-permissions.json b/src/github-apps/data/ghec-2026-03-10/fine-grained-pat-permissions.json index 7b210009981a..0c86fc53a737 100644 --- a/src/github-apps/data/ghec-2026-03-10/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghec-2026-03-10/fine-grained-pat-permissions.json @@ -6129,6 +6129,24 @@ "additional-permissions": false, "access": "read" }, + { + "category": "dependency-graph", + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "dependency-graph", + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "additional-permissions": false, + "access": "read" + }, { "category": "dependency-graph", "slug": "create-a-snapshot-of-dependencies-for-a-repository", diff --git a/src/github-apps/data/ghec-2026-03-10/fine-grained-pat.json b/src/github-apps/data/ghec-2026-03-10/fine-grained-pat.json index 22ca553d6b90..2456259f18dc 100644 --- a/src/github-apps/data/ghec-2026-03-10/fine-grained-pat.json +++ b/src/github-apps/data/ghec-2026-03-10/fine-grained-pat.json @@ -2444,6 +2444,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/ghec-2026-03-10/server-to-server-permissions.json b/src/github-apps/data/ghec-2026-03-10/server-to-server-permissions.json index c1533514dfbf..3023951e8d61 100644 --- a/src/github-apps/data/ghec-2026-03-10/server-to-server-permissions.json +++ b/src/github-apps/data/ghec-2026-03-10/server-to-server-permissions.json @@ -8594,6 +8594,28 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "dependency-graph", + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, + { + "category": "dependency-graph", + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "access": "read", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "dependency-graph", "slug": "create-a-snapshot-of-dependencies-for-a-repository", diff --git a/src/github-apps/data/ghec-2026-03-10/server-to-server-rest.json b/src/github-apps/data/ghec-2026-03-10/server-to-server-rest.json index a78ac01c33d9..25883260f787 100644 --- a/src/github-apps/data/ghec-2026-03-10/server-to-server-rest.json +++ b/src/github-apps/data/ghec-2026-03-10/server-to-server-rest.json @@ -2522,6 +2522,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/data/ghec-2026-03-10/user-to-server-rest.json b/src/github-apps/data/ghec-2026-03-10/user-to-server-rest.json index be1a63455654..ff9bedd50c35 100644 --- a/src/github-apps/data/ghec-2026-03-10/user-to-server-rest.json +++ b/src/github-apps/data/ghec-2026-03-10/user-to-server-rest.json @@ -2770,6 +2770,18 @@ "verb": "get", "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom" }, + { + "slug": "fetch-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}" + }, + { + "slug": "request-generation-of-a-software-bill-of-materials-sbom-for-a-repository", + "subcategory": "sboms", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report" + }, { "slug": "create-a-snapshot-of-dependencies-for-a-repository", "subcategory": "dependency-submission", diff --git a/src/github-apps/lib/config.json b/src/github-apps/lib/config.json index 3dc261cef4cd..c7242861fe5f 100644 --- a/src/github-apps/lib/config.json +++ b/src/github-apps/lib/config.json @@ -60,5 +60,5 @@ "2022-11-28" ] }, - "sha": "e6a345665a64530821d4ebcd07e7805a0cdeff09" + "sha": "b8cc3c7e6d2050e2e0feb03abf5f32c17e2f964f" } \ No newline at end of file diff --git a/src/rest/data/fpt-2022-11-28/dependency-graph.json b/src/rest/data/fpt-2022-11-28/dependency-graph.json index 70fb8a8018b7..90607a62640a 100644 --- a/src/rest/data/fpt-2022-11-28/dependency-graph.json +++ b/src/rest/data/fpt-2022-11-28/dependency-graph.json @@ -836,6 +836,177 @@ ], "allowsPublicRead": true } + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "title": "Fetch a software bill of materials (SBOM) for a repository.", + "category": "dependency-graph", + "subcategory": "sboms", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "sbom_uuid", + "in": "path", + "required": true, + "description": "

The unique identifier of the SBOM export.

", + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [], + "descriptionHTML": "

Fetches a previously generated software bill of materials (SBOM) for a repository.\nWhen the SBOM is ready, the response is a 302 redirect to a temporary download URL for the SBOM in SPDX JSON format.\nThe generated SBOM report may be retained for up to one week from the original request.\nThe temporary download URL returned by this endpoint expires separately, and its expiry is set when the fetch request is made.

", + "codeExamples": [ + { + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO", + "sbom_uuid": "SBOM_UUID" + } + }, + "response": { + "statusCode": "202", + "description": "

SBOM is still being processed, no content is returned.

" + } + } + ], + "statusCodes": [ + { + "httpStatusCode": "202", + "description": "

SBOM is still being processed, no content is returned.

" + }, + { + "httpStatusCode": "302", + "description": "

Redirects to a temporary download URL for the completed SBOM.

