github
GitHub API
Add license_compliance_scanning repository rule type
The API now supports a new license_compliance_scanning repository rule type that enforces added or changed dependencies to comply with the organization's license policy. This is a purely additive change that does not affect existing integrations. Additionally, several example URLs were updated from internal examples (mycompany.com, my-github-app.com) to standard examples (example.com), which are documentation-only changes.
Alert history
- Additive
Add license_compliance_scanning repository rule type
The API now supports a new
license_compliance_scanningrepository rule type that enforces added or changed dependencies to comply with the organization's license policy. This is a purely additive change that does not affect existing integrations. Additionally, several example URLs were updated from internal examples (mycompany.com,my-github-app.com) to standard examples (example.com), which are documentation-only changes. - Additive
Team member endpoints now include role and inheritance info
The
GET /orgs/{org}/teams/{team_slug}/membersand legacyGET /teams/{team_id}/membersendpoints now return a newteam-memberschema instead ofsimple-user, including two new response fields:role(member/maintainer) andinherited(boolean indicating child team membership). These are purely additive fields on the response; existing code continues to work since all previous fields are still present. - Additive
Add duplicate_issue_id parameter to issue update
A new optional
duplicate_issue_idparameter has been added to issue update requests, allowing users to specify the canonical duplicate issue when marking an issue as a duplicate. This is purely additive and cannot break existing code. - Additive
Add agent_assignment param and multi_user_cost_center budget scope
The diff adds an optional
agent_assignmentobject to Dependabot Alert assignment requests, enabling custom instructions, agents, and models when assigning AI agents. It also addsmulti_user_cost_centeras a new budget scope option across multiple endpoints. Both changes are backwards-compatible additions that don't affect existing integrations. - Additive
Add issue blocking/blocked-by events and update org invitation response
The API now supports webhook events for issue blocking relationships: new event types
blocked-by-added-issue-event,blocked-by-removed-issue-event,blocking-added-issue-event, andblocking-removed-issue-eventhave been added to theissue-event-for-issueschema. Additionally, the Accept Organization Invitation endpoint now returns202 Acceptedresponses alongside200 OK, and the interaction limits bypass-list endpoint's permission requirement documentation was updated from "repository admins" to "users with maintainer permissions". These are backward-compatible enhancements to the API. - Additive
Add support for issue hierarchies and expanded budget scopes
GitHub REST API adds support for issue hierarchies (parent/sub-issue relationships) via new schema types
issue-reference,sub-issue-added-issue-event,sub-issue-removed-issue-event,parent-issue-added-issue-event, andparent-issue-removed-issue-event. The issue event timeline now includes these new event types. Additionally, budget APIs now supportuserandmulti_user_customerscopes with new optional fieldsuserandconsumed_amount. The assignees field in issue creation is expanded to accept both strings and objects. Finally, permission requirements for pull request bypass list management are clarified from "repository admins" to "maintainer permissions." All changes are backward-compatible additions. - Additive
Add code quality findings API endpoints
GitHub added two new code quality findings endpoints:
GET /repos/{owner}/{repo}/code-quality/findingsto list findings andGET /repos/{owner}/{repo}/code-quality/findings/{finding_number}to retrieve a single finding. These are entirely new API routes with no breaking changes to existing functionality. The diff also includes minor documentation updates to existing code scanning endpoints and adds new schema fields likeminimizedto issue comments and new issue type event types to support the timeline API. - Breaking
Remove GET /orgs/{org}/copilot/metrics and GET /orgs/{org}/team/{team_slug}/copilot/metrics endpoints
Two Copilot metrics endpoints have been removed from the spec:
GET /orgs/{org}/copilot/metrics(operationIdcopilot/copilot-metrics-for-organization)GET /orgs/{org}/team/{team_slug}/copilot/metrics(operationIdcopilot/copilot-metrics-for-team)
Any clients or SDK calls targeting these endpoints will receive 404s. Additionally, the
usage_metrics_api_disabledresponse component and thecode_scanning_uploadrate-limit field were removed. The description forGET /orgs/{org}/artifacts/{subject_digest}/metadata/storage-recordsalso notes a changed required permission: fine-grained tokens now needartifact-metadata:readinstead ofcontent:read. - Additive
Add GET /repos/{owner}/{repo}/issue-types endpoint
A new endpoint
GET /repos/{owner}/{repo}/issue-typeshas been added to list issue types available for a repository. This is a purely additive change that does not affect any existing functionality, and requires only the "Metadata" repository permission (read) for fine-grained access tokens. - Additive
Add BundlePricing budget type, user field, runtime_risks, and drives scope
The GitHub API adds support for
BundlePricingas a new budget type option (alongside existingProductPricingandSkuPricing), introduces a new optionaluserfield for user-scoped budgets, adds aruntime_risksarray field to deployment examples, and introduces a newdrivesOAuth scope for read/write access. All changes are additive with improved documentation of budget type behavior and no removals of existing functionality. - Informational
