/repos/{owner}/{repo}/code-scanning/alerts returns empty list

Hi ,

I seem to be hitting a strange bug in the API.

This API works for me on one organization’s account but does not work on another organization’s account.

I am getting the token through the GITHUB APPs Integration

token is : ghs_ <>

Python Code:

import requests
import json
headers = {"Authorization": "token {}".format(token), "Accept": "application/vnd.github.v3+json"}
query_url = f"https://api.github.com/repos/{owner}/{repo}/code-scanning/alerts?per_page=100"
resp = requests.get(query_url, headers=headers)
print('Code: ', resp.status_code)
print('code-scanning', json.dumps(resp.json(), indent=4))


Code: 200

I have validated that this code works for another organization and also there are alerts present in the repos which are part of this particular organization.

Can someone tell me why this would be happening? Any pointers would be appreciated.


Can you open the Repo url. Click Security link and check how many Code scanning alerts are there.

Also check is Code scanning setup for the repo.

There are 16 alerts in the repo.


  1. Are you getting any sort of error message? Or does it just return nothing?
  2. Does the second organization you are trying to access have different security enabled, such as a different SAML authentication?

I’m just wondering if something might be wrong with your token, and it doesn’t have access to the second org.