Skip to content

[pull] main from github:main #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Apr 17, 2021
Merged

[pull] main from github:main #37

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
8f3ca61
Fix typo
aspearman Apr 16, 2021
e719fac
Merge branch 'main' into repo-sync
Octomerger Apr 16, 2021
0584498
Merge pull request #18846 from github/repo-sync
Octomerger Apr 16, 2021
05c346e
Merge branch 'main' into patch-1
janiceilene Apr 16, 2021
66b6796
Merge pull request #5441 from aspearman/patch-1
janiceilene Apr 16, 2021
9039db7
Merge branch 'main' into repo-sync
Octomerger Apr 16, 2021
3c416ff
Merge branch 'main' into repo-sync
Octomerger Apr 16, 2021
684451c
Merge pull request #18850 from github/repo-sync
Octomerger Apr 16, 2021
30a69ab
Merge pull request #5455 from github/repo-sync
Octomerger Apr 16, 2021
1e458bb
Update OpenAPI Descriptions (#18849)
github-openapi-bot Apr 17, 2021
77a116d
SARIF limit increased to 5000 (#18798)
Apr 17, 2021
e057e56
Merge branch 'main' into repo-sync
Octomerger Apr 17, 2021
84d3aad
Merge pull request #18851 from github/repo-sync
Octomerger Apr 17, 2021
0adbcf4
Merge pull request #5458 from github/repo-sync
Octomerger Apr 17, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion data/reusables/code-scanning/upload-sarif-alert-limit.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{% note %}

**Note:** SARIF upload supports a maximum of 1000 results per upload. Any results over this limit are ignored. If a tool generates too many results, you should update the configuration to focus on results for the most important rules or queries.
**Note:** SARIF upload supports a maximum of {% if currentVersion == "github-ae@next" or currentVersion == "free-pro-team@latest" or currentVersion ver_gt "[email protected]" %}5000{% else %}1000{% endif %} results per upload. Any results over this limit are ignored. If a tool generates too many results, you should update the configuration to focus on results for the most important rules or queries.

{% endnote %}
8 changes: 4 additions & 4 deletions lib/rest/static/decorated/api.github.amrom.workers.dev.json
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions lib/rest/static/decorated/ghes-2.22.json
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions lib/rest/static/decorated/ghes-3.0.json
View file
Open in desktop

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions lib/rest/static/decorated/github.ae.json
View file
Open in desktop

Large diffs are not rendered by default.

