REST API endpoints for Dependabot repository access
Use the REST API to manage which repositories Dependabot can access within an organization.
About Dependabot repository access
You can list repositories that Dependabot already has access to and set a default repository access level for Dependabot.
Lists the repositories Dependabot can access in an organization
Lists repositories that organization admins have allowed Dependabot to access when updating dependencies.
Note
This operation supports both server-to-server and user-to-server access. Unauthorized users will not see the existence of this endpoint.
Fine-grained access tokens for "Lists the repositories Dependabot can access in an organization"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Administration" organization permissions (read)
Parameters for "Lists the repositories Dependabot can access in an organization"
| Name, Type, Description |
|---|
accept string Setting to |
| Name, Type, Description |
|---|
org string RequiredThe organization name. The name is not case sensitive. |
| Name, Type, Description |
|---|
page integer The page number of results to fetch. Default: |
per_page integer Number of results per page. Default: |
HTTP response status codes for "Lists the repositories Dependabot can access in an organization"
| Status code | Description |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Code samples for "Lists the repositories Dependabot can access in an organization"
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/organizations/ORG/dependabot/repository-accessResponse
Status: 200{
"default_level": "public",
"accessible_repositories": [
{
"id": 123456,
"node_id": "MDEwOlJlcG9zaXRvcnkxMjM0NTY=",
"name": "example-repo",
"full_name": "octocat/example-repo",
"owner": {
"name": "octocat",
"email": "octo@github.com",
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://avatars.githubusercontent.com/u/1?v=4",
"gravatar_id": 1,
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat/example-repo",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false,
"starred_at": "\"2020-07-09T00:17:55Z\"",
"user_view_type": "default"
},
"private": false,
"html_url": "https://github.com/octocat/example-repo",
"description": "This is an example repository.",
"fork": false,
"url": "https://api.github.com/repos/octocat/example-repo",
"archive_url": "https://api.github.com/repos/octocat/example-repo/{archive_format}{/ref}",
"assignees_url": "https://api.github.com/repos/octocat/example-repo/assignees{/user}",
"blobs_url": "https://api.github.com/repos/octocat/example-repo/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/octocat/example-repo/branches{/branch}",
"collaborators_url": "https://api.github.com/repos/octocat/example-repo/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/octocat/example-repo/comments{/number}",
"commits_url": "https://api.github.com/repos/octocat/example-repo/commits{/sha}",
"compare_url": "https://api.github.com/repos/octocat/example-repo/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/octocat/example-repo/contents/{+path}",
"contributors_url": "https://api.github.com/repos/octocat/example-repo/contributors",
"deployments_url": "https://api.github.com/repos/octocat/example-repo/deployments",
"downloads_url": "https://api.github.com/repos/octocat/example-repo/downloads",
"events_url": "https://api.github.com/repos/octocat/example-repo/events",
"forks_url": "https://api.github.com/repos/octocat/example-repo/forks",
"git_commits_url": "https://api.github.com/repos/octocat/example-repo/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/octocat/example-repo/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/octocat/example-repo/git/tags{/sha}",
"issue_comment_url": "https://api.github.com/repos/octocat/example-repo/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/octocat/example-repo/issues/events{/number}",
"issues_url": "https://api.github.com/repos/octocat/example-repo/issues{/number}",
"keys_url": "https://api.github.com/repos/octocat/example-repo/keys{/key_id}",
"labels_url": "https://api.github.com/repos/octocat/example-repo/labels{/name}",
"languages_url": "https://api.github.com/repos/octocat/example-repo/languages",
"merges_url": "https://api.github.com/repos/octocat/example-repo/merges",
"milestones_url": "https://api.github.com/repos/octocat/example-repo/milestones{/number}",
"notifications_url": "https://api.github.com/repos/octocat/example-repo/notifications{?since,all,participating}",
"pulls_url": "https://api.github.com/repos/octocat/example-repo/pulls{/number}",
"releases_url": "https://api.github.com/repos/octocat/example-repo/releases{/id}",
"stargazers_url": "https://api.github.com/repos/octocat/example-repo/stargazers",
"statuses_url": "https://api.github.com/repos/octocat/example-repo/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/octocat/example-repo/subscribers",
"subscription_url": "https://api.github.com/repos/octocat/example-repo/subscription",
"tags_url": "https://api.github.com/repos/octocat/example-repo/tags",
"teams_url": "https://api.github.com/repos/octocat/example-repo/teams",
"trees_url": "https://api.github.com/repos/octocat/example-repo/git/trees{/sha}",
"hooks_url": "https://api.github.com/repos/octocat/example-repo/hooks"
}
]
}Updates Dependabot's repository access list for an organization
Updates repositories according to the list of repositories that organization admins have given Dependabot access to when they've updated dependencies.
Note
This operation supports both server-to-server and user-to-server access. Unauthorized users will not see the existence of this endpoint.
Example request body:
{
"repository_ids_to_add": [123, 456],
"repository_ids_to_remove": [789]
}
Fine-grained access tokens for "Updates Dependabot's repository access list for an organization"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Administration" organization permissions (write)
Parameters for "Updates Dependabot's repository access list for an organization"
| Name, Type, Description |
|---|
accept string Setting to |
| Name, Type, Description |
|---|
org string RequiredThe organization name. The name is not case sensitive. |
| Name, Type, Description |
|---|
repository_ids_to_add array of integers List of repository IDs to add. |
repository_ids_to_remove array of integers List of repository IDs to remove. |
HTTP response status codes for "Updates Dependabot's repository access list for an organization"
| Status code | Description |
|---|---|
204 | No Content |
403 | Forbidden |
404 | Resource not found |
Code samples for "Updates Dependabot's repository access list for an organization"
Request example
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/organizations/ORG/dependabot/repository-accessResponse
Status: 204Set the default repository access level for Dependabot
Sets the default level of repository access Dependabot will have while performing an update. Available values are:
- 'public' - Dependabot will only have access to public repositories, unless access is explicitly granted to non-public repositories.
- 'internal' - Dependabot will only have access to public and internal repositories, unless access is explicitly granted to private repositories.
Unauthorized users will not see the existence of this endpoint.
This operation supports both server-to-server and user-to-server access.
Fine-grained access tokens for "Set the default repository access level for Dependabot"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Administration" organization permissions (write)
Parameters for "Set the default repository access level for Dependabot"
| Name, Type, Description |
|---|
accept string Setting to |
| Name, Type, Description |
|---|
org string RequiredThe organization name. The name is not case sensitive. |
| Name, Type, Description |
|---|
default_level string RequiredThe default repository access level for Dependabot updates. Can be one of: |
HTTP response status codes for "Set the default repository access level for Dependabot"
| Status code | Description |
|---|---|
204 | No Content |
403 | Forbidden |
404 | Resource not found |
Code samples for "Set the default repository access level for Dependabot"
Request example
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/organizations/ORG/dependabot/repository-access/default-level \
-d '{"default_level":"public"}'Response
Status: 204