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ], + "previews": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Contents\" repository permissions": "read" + } + ], + "allowsPublicRead": true + } + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "title": "Request generation of a software bill of materials (SBOM) for a repository.", + "category": "dependency-graph", + "subcategory": "sboms", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [], + "descriptionHTML": "

Triggers a job to generate a software bill of materials (SBOM) for a repository in SPDX JSON format.

", + "codeExamples": [ + { + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO" + } + }, + "response": { + "statusCode": "201", + "contentType": "application/json", + "description": "

Response

", + "example": { + "sbom_url": "https://api.github.com/repos/github/example/dependency-graph/sbom/fetch-report/4bab1a7e-da63-4828-9488-44e0e01a7c1b" + }, + "schema": { + "type": "object", + "properties": { + "sbom_url": { + "type": "string", + "description": "URL to poll for the SBOM export result." + } + } + } + } + } + ], + "statusCodes": [ + { + "httpStatusCode": "201", + "description": "

Created

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ], + "previews": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Contents\" repository permissions": "read" + } + ], + "allowsPublicRead": true + } } ] } \ No newline at end of file diff --git a/src/rest/data/fpt-2026-03-10/dependency-graph.json b/src/rest/data/fpt-2026-03-10/dependency-graph.json index 70fb8a8018b7..90607a62640a 100644 --- a/src/rest/data/fpt-2026-03-10/dependency-graph.json +++ b/src/rest/data/fpt-2026-03-10/dependency-graph.json @@ -836,6 +836,177 @@ ], "allowsPublicRead": true } + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "title": "Fetch a software bill of materials (SBOM) for a repository.", + "category": "dependency-graph", + "subcategory": "sboms", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "sbom_uuid", + "in": "path", + "required": true, + "description": "

The unique identifier of the SBOM export.

", + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [], + "descriptionHTML": "

Fetches a previously generated software bill of materials (SBOM) for a repository.\nWhen the SBOM is ready, the response is a 302 redirect to a temporary download URL for the SBOM in SPDX JSON format.\nThe generated SBOM report may be retained for up to one week from the original request.\nThe temporary download URL returned by this endpoint expires separately, and its expiry is set when the fetch request is made.

", + "codeExamples": [ + { + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO", + "sbom_uuid": "SBOM_UUID" + } + }, + "response": { + "statusCode": "202", + "description": "

SBOM is still being processed, no content is returned.

" + } + } + ], + "statusCodes": [ + { + "httpStatusCode": "202", + "description": "

SBOM is still being processed, no content is returned.

" + }, + { + "httpStatusCode": "302", + "description": "

Redirects to a temporary download URL for the completed SBOM.

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ], + "previews": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Contents\" repository permissions": "read" + } + ], + "allowsPublicRead": true + } + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "title": "Request generation of a software bill of materials (SBOM) for a repository.", + "category": "dependency-graph", + "subcategory": "sboms", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [], + "descriptionHTML": "

Triggers a job to generate a software bill of materials (SBOM) for a repository in SPDX JSON format.

", + "codeExamples": [ + { + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO" + } + }, + "response": { + "statusCode": "201", + "contentType": "application/json", + "description": "

Response

", + "example": { + "sbom_url": "https://api.github.com/repos/github/example/dependency-graph/sbom/fetch-report/4bab1a7e-da63-4828-9488-44e0e01a7c1b" + }, + "schema": { + "type": "object", + "properties": { + "sbom_url": { + "type": "string", + "description": "URL to poll for the SBOM export result." + } + } + } + } + } + ], + "statusCodes": [ + { + "httpStatusCode": "201", + "description": "

Created

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ], + "previews": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Contents\" repository permissions": "read" + } + ], + "allowsPublicRead": true + } } ] } \ No newline at end of file diff --git a/src/rest/data/ghec-2022-11-28/dependency-graph.json b/src/rest/data/ghec-2022-11-28/dependency-graph.json index 70fb8a8018b7..90607a62640a 100644 --- a/src/rest/data/ghec-2022-11-28/dependency-graph.json +++ b/src/rest/data/ghec-2022-11-28/dependency-graph.json @@ -836,6 +836,177 @@ ], "allowsPublicRead": true } + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "title": "Fetch a software bill of materials (SBOM) for a repository.", + "category": "dependency-graph", + "subcategory": "sboms", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "sbom_uuid", + "in": "path", + "required": true, + "description": "

The unique identifier of the SBOM export.

", + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [], + "descriptionHTML": "

Fetches a previously generated software bill of materials (SBOM) for a repository.\nWhen the SBOM is ready, the response is a 302 redirect to a temporary download URL for the SBOM in SPDX JSON format.\nThe generated SBOM report may be retained for up to one week from the original request.\nThe temporary download URL returned by this endpoint expires separately, and its expiry is set when the fetch request is made.

", + "codeExamples": [ + { + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO", + "sbom_uuid": "SBOM_UUID" + } + }, + "response": { + "statusCode": "202", + "description": "

SBOM is still being processed, no content is returned.

" + } + } + ], + "statusCodes": [ + { + "httpStatusCode": "202", + "description": "

SBOM is still being processed, no content is returned.

