> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Create Jira tickets

> Create Jira tickets for your findings. You can create tickets by passing in a list of issue_ids or by passing in filter query parameters to dynamically select findings. If passing in filters, Semgrep will skip already ticketed findings. This endpoint is synchronous, so it may take some time for your request to resolve. Unlike creating tickets in-app, if ticket creation fails we won't automatically retry. This endpoint accepts a limit parameter (defaulting to 20) to limit the number of tickets created per request. If you specify a list of issue_ids greater than this limit, or your selected filters match on a number of issues greater than this limit, issues that were not ticketed are included in the Failed part of the response object. You can send another request to create tickets for these skipped issues. By default, findings belonging to the same repository and the same rule will be grouped together into a single Jira ticket. You can override this using the group_issues query parameter. Up to 50 issues can be grouped into a single ticket. You can optionally override the Jira project you create tickets in by passing in a Jira project ID as jira_project_id (the numeric ID rather than the project key). You can fetch this ID using the Jira API.



## OpenAPI

````yaml /public_v1.openapi.yaml post /api/v1/deployments/{deploymentSlug}/tickets
openapi: 3.0.3
info:
  description: >

    Welcome to Semgrep's portal for the Semgrep AppSec Platform web API.


    # Introduction

    Semgrep is a fast, open-source, static analysis tool for finding bugs and
    enforcing code standards at editor,

    commit, and CI time. [Get
    started.](https://semgrep.dev/docs/getting-started/)


    This API is documented in the **OpenAPI format**.


    # Authentication

    The API supports authentication with an API token with the "Web API"
    permission, without limited

    scopes of access.


    You can provision an API token [from the Settings
    page](https://semgrep.dev/orgs/-/settings/tokens).


    # Terms of Use


    Please note, the materials made available herein are subject to the

    [Semgrep Terms of Use](https://semgrep.dev/resources/website-terms/), and
    your

    access or use of any of the same is your acknowledgment and acceptance of
    the

    such terms.


    <br>


    ___
  title: Semgrep Web App
  version: 1.0.0
servers: []
security: []
tags:
  - description: >-
      Deployments encapsulate your organization's security organization, with
      multiple projects, policies, and integrations. As the root object of the
      organization, they're similarly the root object of the API.
    name: DeploymentsService
    x-displayName: Deployment
    x-group: Deployment
  - description: >-
      Manage and retrieve code, supply chain, and AI-powered scan findings from
      Semgrep scans
    name: FindingsService
    x-displayName: Code, Supply Chain, and AI-Powered Scan
    x-group: Code, Supply Chain, and AI-Powered Scan
  - description: Utility endpoints.
    name: MiscService
    x-displayName: Other
    x-group: Other
  - description: >-
      View and manage the Policies of your organization.


      Deployments on the Unified Policies model use the [Policies V2
      API](/api/v2/docs/#tag/PoliciesV2Service) instead; this service stops
      working after the migration.
    name: PoliciesService
    x-displayName: Policies
    x-group: Policies
  - name: ProjectsService
    x-displayName: Projects
    x-group: Projects
  - description: View details of scans associated with projects in your organization.
    name: ScansService
    x-displayName: Scans
    x-group: Scans
  - description: View and manage the Secrets of your organization.
    name: SecretsService
    x-displayName: Secrets
    x-group: Secrets
  - description: |-
      Manage the Supply Chain findings and dependencies of your organization.

      A request body is required, but may be an empty object.
    name: SupplyChainService
    x-displayName: Supply Chain
    x-group: Supply Chain
  - description: Create and manage external tickets
    name: TicketingService
    x-displayName: Ticketing
    x-group: Ticketing
  - description: View and manage the triage of your organization.
