Create Jira tickets

curl --request POST \
  --url https://semgrep.dev/api/v1/deployments/{deploymentSlug}/tickets \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "issue_type": "sca",
  "autotriage_verdict": "true_positive",
  "categories": [
    "security",
    "performance"
  ],
  "component_tags": [
    "user authentication",
    "user data"
  ],
  "confidence": "high",
  "dependencies": [
    "lodash",
    "express"
  ],
  "deploymentSlug": "<string>",
  "epss_probability": [
    "high",
    "medium"
  ],
  "exposures": [
    "reachable",
    "always_reachable"
  ],
  "group_issues": true,
  "include_historical": true,
  "issue_ids": [
    123,
    456
  ],
  "jira_project_id": 12345,
  "limit": 20,
  "policies": [
    "rule-board-block",
    "rule-board-pr-comments",
    "rule-board-audit"
  ],
  "policy_mode": [
    "monitor",
    "block"
  ],
  "pro_only": true,
  "project_tags": [
    "my_project_tag_1",
    "my_project_tag_2"
  ],
  "ref": "refs/pull/1234/merge",
  "repos": [
    "myorg/repo1",
    "myorg/repo2"
  ],
  "repository_visibility": [
    "public",
    "private"
  ],
  "rules": [
    "typescript.react.security.audit.react-no-refs.react-no-refs",
    "ajinabraham.njsscan.hardcoded_secrets.node_username"
  ],
  "ruleset": [
    "owasp-top-ten",
    "default"
  ],
  "secret_types": [
    "Github",
    "Heroku",
    "AWS"
  ],
  "severities": [
    "low",
    "high"
  ],
  "since": 1717334400,
  "status": "open",
  "transitivities": [
    "transitive",
    "direct"
  ],
  "triage_reasons": [
    "acceptable_risk",
    "false_positive"
  ],
  "validation_state": [
    "valid",
    "invalid"
  ]
}
'

{
  "failed": [
    {
      "error": "<string>",
      "issue_ids": [
        123
      ]
    }
  ],
  "skipped": [
    {
      "issue_ids": [
        123
      ],
      "reason": "<string>"
    }
  ],
  "succeeded": [
    {
      "external_slug": "<string>",
      "issue_ids": [
        123
      ],
      "ticket_id": 123,
      "ticket_url": "<string>"
    }
  ]
}

Ticketing

Create Jira tickets

Create Jira tickets for your findings. You can create tickets by passing in a list of issue_ids or by passing in filter query parameters to dynamically select findings. If passing in filters, Semgrep will skip already ticketed findings. This endpoint is synchronous, so it may take some time for your request to resolve. Unlike creating tickets in-app, if ticket creation fails we won’t automatically retry. This endpoint accepts a limit parameter (defaulting to 20) to limit the number of tickets created per request. If you specify a list of issue_ids greater than this limit, or your selected filters match on a number of issues greater than this limit, issues that were not ticketed are included in the Failed part of the response object. You can send another request to create tickets for these skipped issues. By default, findings belonging to the same repository and the same rule will be grouped together into a single Jira ticket. You can override this using the group_issues query parameter. Up to 50 issues can be grouped into a single ticket. You can optionally override the Jira project you create tickets in by passing in a Jira project ID as jira_project_id (the numeric ID rather than the project key). You can fetch this ID using the Jira API.

POST

api

deployments

{deploymentSlug}

tickets

Create Jira tickets

curl --request POST \
  --url https://semgrep.dev/api/v1/deployments/{deploymentSlug}/tickets \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "issue_type": "sca",
  "autotriage_verdict": "true_positive",
  "categories": [
    "security",
    "performance"
  ],
  "component_tags": [
    "user authentication",
    "user data"
  ],
  "confidence": "high",
  "dependencies": [
    "lodash",
    "express"
  ],
  "deploymentSlug": "<string>",
  "epss_probability": [
    "high",
    "medium"
  ],
  "exposures": [
    "reachable",
    "always_reachable"
  ],
  "group_issues": true,
  "include_historical": true,
  "issue_ids": [
    123,
    456
  ],
  "jira_project_id": 12345,
  "limit": 20,
  "policies": [
    "rule-board-block",
    "rule-board-pr-comments",
    "rule-board-audit"
  ],
  "policy_mode": [
    "monitor",
    "block"
  ],
  "pro_only": true,
  "project_tags": [
    "my_project_tag_1",
    "my_project_tag_2"
  ],
  "ref": "refs/pull/1234/merge",
  "repos": [
    "myorg/repo1",
    "myorg/repo2"
  ],
  "repository_visibility": [
    "public",
    "private"
  ],
  "rules": [
    "typescript.react.security.audit.react-no-refs.react-no-refs",
    "ajinabraham.njsscan.hardcoded_secrets.node_username"
  ],
  "ruleset": [
    "owasp-top-ten",
    "default"
  ],
  "secret_types": [
    "Github",
    "Heroku",
    "AWS"
  ],
  "severities": [
    "low",
    "high"
  ],
  "since": 1717334400,
  "status": "open",
  "transitivities": [
    "transitive",
    "direct"
  ],
  "triage_reasons": [
    "acceptable_risk",
    "false_positive"
  ],
  "validation_state": [
    "valid",
    "invalid"
  ]
}
'