Update budget API pagination documentation
The GitHub API documentation for
GET /organizations/{org}/settings/billing/budgetswas updated to clarify that the endpoint can return up to 100 budgets per page (changed from "up to 10"). This is a documentation-only change to thedescriptionfield that reflects actual API capability and does not alter behavior or breaking compatibility. - Breaking
description no longer required in code security config requests
Two changes affect code security configuration endpoints:
descriptionis removed from therequiredarray in request bodies (in two places), making it optional — this is additive/relaxing for clients. Additionally, thedescriptionresponse field now has"nullable": true, meaning clients must handlenullvalues where they previously could assume a string. The nullable change could break clients that don't guard againstnullfordescription. - Additive
Add multi-select field support to GitHub Projects API
The GitHub API now supports
multi_selectfield types and associated properties across Projects endpoints. New optional fields includehas_pull_requestsandpull_request_creation_policyfor repository settings, and responses now includemulti_select_options,value_ids, andoptionsfor multi-select field data. All changes are purely additive with no breaking modifications to existing fields or endpoints. - Additive
Add budget management schemas and examples to API
The GitHub API OpenAPI specification has been refactored to extract and consolidate budget response schemas into reusable components. Inline schema definitions for budget creation and update endpoints have been replaced with
$refpointers to newly createdcreate-budgetandupdate-budgetschema components. A newrepository-rule-params-dismissal-restrictionschema component has been added. A concrete example for budget creation has been added to the examples section. These changes maintain backward compatibility while improving API specification organization and maintainability. - Informational
Remove public preview notice from budgets API descriptions
Removed the "> [!NOTE]\n> This endpoint is in public preview and is subject to change." notice from the descriptions of five budget-related endpoints. This indicates the budgets API endpoints have exited public preview and are now stable, which is a positive development for clients but does not change the functional API contract or require code changes.
- Additive
Add budget scopes and user filtering for GitHub billing APIs
The GitHub billing budgets API gains two new budget scopes (
multi_user_customeranduser), a new optionaluserquery parameter for filtering budget details, and a new POST endpoint to create budgets for organizations. Response schemas also adduserandeffective_budgetfields when using theuserfilter. All changes are backward-compatible additions. - Additive
Add AI credit usage billing report endpoints
Two new GET endpoints for AI credit usage reports:
/organizations/{org}/settings/billing/ai_credit/usagefor organizations and/users/{username}/settings/billing/ai_credit/usagefor users. Both support optional query parameters for filtering by year, month, day, and AI model/product. These are purely additive endpoints with no impact on existing functionality. - Additive
New hash algorithm endpoint and runner version field
GitHub API adds a new
GET /repos/{owner}/{repo}/hash-algorithmendpoint to retrieve the hash algorithm used by a repository, a new optionalversionfield to runner objects, a newrepository-rule-params-actorschema for repository rules, and a newevaluate_statusquery parameter for rule suite filtering. These are all backward-compatible additions that do not affect existing integrations. - Additive
GitHub API: new optional parameters and response fields
GitHub API adds several new optional features:
creator_idquery parameter now accepts multiple user IDs (type changed to array), new optionalhead_reffield in commit request body,custom_propertiesobject in repository responses,readpermission level option fororganization_copilot_seat_management, and relaxed commit SHA validation pattern. All changes are backward-compatible and purely additive. - Additive
Add code quality setup configuration endpoints
Two new endpoints added to manage code quality setup configuration: GET
/repos/{owner}/{repo}/code-quality/setupto retrieve configuration and PATCH/repos/{owner}/{repo}/code-quality/setupto update configuration. These additions enable programmatic management of code quality setup and do not affect existing API contracts. - Additive
New Copilot and repository rule endpoints and fields
Added new endpoint
GET /enterprises/{enterprise}/copilot/metrics/reports/user-teams-1-dayfor Copilot enterprise user-teams reporting, three new repository rule schemas (max_file_path_length,file_extension_restriction,max_file_size), and a newtypefield in issue responses. All changes are purely additive and backward compatible. - Additive
Add code_quality permission scope and new actor types
The GitHub REST API now includes a new
code_qualitypermission scope for access tokens to view and manage code quality data. Additionally, the ruleset bypass actor types now supportUsertype, and code scanning alert status descriptions expanded to include "failed" and "unknown" states. String field length constraints (maxLength) were added to artifact-related properties, and descriptions clarified that autofix endpoints operate on the default branch.