Skip to main content
GET
/
api
/
v1
/
deployments
/
{deploymentId}
/
policies
/
{policyId}
List policy rules
curl --request GET \
  --url https://semgrep.dev/api/v1/deployments/{deploymentId}/policies/{policyId} \
  --header 'Authorization: Bearer <token>'
{
  "cursor": "Pm0ROjIwMjQtMDItMDYgMjA6MDQ6NDguMEDzNzk2fmk6NYTM2zUxOTI",
  "policy": {
    "id": "1",
    "isDefault": true,
    "name": "Global Policy",
    "productType": "PRODUCT_TYPE_SAST",
    "slug": "global_policy"
  },
  "rules": [
    {
      "category": "security",
      "confidence": "CONFIDENCE_HIGH",
      "cweCategories": [
        "CWE-918: Server-Side Request Forgery (SSRF)"
      ],
      "id": "1",
      "languages": [
        "python"
      ],
      "lastChangeAt": "2024-07-29T22:33:37.380293Z",
      "owaspCategories": [
        "A07: Cross-Site Scripting (XSS)"
      ],
      "path": "python.rule.1",
      "policyMode": "MODE_MONITOR",
      "registryMaintainer": "semgrep",
      "rulesets": [],
      "severity": "SEVERITY_HIGH",
      "source": "SOURCE_COMMUNITY",
      "technologies": [
        "django",
        "flask"
      ],
      "url": "https://semgrep.com/r/123/python.rule.1",
      "vulnerabilityClass": [
        "Improper Authentication"
      ]
    },
    {
      "category": "security",
      "confidence": "CONFIDENCE_HIGH",
      "cweCategories": [
        "CWE-918: Server-Side Request Forgery (SSRF)"
      ],
      "id": "2",
      "languages": [
        "python"
      ],
      "lastChangeAt": "2024-07-29T22:33:37.380293Z",
      "owaspCategories": [
        "A01:2021 - Broken Access Control",
        "A07: Cross-Site Scripting (XSS)"
      ],
      "path": "python.rule.shared",
      "policyMode": "MODE_COMMENT",
      "registryMaintainer": "semgrep",
      "rulesets": [
        "comment",
        "default"
      ],
      "severity": "SEVERITY_MEDIUM",
      "source": "SOURCE_PRO",
      "technologies": [
        "django",
        "flask"
      ],
      "url": "https://semgrep.com/r/123/python.rule.shared",
      "vulnerabilityClass": [
        "Improper Authentication"
      ]
    },
    {
      "category": "best-practice",
      "confidence": "CONFIDENCE_HIGH",
      "cweCategories": [],
      "id": "3",
      "languages": [
        "python"
      ],
      "lastChangeAt": "2024-07-29T22:33:37.380293Z",
      "lastChangeBy": "example-user",
      "owaspCategories": [],
      "path": "python.rule.custom_rule",
      "policyMode": "MODE_BLOCK",
      "registryMaintainer": "semgrep",
      "rulesets": [],
      "severity": "SEVERITY_MEDIUM",
      "source": "SOURCE_CUSTOM",
      "technologies": [
        "django",
        "flask"
      ],
      "url": "https://semgrep.com/r/123/python.rule.custom_rule",
      "vulnerabilityClass": [
        "Improper Authentication"
      ]
    }
  ]
}

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Get access to data with your API token. Example header:

Authorization: Bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628

The token can be provisioned from the Tokens section in your Settings, and requires explicitly enabling Web API access.

Path Parameters

deploymentId
string<uint64>
required

Deployment ID (numeric). Example: 123. Can be found at /deployments, or in your Settings in the web UI.

Example:

123

policyId
string<uint64>
required

Policy ID (numeric). Example: 456. Can be found at /deployments/{deploymentId}/policies.

Example:

456

Query Parameters

cursor
string

Cursor to paginate through the rules. Provide a cursor value from the response to retrieve the next page.

limit
integer<uint32>

Page size to paginate through the rules. The default page size is 500 and the maximum allowed page size is 2000.

Response

200 - application/json

OK

cursor
string

Cursor to paginate through the rules.

Example:

"Pm0ROjIwMjQtMDItMDYgMjA6MDQ6NDguMEDzNzk2fmk6NYTM2zUxOTI"

policy
Policy · object
rules
Rule · object[]

List of Rules for the given Policy.

Example:
[
  {
    "category": "security",
    "confidence": "CONFIDENCE_HIGH",
    "cweCategories": [
      "CWE-918: Server-Side Request Forgery (SSRF)"
    ],
    "id": "1",
    "languages": ["python"],
    "lastChangeAt": "2024-07-29T22:33:37.380293Z",
    "owaspCategories": ["A07: Cross-Site Scripting (XSS)"],
    "path": "python.rule.1",
    "policyMode": "MODE_MONITOR",
    "registryMaintainer": "semgrep",
    "rulesets": [],
    "severity": "SEVERITY_HIGH",
    "source": "SOURCE_COMMUNITY",
    "technologies": ["django", "flask"],
    "url": "https://semgrep.com/r/123/python.rule.1",
    "vulnerabilityClass": ["Improper Authentication"]
  },
  {
    "category": "security",
    "confidence": "CONFIDENCE_HIGH",
    "cweCategories": [
      "CWE-918: Server-Side Request Forgery (SSRF)"
    ],
    "id": "2",
    "languages": ["python"],
    "lastChangeAt": "2024-07-29T22:33:37.380293Z",
    "owaspCategories": [
      "A01:2021 - Broken Access Control",
      "A07: Cross-Site Scripting (XSS)"
    ],
    "path": "python.rule.shared",
    "policyMode": "MODE_COMMENT",
    "registryMaintainer": "semgrep",
    "rulesets": ["comment", "default"],
    "severity": "SEVERITY_MEDIUM",
    "source": "SOURCE_PRO",
    "technologies": ["django", "flask"],
    "url": "https://semgrep.com/r/123/python.rule.shared",
    "vulnerabilityClass": ["Improper Authentication"]
  },
  {
    "category": "best-practice",
    "confidence": "CONFIDENCE_HIGH",
    "cweCategories": [],
    "id": "3",
    "languages": ["python"],
    "lastChangeAt": "2024-07-29T22:33:37.380293Z",
    "lastChangeBy": "example-user",
    "owaspCategories": [],
    "path": "python.rule.custom_rule",
    "policyMode": "MODE_BLOCK",
    "registryMaintainer": "semgrep",
    "rulesets": [],
    "severity": "SEVERITY_MEDIUM",
    "source": "SOURCE_CUSTOM",
    "technologies": ["django", "flask"],
    "url": "https://semgrep.com/r/123/python.rule.custom_rule",
    "vulnerabilityClass": ["Improper Authentication"]
  }
]