We have released improvements to the code scanning API:
- We've added the
fixed_at
timestamp to alerts. This is the first time that the alert was not detected in an analysis. You can use this data to better understand when code scanning alerts are being fixed.
- We've enabled sorting of alert results using
sort
and direction
on either created
, updated
or number
. Use this to see the alerts that are most important to you first. For more information, see List code scanning alerts for a repository.
- We've added a
Last-Modified
header to the alerts and alert endpoint response. For more information, see Last-Modified
in the Mozilla documentation.
- We've added
relatedLocations
to the SARIF response when you request a code scanning analysis. The field may contain locations which are not the primary location of the alert. See an example in the SARIF spec and read about getting a code scanning analysis for a repository.
- We've added
help
and tags
data to the webhook response alert rule object. For more information, see Code scanning alert webhooks events and payloads.
- PATs with the
public_repo
scope now have write access for code scanning endpoints on public repos, if the user has permission. This is a bug fix and is now inline with the documentation.
For more information, see the Code scanning in the API reference.