27 changes: 21 additions & 6 deletions lib/rest/static/dereferenced/api.github.amrom.workers.dev.deref.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164348,6 +164348,11 @@
},
"deletable": {
"type": "boolean"
},
"warning": {
"type": "string",
"description": "Warning generated when processing the analysis",
"example": "123 results were ignored"
}
},
"required": [
Expand All @@ -164363,7 +164368,8 @@
"url",
"sarif_id",
"tool",
"deletable"
"deletable",
"warning"
]
}
},
Expand All @@ -164387,7 +164393,8 @@
"guid": null,
"version": "2.4.0"
},
"deletable": true
"deletable": true,
"warning": ""
},
{
"ref": "refs/heads/my-branch",
Expand All @@ -164406,7 +164413,8 @@
"guid": null,
"version": "1.2.0"
},
"deletable": true
"deletable": true,
"warning": ""
}
]
}
Expand Down Expand Up @@ -164626,6 +164634,11 @@
},
"deletable": {
"type": "boolean"
},
"warning": {
"type": "string",
"description": "Warning generated when processing the analysis",
"example": "123 results were ignored"
}
},
"required": [
Expand All @@ -164641,7 +164654,8 @@
"url",
"sarif_id",
"tool",
"deletable"
"deletable",
"warning"
]
},
"examples": {
Expand All @@ -164664,7 +164678,8 @@
"guid": null,
"version": "2.4.0"
},
"deletable": true
"deletable": true,
"warning": ""
}
}
}
Expand Down Expand Up @@ -164991,7 +165006,7 @@
"/repos/{owner}/{repo}/code-scanning/sarifs": {
"post": {
"summary": "Upload an analysis as SARIF data",
"description": "Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the `security_events` scope to use this endpoint. GitHub Apps must have the `security_events` write permission to use this endpoint.\n\nThere are two places where you can upload code scanning results.\n - If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see \"[Triaging code scanning alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests).\"\n - If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see \"[Managing code scanning alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository).\"\n\nYou must compress the SARIF-formatted analysis data that you want to upload, using `gzip`, and then encode it as a Base64 format string. For example:\n\n```\ngzip -c analysis-data.sarif | base64\n```\n\nSARIF upload supports a maximum of 1000 results per analysis run. Any results over this limit are ignored. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.\n\nThe `202 Accepted`, response includes an `id` value.\nYou can use this ID to check the status of the upload by using this for the `/sarifs/{sarif_id}` endpoint.\nFor more information, see \"[Get information about a SARIF upload](/rest/reference/code-scanning#get-information-about-a-sarif-upload).\"",
"description": "Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the `security_events` scope to use this endpoint. GitHub Apps must have the `security_events` write permission to use this endpoint.\n\nThere are two places where you can upload code scanning results.\n - If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see \"[Triaging code scanning alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests).\"\n - If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see \"[Managing code scanning alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository).\"\n\nYou must compress the SARIF-formatted analysis data that you want to upload, using `gzip`, and then encode it as a Base64 format string. For example:\n\n```\ngzip -c analysis-data.sarif | base64 -w0\n```\n\nSARIF upload supports a maximum of 5000 results per analysis run. Any results over this limit are ignored and any SARIF uploads with more than 25,000 results are rejected. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.\n\nThe `202 Accepted`, response includes an `id` value.\nYou can use this ID to check the status of the upload by using this for the `/sarifs/{sarif_id}` endpoint.\nFor more information, see \"[Get information about a SARIF upload](/rest/reference/code-scanning#get-information-about-a-sarif-upload).\"",
"operationId": "code-scanning/upload-sarif",
"tags": [
"code-scanning"
Expand Down
16 changes: 12 additions & 4 deletions lib/rest/static/dereferenced/ghes-2.22.deref.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145573,6 +145573,11 @@
},
"deletable": {
"type": "boolean"
},
"warning": {
"type": "string",
"description": "Warning generated when processing the analysis",
"example": "123 results were ignored"
}
},
"required": [
Expand All @@ -145588,7 +145593,8 @@
"url",
"sarif_id",
"tool",
"deletable"
"deletable",
"warning"
]
}
},
Expand All @@ -145612,7 +145618,8 @@
"guid": null,
"version": "2.4.0"
},
"deletable": true
"deletable": true,
"warning": ""
},
{
"ref": "refs/heads/my-branch",
Expand All @@ -145631,7 +145638,8 @@
"guid": null,
"version": "1.2.0"
},
"deletable": true
"deletable": true,
"warning": ""
}
]
}
Expand Down Expand Up @@ -145726,7 +145734,7 @@
"/repos/{owner}/{repo}/code-scanning/sarifs": {
"post": {
"summary": "Upload an analysis as SARIF data",
"description": "Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the `security_events` scope to use this endpoint. GitHub Apps must have the `security_events` write permission to use this endpoint.\n\nThere are two places where you can upload code scanning results.\n - If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see \"[Triaging code scanning alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests).\"\n - If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see \"[Managing code scanning alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository).\"\n\nYou must compress the SARIF-formatted analysis data that you want to upload, using `gzip`, and then encode it as a Base64 format string. For example:\n\n```\ngzip -c analysis-data.sarif | base64\n```\n\nSARIF upload supports a maximum of 1000 results per analysis run. Any results over this limit are ignored. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.\n\nThe `202 Accepted`, response includes an `id` value.\nYou can use this ID to check the status of the upload by using this for the `/sarifs/{sarif_id}` endpoint.\nFor more information, see \"[Get information about a SARIF upload](/rest/reference/code-scanning#get-information-about-a-sarif-upload).\"",