" + }, + { + "httpStatusCode": "302", + "description": "

Redirects to a temporary download URL for the completed SBOM.

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ], + "previews": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Contents\" repository permissions": "read" + } + ], + "allowsPublicRead": true + } + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "title": "Request generation of a software bill of materials (SBOM) for a repository.", + "category": "dependency-graph", + "subcategory": "sboms", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [], + "descriptionHTML": "

Triggers a job to generate a software bill of materials (SBOM) for a repository in SPDX JSON format.

", + "codeExamples": [ + { + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO" + } + }, + "response": { + "statusCode": "201", + "contentType": "application/json", + "description": "

Response

", + "example": { + "sbom_url": "https://api.github.com/repos/github/example/dependency-graph/sbom/fetch-report/4bab1a7e-da63-4828-9488-44e0e01a7c1b" + }, + "schema": { + "type": "object", + "properties": { + "sbom_url": { + "type": "string", + "description": "URL to poll for the SBOM export result." + } + } + } + } + } + ], + "statusCodes": [ + { + "httpStatusCode": "201", + "description": "

Created

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ], + "previews": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Contents\" repository permissions": "read" + } + ], + "allowsPublicRead": true + } } ] } \ No newline at end of file diff --git a/src/rest/data/ghec-2026-03-10/dependency-graph.json b/src/rest/data/ghec-2026-03-10/dependency-graph.json index 70fb8a8018b7..90607a62640a 100644 --- a/src/rest/data/ghec-2026-03-10/dependency-graph.json +++ b/src/rest/data/ghec-2026-03-10/dependency-graph.json @@ -836,6 +836,177 @@ ], "allowsPublicRead": true } + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/fetch-report/{sbom_uuid}", + "title": "Fetch a software bill of materials (SBOM) for a repository.", + "category": "dependency-graph", + "subcategory": "sboms", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "sbom_uuid", + "in": "path", + "required": true, + "description": "

The unique identifier of the SBOM export.

", + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [], + "descriptionHTML": "

Fetches a previously generated software bill of materials (SBOM) for a repository.\nWhen the SBOM is ready, the response is a 302 redirect to a temporary download URL for the SBOM in SPDX JSON format.\nThe generated SBOM report may be retained for up to one week from the original request.\nThe temporary download URL returned by this endpoint expires separately, and its expiry is set when the fetch request is made.

", + "codeExamples": [ + { + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO", + "sbom_uuid": "SBOM_UUID" + } + }, + "response": { + "statusCode": "202", + "description": "

SBOM is still being processed, no content is returned.

" + } + } + ], + "statusCodes": [ + { + "httpStatusCode": "202", + "description": "

SBOM is still being processed, no content is returned.

" + }, + { + "httpStatusCode": "302", + "description": "

Redirects to a temporary download URL for the completed SBOM.

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ], + "previews": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Contents\" repository permissions": "read" + } + ], + "allowsPublicRead": true + } + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/dependency-graph/sbom/generate-report", + "title": "Request generation of a software bill of materials (SBOM) for a repository.", + "category": "dependency-graph", + "subcategory": "sboms", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [], + "descriptionHTML": "

Triggers a job to generate a software bill of materials (SBOM) for a repository in SPDX JSON format.

", + "codeExamples": [ + { + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO" + } + }, + "response": { + "statusCode": "201", + "contentType": "application/json", + "description": "

Response

", + "example": { + "sbom_url": "https://api.github.com/repos/github/example/dependency-graph/sbom/fetch-report/4bab1a7e-da63-4828-9488-44e0e01a7c1b" + }, + "schema": { + "type": "object", + "properties": { + "sbom_url": { + "type": "string", + "description": "URL to poll for the SBOM export result." + } + } + } + } + } + ], + "statusCodes": [ + { + "httpStatusCode": "201", + "description": "

Created

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ], + "previews": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Contents\" repository permissions": "read" + } + ], + "allowsPublicRead": true + } } ] } \ No newline at end of file diff --git a/src/rest/lib/config.json b/src/rest/lib/config.json index b43b3c705a5e..b27d8b92644e 100644 --- a/src/rest/lib/config.json +++ b/src/rest/lib/config.json @@ -55,5 +55,5 @@ ] } }, - "sha": "e6a345665a64530821d4ebcd07e7805a0cdeff09" + "sha": "b8cc3c7e6d2050e2e0feb03abf5f32c17e2f964f" } \ No newline at end of file diff --git a/src/webhooks/lib/config.json b/src/webhooks/lib/config.json index 2180c6b1b980..930fb912056b 100644 --- a/src/webhooks/lib/config.json +++ b/src/webhooks/lib/config.json @@ -1,3 +1,3 @@ { - "sha": "e6a345665a64530821d4ebcd07e7805a0cdeff09" + "sha": "b8cc3c7e6d2050e2e0feb03abf5f32c17e2f964f" } \ No newline at end of file