Security scanning alerts and configuration.
| Method | Endpoint | Description |
|---|---|---|
| GET | /{owner}/{repo}/security |
View security alerts (web) |
| POST | /{owner}/{repo}/security/scan |
Trigger scan (admin) |
| POST | /{owner}/{repo}/security/alert/{id} |
Update alert status |
| GET | /api/v1/repos/{owner}/{repo}/security/config |
Get scanner config |
| PATCH | /api/v1/repos/{owner}/{repo}/security/config |
Update scanner config |
Configure via Repository Settings > Security or API.
| Scanner | Config Field | Status | Description |
|---|---|---|---|
| Secret Scanner | secret_scanner |
Active | 15 built-in patterns |
| Dependency Scanner | depend_scanner |
Active | Vulnerability scanning via OSV.dev |
| Code Scanner | code_scanner |
Active | 22 OWASP pattern rules across 7 CWE categories |
| Config Scanner | -- | Planned | Misconfiguration detection |
| License Scanner | -- | Planned | License compliance checking |
curl -X PATCH \
-H "Authorization: token YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"code_scanner": true}' \
https://git.mokoconsulting.tech/api/v1/repos/OWNER/REPO/security/config
| Revision | Date | Author | Description |
|---|---|---|---|
| 2.0 | 2026-06-28 | Jonathan Miller (@jmiller) | Add code_scanner config field, API example |
| 1.0 | 2026-06-27 | Jonathan Miller (@jmiller) | Initial version |
Printed from wiki · Security-API