    name: TriageService
    x-displayName: Triage
    x-group: Triage
paths:
  /api/v1/deployments/{deploymentSlug}/tickets:
    post:
      tags:
        - TicketingService
      summary: Create Jira tickets
      description: >-
        Create Jira tickets for your findings. You can create tickets by passing
        in a list of issue_ids or by passing in filter query parameters to
        dynamically select findings. If passing in filters, Semgrep will skip
        already ticketed findings. This endpoint is synchronous, so it may take
        some time for your request to resolve. Unlike creating tickets in-app,
        if ticket creation fails we won't automatically retry. This endpoint
        accepts a limit parameter (defaulting to 20) to limit the number of
        tickets created per request. If you specify a list of issue_ids greater
        than this limit, or your selected filters match on a number of issues
        greater than this limit, issues that were not ticketed are included in
        the Failed part of the response object. You can send another request to
        create tickets for these skipped issues. By default, findings belonging
        to the same repository and the same rule will be grouped together into a
        single Jira ticket. You can override this using the group_issues query
        parameter. Up to 50 issues can be grouped into a single ticket. You can
        optionally override the Jira project you create tickets in by passing in
        a Jira project ID as jira_project_id (the numeric ID rather than the
        project key). You can fetch this ID using the Jira API.
      operationId: TicketingService_CreateTicket
      parameters:
        - in: path
          name: deploymentSlug
          required: true
          schema:
            description: >-
              Deployment slug. Can be found at `/deployments`, or in your
              Settings in the web UI.
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/protos.openapi.v1.CreateTicketRequest'
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/protos.openapi.v1.CreateTicketResponse'
          description: OK
      security:
        - SemgrepWebToken: []
components:
  schemas:
    protos.openapi.v1.CreateTicketRequest:
      description: Create ticket request
      properties:
        autotriage_verdict:
          description: The autotriage verdict to filter by
          enum:
            - true_positive
            - false_positive
          example: true_positive
          type: string
        categories:
          description: List of categories to filter by
          example:
            - security
            - performance
          items:
            type: string
          type: array
        component_tags:
          description: List of component tags to filter by
          example:
            - user authentication
            - user data
          items:
            type: string
          type: array
        confidence:
          description: List of confidence levels to filter by
          enum:
            - low
            - medium
            - high
          example: high
          type: string
        dependencies:
          description: Filter by dependency name. Only applies for sca findings.
          example:
            - lodash
            - express
          items:
            type: string
          type: array
        deploymentSlug:
          description: >-
            Deployment slug. Can be found at `/deployments`, or in your Settings
            in the web UI.
          type: string
        epss_probability:
          description: >-
            Filter by EPSS probability (likelihood of exploit). Only applies for
            sca findings.
          enum:
            - low
            - medium
            - high
            - none
          example:
            - high
            - medium
          items:
            type: string
          type: array
        exposures:
          description: >-
            Filter by exposure (reachability type). Only applies for sca
            findings. Reachability is the ability of an attacker to access a
            vulnerability in a system.
          enum:
            - reachable
            - always_reachable
            - conditionally_reachable
            - unreachable
            - unknown
          example:
            - reachable
            - always_reachable
          items:
            type: string
          type: array
        group_issues:
          default: 'true'
          description: >-
            Whether or not to group findings from the same rule and repository
            into a single ticket. Defaults to true.
          example: true
          type: boolean
        include_historical:
          description: >-
            Whether to include historical findings. Only applies for secrets
            findings. Defaults to true.
          example: true
          type: boolean
        issue_ids:
          description: >-
            An array of issue IDs to act on. If this is not provided, an issue
            filter should be provided.
          example:
            - 123
            - 456
          items:
            type: string
          type: array
        issue_type:
          description: Type of findings to create tickets for.
          enum:
            - sast
            - sca
            - secrets
          example: sca
          type: string
        jira_project_id:
          description: >-
            Optional numeric Jira project ID to associate with the created
            tickets. If not specified, defaults to the project configured in
            your integration settings. You can fetch this ID using the Jira API.
          example: 12345
          type: string
        limit:
          default: 20
          description: >-
            Max number of tickets to create. Must be an integer between 1 and
            20. Defaults to 20
          example: 20
          format: int64
          type: integer
        policies:
          description: List of policy modes to filter by
          example:
            - rule-board-block
            - rule-board-pr-comments
            - rule-board-audit
          items:
            type: string
          type: array
        policy_mode:
          description: List of policy modes to filter by
          enum:
            - monitor
            - comment
            - block
          example:
            - monitor
            - block
          items:
            type: string
          type: array
        pro_only:
          description: >-
            Filter by whether a finding is only available with Semgrep Pro
            features. Only applies for sast findings.
          example: true
          type: boolean
        project_tags:
          description: List of project tags to filter by
          example:
            - my_project_tag_1
            - my_project_tag_2
          items:
            type: string
          type: array
        ref:
          description: Branch reference to filter by
          example: refs/pull/1234/merge
          type: string
        repos:
          description: List of repository names to filter by
          example:
            - myorg/repo1
            - myorg/repo2
          items:
            type: string
          type: array
        repository_visibility:
          description: Filter by repository visibility. Only applies for secrets findings.
