告诉HN:GitHub的Dependabot REST API静默返回不完整的结果
截至今天早晨(2026年3月27日),GitHub Dependabot Alerts REST API 端点(GET /repos/{owner}/{repo}/dependabot/alerts)静默地返回了空结果或部分结果。
我们的应用程序在数百个 GitHub 组织中调用此端点。从今天 UTC 时间 07:00 开始,我们注意到警报数量大幅下降。经过深入调查,我们确认该 API 并未返回在 GitHub 用户界面中明显可见的警报。
我们自己组织中的可重现示例:
```
$ gh api repos/{org}/{repo}/dependabot/alerts
[]
```
与此同时,[https://github.com/{org}/{repo}/security/dependabot](https://github.com/{org}/{repo}/security/dependabot) 显示有 9 个未解决的警报。
关键细节:
- REST API 返回 [] 或实际数量的一部分
- GraphQL API 仍然返回正确结果
- GitHub 用户界面显示正确的数量
- 没有错误,没有速率限制,没有 4xx 错误,仅仅是静默的不完整数据
- 我们在许多组织中都观察到了这一现象,而不仅仅是一个
这尤其棘手,因为没有任何信号表明出现了问题。如果您依赖此端点进行合规性检查或任何自动化操作,您现在获取的是过时的数据,而您不会知道,除非进行交叉检查。
截至撰写本文时,[https://www.githubstatus.com](https://www.githubstatus.com) 上没有任何相关信息。
还有其他人遇到这个问题吗?
查看原文
As of this morning (March 27, 2026), the GitHub Dependabot Alerts REST API endpoint (GET /repos/{owner}/{repo}/dependabot/alerts) is silently returning empty or partial results.<p>Our app hits this endpoint across hundreds of GitHub orgs. Starting around 07:00 UTC today, we noticed massive drops in alert counts. Digging in, we confirmed the API simply isn't returning alerts that are clearly visible in the GitHub UI.<p>Reproducible example on our own org:<p><pre><code> $ gh api repos/{org}/{repo}/dependabot/alerts
[]
</code></pre>
Meanwhile <a href="https://github.com/{org}/{repo}/security/dependabot" rel="nofollow">https://github.com/{org}/{repo}/security/dependabot</a> shows 9 open alerts.<p>Key details:
- The REST API returns [] or a fraction of the real count
- The GraphQL API still returns correct results
- The GitHub UI shows the right number
- No error, no rate limit, no 4xx, just silently incomplete data
- We're seeing this across many orgs, not just one<p>This is particularly nasty because there's no signal that anything is wrong. If you're relying on this endpoint for compliance or any automation, you're getting stale data right now and you won't know unless you cross-check.<p>Nothing on <a href="https://www.githubstatus.com" rel="nofollow">https://www.githubstatus.com</a> as of writing.<p>Anyone else seeing this?