REST API endpoints for code quality - GitHub Docs
The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for code quality

Use the REST API to manage a code quality configuration.

List code quality findings for a repository

Lists code quality findings for a repository.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with private or public repositories, or the public_repo scope to use this endpoint with only public repositories.

Fine-grained access tokens for "List code quality findings for a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Code quality" repository permissions (read)

Parameters for "List code quality findings for a repository"

Path parameters
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

Query parameters
per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

direction string

The direction to sort the results by.

Default: desc

Can be one of: asc, desc

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

state string

If specified, only code quality findings with this state will be returned.

Can be one of: open, dismissed

HTTP response status codes for "List code quality findings for a repository"

Status codeDescription
200

OK

403

Response if the user is not authorized to access Code quality for this repository.

404

Resource not found

503

Service unavailable

Code samples for "List code quality findings for a repository"

Request example

get/repos/{owner}/{repo}/code-quality/findings
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/code-quality/findings

Response

Status: 200
[ { "number": 42, "state": "open", "url": "https://api.github.com/repos/octocat/hello-world/code-quality/findings/42", "rule": { "id": "java/useless-null-check", "title": "Useless null check", "description": "Checking whether an expression is null when that expression cannot possibly be null is useless.", "severity": "warning", "category": "maintainability" }, "location": { "path": "java/UselessNullCheck.java", "start_line": 9, "start_column": 4, "end_line": 9, "end_column": 18 }, "message": { "text": "This check is useless. o cannot be null at this check, since it is guarded by instanceof.", "markdown": "This check is useless. [o](java/UselessNullCheck.java#L9C4-L9C18) cannot be null at this check, since it is guarded by [...instanceof...](java/UselessNullCheck.java#L7C13-L7C25)." }, "created_at": "2026-01-23T12:34:56Z" } ]

Get a code quality finding

Gets a single code quality finding.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with private or public repositories, or the public_repo scope to use this endpoint with only public repositories.

Fine-grained access tokens for "Get a code quality finding"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Code quality" repository permissions (read)

Parameters for "Get a code quality finding"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

finding_number integer Required

The number that identifies a finding.

HTTP response status codes for "Get a code quality finding"

Status codeDescription
200

OK

403

Response if the user is not authorized to access Code quality for this repository.

404

Resource not found

503

Service unavailable

Code samples for "Get a code quality finding"

Request example

get/repos/{owner}/{repo}/code-quality/findings/{finding_number}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/code-quality/findings/FINDING_NUMBER

Response

Status: 200
{ "number": 42, "state": "open", "url": "https://api.github.com/repos/octocat/hello-world/code-quality/findings/42", "rule": { "id": "java/useless-null-check", "title": "Useless null check", "description": "Checking whether an expression is null when that expression cannot possibly be null is useless.", "help": "# Useless null check\nSometimes you can guarantee that a particular variable will never be null. For example when that variable has just been assigned a newly created object or is the exception caught by a `catch` clause. A null check on such a variable is ...", "severity": "warning", "category": "maintainability" }, "location": { "path": "java/UselessNullCheck.java", "start_line": 9, "start_column": 4, "end_line": 9, "end_column": 18 }, "message": { "text": "This check is useless. o cannot be null at this check, since it is guarded by instanceof.", "markdown": "This check is useless. [o](java/UselessNullCheck.java#L9C4-L9C18) cannot be null at this check, since it is guarded by [...instanceof...](java/UselessNullCheck.java#L7C13-L7C25)." }, "created_at": "2026-01-23T12:34:56Z" }

Get a code quality setup configuration

Gets a code quality setup configuration.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with private or public repositories, or the public_repo scope to use this endpoint with only public repositories.

Fine-grained access tokens for "Get a code quality setup configuration"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" repository permissions (write)

Parameters for "Get a code quality setup configuration"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

HTTP response status codes for "Get a code quality setup configuration"

Status codeDescription
200

OK

403

Response if the user is not authorized to access Code quality for this repository.

404

Resource not found

503

Service unavailable

Code samples for "Get a code quality setup configuration"

Request example

get/repos/{owner}/{repo}/code-quality/setup
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/code-quality/setup

Response

Status: 200
{ "state": "configured", "languages": [ "javascript-typescript", "python" ], "runner_type": "standard", "runner_label": null, "updated_at": "2023-01-01T00:00:00Z", "schedule": "weekly" }

Update a code quality setup configuration

Updates a code quality setup configuration.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with private or public repositories, or the public_repo scope to use this endpoint with only public repositories.

Fine-grained access tokens for "Update a code quality setup configuration"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" repository permissions (write)

Parameters for "Update a code quality setup configuration"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
owner string Required

The account owner of the repository. The name is not case sensitive.

repo string Required

The name of the repository without the .git extension. The name is not case sensitive.

Body parameters
state string

The desired state of code quality setup.

Can be one of: configured, not-configured

runner_type string

Runner type to be used.

Can be one of: standard, labeled

runner_label string or null

Runner label to be used if the runner type is labeled.

languages array of strings

Languages to be analyzed. Supported values are: csharp, go, java-kotlin, javascript-typescript, python, ruby

HTTP response status codes for "Update a code quality setup configuration"

Status codeDescription
200

OK

202

Accepted

403

Response if the repository is archived or if Code quality is not enabled for this repository

404

Resource not found

409

Response if there is already a code quality setup configuration update in progress

422

Response if the configuration change cannot be made

503

Service unavailable

Code samples for "Update a code quality setup configuration"

Request example

patch/repos/{owner}/{repo}/code-quality/setup
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/code-quality/setup \ -d '{"state":"configured","languages":["javascript-typescript","python","ruby"]}'

Response

Status: 202
{ "run_id": 42, "run_url": "https://api.github.com/repos/octocat/hello-world/actions/runs/42" }