          enum:
            - public
            - private
            - unknown
          example:
            - public
            - private
          items:
            type: string
          type: array
        rules:
          description: List of rule names to filter by
          example:
            - typescript.react.security.audit.react-no-refs.react-no-refs
            - ajinabraham.njsscan.hardcoded_secrets.node_username
          items:
            type: string
          type: array
        ruleset:
          description: List of Semgrep Registry rulesets to filter by
          example:
            - owasp-top-ten
            - default
          items:
            type: string
          type: array
        secret_types:
          description: >-
            Filter by type of secret (typically provider-related). Only applies
            for secrets findings.
          example:
            - Github
            - Heroku
            - AWS
          items:
            type: string
          type: array
        severities:
          description: List of severities to filter by
          enum:
            - low
            - medium
            - high
            - critical
          example:
            - low
            - high
          items:
            type: string
          type: array
        since:
          description: >-
            Epoch timestamp in seconds. Filters using the relevant_since field:
            the timestamp when this finding was detected by Semgrep (the first
            time, or when reintroduced).
          example: 1717334400
          type: string
        status:
          description: The status to filter by
          enum:
            - open
            - fixed
            - ignored
            - reviewing
            - fixing
            - provisionally_ignored
          example: open
          type: string
        transitivities:
          description: >-
            Filter by transitivity of a dependency. Only applies for sca
            findings.
          enum:
            - direct
            - transitive
            - unknown
          example:
            - transitive
            - direct
          items:
            type: string
          type: array
        triage_reasons:
          description: List of triage reasons to filter by
          enum:
            - acceptable_risk
            - false_positive
            - no_time
            - no_triage_reason
            - duplicate
          example:
            - acceptable_risk
            - false_positive
          items:
            type: string
          type: array
        validation_state:
          description: >-
            Filter by whether a secret could be validated. Only applies for
            secrets findings.
          enum:
            - confirmed_valid
            - confirmed_invalid
            - validation_error
            - no_validator
          example:
            - valid
            - invalid
          items:
            type: string
          type: array
      required:
        - deployment_slug
        - issue_type
      title: Create Ticket Request
      type: object
    protos.openapi.v1.CreateTicketResponse:
      properties:
        failed:
          description: >-
            List of issues where ticket creation failed. This list may include
            issues that were skipped because they exceed the specified limit.
          items:
            $ref: >-
              #/components/schemas/protos.openapi.v1.CreateTicketResponse_TicketCreationFailed
          type: array
        skipped:
          description: List of issues that were skipped
          items:
            $ref: >-
              #/components/schemas/protos.openapi.v1.CreateTicketResponse_TicketCreationSkipped
          type: array
        succeeded:
          description: List of successfully created tickets
          items:
            $ref: >-
              #/components/schemas/protos.openapi.v1.CreateTicketResponse_TicketCreationSuccess
          type: array
      type: object
    protos.openapi.v1.CreateTicketResponse_TicketCreationFailed:
      properties:
        error:
          description: The error message for the failure
          type: string
        issue_ids:
          description: List of issue IDs
          items:
            format: int64
            type: integer
          type: array
      type: object
    protos.openapi.v1.CreateTicketResponse_TicketCreationSkipped:
      properties:
        issue_ids:
          description: List of issue IDs
          items:
            format: int64
            type: integer
          type: array
        reason:
          description: The reason why the issue was skipped
          type: string
      type: object
    protos.openapi.v1.CreateTicketResponse_TicketCreationSuccess:
      properties:
        external_slug:
          description: The external slug identifier for the ticket
          type: string
        issue_ids:
          description: List of issue IDs
          items:
            format: int64
            type: integer
          type: array
        ticket_id:
          description: The ID of the created ticket
          format: int64
          type: integer
        ticket_url:
          description: The URL of the created ticket
          type: string
      type: object
  securitySchemes:
    SemgrepWebToken:
      bearerFormat: string
      description: >-
        Get access to data with your API token. Example header:


        `Authorization: Bearer
        2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628`


        The token can be provisioned from the Tokens section in your Settings,
        and requires explicitly enabling `Web API` access.
      scheme: bearer
      type: http

````