{
  "failed": [
    {
      "error": "<string>",
      "issue_ids": [
        123
      ]
    }
  ],
  "skipped": [
    {
      "issue_ids": [
        123
      ],
      "reason": "<string>"
    }
  ],
  "succeeded": [
    {
      "external_slug": "<string>",
      "issue_ids": [
        123
      ],
      "ticket_id": 123,
      "ticket_url": "<string>"
    }
  ]
}

Authorizations

Authorization

string

header

required

Get access to data with your API token. Example header:

Authorization: Bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628

The token can be provisioned from the Tokens section in your Settings, and requires explicitly enabling Web API access.

Path Parameters

deploymentSlug

string

required

Deployment slug. Can be found at /deployments, or in your Settings in the web UI.

Body

application/json

Create ticket request

issue_type

enum<string>

required

Type of findings to create tickets for.

Available options:

sast,

sca,

secrets

Example:

"sca"

autotriage_verdict

enum<string>

The autotriage verdict to filter by

Available options:

true_positive,

false_positive

Example:

"true_positive"

categories

string[]

List of categories to filter by

Example:

["security", "performance"]

component_tags

string[]

List of component tags to filter by

Example:

["user authentication", "user data"]

confidence

enum<string>

List of confidence levels to filter by

Available options:

low,

medium,

high

Example:

"high"

dependencies

string[]

Filter by dependency name. Only applies for sca findings.

Example:

["lodash", "express"]

deploymentSlug

string

Deployment slug. Can be found at /deployments, or in your Settings in the web UI.

epss_probability

string[]

Filter by EPSS probability (likelihood of exploit). Only applies for sca findings.

Example:

["high", "medium"]

exposures

string[]

Filter by exposure (reachability type). Only applies for sca findings. Reachability is the ability of an attacker to access a vulnerability in a system.

Example:

["reachable", "always_reachable"]

group_issues

boolean

default:true

Whether or not to group findings from the same rule and repository into a single ticket. Defaults to true.

Example:

true

include_historical

boolean

Whether to include historical findings. Only applies for secrets findings. Defaults to true.

Example:

true

issue_ids

string[]

An array of issue IDs to act on. If this is not provided, an issue filter should be provided.

Example:

[123, 456]

jira_project_id

string

Optional numeric Jira project ID to associate with the created tickets. If not specified, defaults to the project configured in your integration settings. You can fetch this ID using the Jira API.

Example:

12345

limit

integer<uint32>

default:20

Max number of tickets to create. Must be an integer between 1 and 20. Defaults to 20

Example:

20

policies

string[]

List of policy modes to filter by

Example:

[
  "rule-board-block",
  "rule-board-pr-comments",
  "rule-board-audit"
]

policy_mode

string[]

List of policy modes to filter by

Example:

["monitor", "block"]

pro_only

boolean

Filter by whether a finding is only available with Semgrep Pro features. Only applies for sast findings.

Example:

true

project_tags

string[]

List of project tags to filter by

Example:

["my_project_tag_1", "my_project_tag_2"]

ref

string

Branch reference to filter by

Example:

"refs/pull/1234/merge"

repos

string[]

List of repository names to filter by

Example:

["myorg/repo1", "myorg/repo2"]

repository_visibility

string[]

Filter by repository visibility. Only applies for secrets findings.

Example:

["public", "private"]

rules

string[]

List of rule names to filter by

Example:

[
  "typescript.react.security.audit.react-no-refs.react-no-refs",
  "ajinabraham.njsscan.hardcoded_secrets.node_username"
]

ruleset

string[]

List of Semgrep Registry rulesets to filter by

Example:

["owasp-top-ten", "default"]

secret_types

string[]

Filter by type of secret (typically provider-related). Only applies for secrets findings.

Example:

["Github", "Heroku", "AWS"]

severities

string[]

List of severities to filter by

Example:

["low", "high"]

since

string

Epoch timestamp in seconds. Filters using the relevant_since field: the timestamp when this finding was detected by Semgrep (the first time, or when reintroduced).

Example:

1717334400

status

enum<string>

The status to filter by

Available options:

open,

fixed,

ignored,

reviewing,

fixing

Example:

"open"

transitivities

string[]

Filter by transitivity of a dependency. Only applies for sca findings.

Example:

["transitive", "direct"]

triage_reasons

string[]

List of triage reasons to filter by

Example:

["acceptable_risk", "false_positive"]

validation_state

string[]

Filter by whether a secret could be validated. Only applies for secrets findings.

Example:

["valid", "invalid"]

Response

200 - application/json

failed

object[]

List of issues where ticket creation failed. This list may include issues that were skipped because they exceed the specified limit.

Show child attributes

skipped

object[]

List of issues that were skipped

Show child attributes

succeeded

object[]

List of successfully created tickets

Show child attributes

Unlink a Jira ticket Triage

⌘I

Documentation Index

Authorizations

Path Parameters

Body

Response