"description": "Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the `security_events` scope to use this endpoint. GitHub Apps must have the `security_events` write permission to use this endpoint.\n\nThere are two places where you can upload code scanning results.\n - If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see \"[Triaging code scanning alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests).\"\n - If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see \"[Managing code scanning alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository).\"\n\nYou must compress the SARIF-formatted analysis data that you want to upload, using `gzip`, and then encode it as a Base64 format string. For example:\n\n```\ngzip -c analysis-data.sarif | base64 -w0\n```\n\nSARIF upload supports a maximum of 1000 results per analysis run. Any results over this limit are ignored. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.\n\nThe `202 Accepted`, response includes an `id` value.\nYou can use this ID to check the status of the upload by using this for the `/sarifs/{sarif_id}` endpoint.\nFor more information, see \"[Get information about a SARIF upload](/rest/reference/code-scanning#get-information-about-a-sarif-upload).\"",
"operationId": "code-scanning/upload-sarif",
"tags": [
"code-scanning"
Expand Down
16 changes: 12 additions & 4 deletions lib/rest/static/dereferenced/ghes-3.0.deref.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150856,6 +150856,11 @@
},
"deletable": {
"type": "boolean"
},
"warning": {
"type": "string",
"description": "Warning generated when processing the analysis",
"example": "123 results were ignored"
}
},
"required": [
Expand All @@ -150871,7 +150876,8 @@
"url",
"sarif_id",
"tool",
"deletable"
"deletable",
"warning"
]
}
},
Expand All @@ -150895,7 +150901,8 @@
"guid": null,
"version": "2.4.0"
},
"deletable": true
"deletable": true,
"warning": ""
},
{
"ref": "refs/heads/my-branch",
Expand All @@ -150914,7 +150921,8 @@
"guid": null,
"version": "1.2.0"
},
"deletable": true
"deletable": true,
"warning": ""
}
]
}
Expand Down Expand Up @@ -151009,7 +151017,7 @@
"/repos/{owner}/{repo}/code-scanning/sarifs": {
"post": {
"summary": "Upload an analysis as SARIF data",
"description": "Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the `security_events` scope to use this endpoint. GitHub Apps must have the `security_events` write permission to use this endpoint.\n\nThere are two places where you can upload code scanning results.\n - If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see \"[Triaging code scanning alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests).\"\n - If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see \"[Managing code scanning alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository).\"\n\nYou must compress the SARIF-formatted analysis data that you want to upload, using `gzip`, and then encode it as a Base64 format string. For example:\n\n```\ngzip -c analysis-data.sarif | base64\n```\n\nSARIF upload supports a maximum of 1000 results per analysis run. Any results over this limit are ignored. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.\n\nThe `202 Accepted`, response includes an `id` value.\nYou can use this ID to check the status of the upload by using this for the `/sarifs/{sarif_id}` endpoint.\nFor more information, see \"[Get information about a SARIF upload](/rest/reference/code-scanning#get-information-about-a-sarif-upload).\"",
"description": "Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. You must use an access token with the `security_events` scope to use this endpoint. GitHub Apps must have the `security_events` write permission to use this endpoint.\n\nThere are two places where you can upload code scanning results.\n - If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see \"[Triaging code scanning alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests).\"\n - If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see \"[Managing code scanning alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository).\"\n\nYou must compress the SARIF-formatted analysis data that you want to upload, using `gzip`, and then encode it as a Base64 format string. For example:\n\n```\ngzip -c analysis-data.sarif | base64 -w0\n```\n\nSARIF upload supports a maximum of 1000 results per analysis run. Any results over this limit are ignored. Typically, but not necessarily, a SARIF file contains a single run of a single tool. If a code scanning tool generates too many results, you should update the analysis configuration to run only the most important rules or queries.\n\nThe `202 Accepted`, response includes an `id` value.\nYou can use this ID to check the status of the upload by using this for the `/sarifs/{sarif_id}` endpoint.\nFor more information, see \"[Get information about a SARIF upload](/rest/reference/code-scanning#get-information-about-a-sarif-upload).\"",
"operationId": "code-scanning/upload-sarif",
"tags": [
"code-scanning"
Expand Down
Loading