openapi: 3.0.3 info: title: GitHub Code Scanning API (Minimal) version: 2026-02-08 description: Minimal OpenAPI spec for GitHub code scanning alert triage workflows. servers: - url: https://api.github.com paths: /repos/{owner}/{repo}/code-scanning/alerts: get: operationId: listCodeScanningAlerts summary: List code scanning alerts for a repository parameters: - $ref: '#/components/parameters/owner' - $ref: '#/components/parameters/repo' - name: state in: query schema: type: string enum: [open, closed, dismissed, fixed] - name: ref in: query schema: type: string - name: severity in: query schema: type: string enum: [critical, high, medium, low, warning, note, error] - name: tool_name in: query schema: type: string - name: page in: query schema: type: integer minimum: 1 default: 1 - name: per_page in: query schema: type: integer minimum: 1 maximum: 100 default: 30 responses: '200': description: Alerts list content: application/json: schema: type: array items: $ref: '#/components/schemas/CodeScanningAlert' /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}: get: operationId: getCodeScanningAlert summary: Get a single code scanning alert parameters: - $ref: '#/components/parameters/owner' - $ref: '#/components/parameters/repo' - $ref: '#/components/parameters/alert_number' responses: '200': description: Alert detail content: application/json: schema: $ref: '#/components/schemas/CodeScanningAlert' patch: operationId: updateCodeScanningAlert summary: Update code scanning alert state parameters: - $ref: '#/components/parameters/owner' - $ref: '#/components/parameters/repo' - $ref: '#/components/parameters/alert_number' requestBody: required: true content: application/json: schema: type: object properties: state: type: string enum: [open, dismissed] dismissed_reason: type: string enum: [false positive, won't fix, used in tests] dismissed_comment: type: string required: [state] responses: '200': description: Updated alert content: application/json: schema: $ref: '#/components/schemas/CodeScanningAlert' /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances: get: operationId: listCodeScanningAlertInstances summary: List alert instances parameters: - $ref: '#/components/parameters/owner' - $ref: '#/components/parameters/repo' - $ref: '#/components/parameters/alert_number' - name: page in: query schema: type: integer minimum: 1 default: 1 - name: per_page in: query schema: type: integer minimum: 1 maximum: 100 default: 30 responses: '200': description: Alert instances content: application/json: schema: type: array items: $ref: '#/components/schemas/CodeScanningAlertInstance' components: parameters: owner: name: owner in: path required: true schema: type: string repo: name: repo in: path required: true schema: type: string alert_number: name: alert_number in: path required: true schema: type: integer schemas: CodeScanningAlert: type: object properties: number: type: integer state: type: string rule: type: object properties: id: type: string name: type: string severity: type: string tool: type: object properties: name: type: string version: type: string html_url: type: string created_at: type: string format: date-time updated_at: type: string format: date-time dismissed_reason: type: string dismissed_comment: type: string most_recent_instance: $ref: '#/components/schemas/CodeScanningAlertInstance' CodeScanningAlertInstance: type: object properties: ref: type: string analysis_key: type: string environment: type: string category: type: string state: type: string commit_sha: type: string message: type: object properties: text: type: string location: type: object properties: path: type: string start_line: type: integer end_line: type: integer