Bulk triage
Bulk triage your findings. You can select the findings to triage by passing in a list of finding IDs as issue_ids, or by passing in filter query parameters. You must specify the issue_type of the findings you want to bulk triage. One of new_triage_state or new_note is required. If specifying a new_triage_reason, you must also use new_triage_state=ignored. Some filters only apply for findings associated with a given product.
Documentation Index
Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Get access to data with your API token. Example header:
Authorization: Bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628
The token can be provisioned from the Tokens section in your Settings, and requires explicitly enabling Web API access.
Path Parameters
Deployment slug. Can be found at /deployments, or in your Settings in the web UI.
Body
Type of findings to bulk triage.
sast, sca, secrets "sca"
The autotriage verdict to filter by
true_positive, false_positive "true_positive"
List of categories to filter by
["security", "performance"]
List of component tags to filter by
["user authentication", "user data"]
List of confidence levels to filter by
low, medium, high "high"
Filter by dependency name. Only applies for sca findings.
["lodash", "express"]
Deployment slug. Can be found at /deployments, or in your Settings in the web UI.
Filter by EPSS probability (likelihood of exploit). Only applies for sca findings.
["high", "medium"]
Filter by exposure (reachability type). Only applies for sca findings. Reachability is the ability of an attacker to access a vulnerability in a system.
["reachable", "always_reachable"]
Whether to include historical findings. Only applies for secrets findings. Defaults to true.
true
An array of issue IDs to act on. If this is not provided, an issue filter should be provided.
[123, 456]
Max number of issues to triage. Must be an integer between 1 and 3000. Defaults to 3000. When selecting findings to triage, Semgrep will also triage findings with the same fingerprint on other branches. As a result, the list of triaged issue_ids returned in the response may be higher than the specified limit.
100
The note to attach to the bulk triaged findings.
"some note here"
The reason for triaging to a given triage state.
acceptable_risk, false_positive, no_time, no_triage_reason "acceptable_risk"
The triage state you would like to bulk triage your findings to.
ignored, reviewing, fixing, reopened "reopened"
List of policy modes to filter by
[
"rule-board-block",
"rule-board-pr-comments",
"rule-board-audit"
]
List of policy modes to filter by
["monitor", "block"]
Filter by whether a finding is only available with Semgrep Pro features. Only applies for sast findings.
true
List of project tags to filter by
["my_project_tag_1", "my_project_tag_2"]
Branch reference to filter by
"refs/pull/1234/merge"
List of repository names to filter by
["myorg/repo1", "myorg/repo2"]
Filter by repository visibility. Only applies for secrets findings.
["public", "private"]
List of rule names to filter by
[
"typescript.react.security.audit.react-no-refs.react-no-refs",
"ajinabraham.njsscan.hardcoded_secrets.node_username"
]
List of Semgrep Registry rulesets to filter by
["owasp-top-ten", "default"]
Filter by type of secret (typically provider-related). Only applies for secrets findings.
["Github", "Heroku", "AWS"]
List of severities to filter by
["low", "high"]
Epoch timestamp in seconds. Filters using the relevant_since field: the timestamp when this finding was detected by Semgrep (the first time, or when reintroduced).
1717334400
The status to filter by
open, fixed, ignored, reviewing, fixing "open"
Filter by transitivity of a dependency. Only applies for sca findings.
["transitive", "direct"]
List of triage reasons to filter by
["acceptable_risk", "false_positive"]
Filter by whether a secret could be validated. Only applies for secrets findings.
["valid", "invalid"]