API for Code scanning Check Failure?

[ThibaudLopez]

(coming from https://support.github.com/ticket/1587840)

Is there an API to get/set this value for a repo's Code scanning Check Failure? I couldn't find an API.
https://github.com/{owner}/{repo}/settings/security_analysis

Thanks

[ThibaudLopez]

Nevermind, I found the answer in the HTML source itself:

<form action="/{owner}/{repo}/settings/code_scanning/set_security_severity?security_severity=all">
<form action="/{owner}/{repo}/settings/code_scanning/set_security_severity?security_severity=critical">
<form action="/{owner}/{repo}/settings/code_scanning/set_security_severity?security_severity=high">
<form action="/{owner}/{repo}/settings/code_scanning/set_security_severity?security_severity=medium">
<form action="/{owner}/{repo}/settings/code_scanning/set_severity?severity=all">
<form action="/{owner}/{repo}/settings/code_scanning/set_severity?severity=errors">
<form action="/{owner}/{repo}/settings/code_scanning/set_severity?severity=errors_and_warnings">

[gauravkhannalgmi]

@ThibaudLopez can you please let me know if there is an API that exists to set the alert severity for pull request to fail.. I am basically looking to automate it using github actions via the API call

[ThibaudLopez]

Can you please let me know if there is an API that exists to set the alert severity for pull request to fail..

See previous answer.

I am basically looking to automate it using github actions via the API call

I did not use GitHub Actions. I suppose you can do all the steps with GitHub Actions except perhaps UI automation unless you hard-code your user_session cookie which is a bad idea.

[gauravkhannalgmi]

hey can you please elaborate on the answer as i am also looking for github api to set code scanning alert severity to cause pull request to fail. I could not find any API so far.

[ThibaudLopez]

@gauravkhannalgmi ,

hey can you please elaborate on the answer as i am also looking for github api to set code scanning alert severity to cause pull request to fail. I could not find any API so far.

Yes it's possible to automate:

1. Setup branch protection on your repo
2. Set checkbox Require status checks to pass before merging
3. In Status checks that are required, add CodeQL (see API). Be careful when you PUT as it will override existing values. So do a GET first, then concatenate CodeQL to the array, then PUT.
4. Set the Check Failure severity (I listed the API in my Accepted answer above)

I think for all those steps I used the GitHub REST API. And if there was a lack of REST API, I used UI automation (e.g. loop of fetch in Chrome JavaScript console). So far I have managed ~4,000 repos like that.