REST API はバージョン管理になりました。 詳細については、「API のバージョン管理について」を参照してください。

アーティファクト構成証明の REST API エンドポイント

REST API を使用してアーティファクトの構成証明を管理します。

List attestations

List a collection of artifact attestations with a given subject digest that are associated with repositories owned by a user.

The collection of attestations returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the attestations:read permission is required.

Please note: in order to offer meaningful security benefits, an attestation's signature and timestamps must be cryptographically verified, and the identity of the attestation signer must be validated. Attestations can be verified using the GitHub CLI attestation verify command. For more information, see our guide on how to use artifact attestations to establish a build's provenance.

"List attestations" のきめ細かいアクセス トークン

このエンドポイントは、次の粒度の細かいトークンの種類で動作します:

粒度の細かいトークンにはアクセス許可が必要ありません。

パブリック リソースのみが要求された場合、このエンドポイントは認証なしで使用できます。

"List attestations" のパラメーター

ヘッダー
accept string

Setting to application/vnd.github+json is recommended.

パス パラメーター
username string 必須

The handle for the GitHub user account.

subject_digest string 必須

Subject Digest

クエリ パラメーター
per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

"List attestations" の HTTP 応答状態コード

状態コード説明
200

OK

201

Created

204

No Content

404

Resource not found

"List attestations" のコード サンプル

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

要求の例

get/users/{username}/attestations/{subject_digest}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/users/USERNAME/attestations/SUBJECT_DIGEST

Response

Status: 200