> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Bulk triage

> Bulk triage your findings. You can select the findings to triage by passing in a list of finding IDs as issue_ids, or by passing in filter query parameters. You must specify the issue_type of the findings you want to bulk triage. One of new_triage_state or new_note is required. If specifying a new_triage_reason, you must also use new_triage_state=ignored. Some filters only apply for findings associated with a given product.



## OpenAPI

````yaml /public_v1.openapi.yaml post /api/v1/deployments/{deploymentSlug}/triage
openapi: 3.0.3
info:
  description: >

    Welcome to Semgrep's portal for the Semgrep AppSec Platform web API.


    # Introduction

    Semgrep is a fast, open-source, static analysis tool for finding bugs and
    enforcing code standards at editor,

    commit, and CI time. [Get
    started.](https://semgrep.dev/docs/getting-started/)


    This API is documented in the **OpenAPI format**.


    # Authentication

    The API supports authentication with an API token with the "Web API"
    permission, without limited

    scopes of access.


    You can provision an API token [from the Settings
    page](https://semgrep.dev/orgs/-/settings/tokens).


    # Terms of Use


    Please note, the materials made available herein are subject to the

    [Semgrep Terms of Use](https://semgrep.dev/resources/website-terms/), and
    your

    access or use of any of the same is your acknowledgment and acceptance of
    the

    such terms.


    <br>


    ___
  title: Semgrep Web App
  version: 1.0.0
servers: []
security: []
tags:
  - description: >-
      Deployments encapsulate your organization's security organization, with
      multiple projects, policies, and integrations. As the root object of the
      organization, they're similarly the root object of the API.
    name: DeploymentsService
    x-displayName: Deployment
    x-group: Deployment
  - description: >-
      Manage and retrieve code, supply chain, and AI-powered scan findings from
      Semgrep scans
    name: FindingsService
    x-displayName: Code, Supply Chain, and AI-Powered Scan
    x-group: Code, Supply Chain, and AI-Powered Scan
  - description: Utility endpoints.
    name: MiscService
    x-displayName: Other
    x-group: Other
  - description: >-
      View and manage the Policies of your organization.


      Deployments on the Unified Policies model use the [Policies V2
      API](/api/v2/docs/#tag/PoliciesV2Service) instead; this service stops
      working after the migration.
    name: PoliciesService
    x-displayName: Policies
    x-group: Policies
  - name: ProjectsService
    x-displayName: Projects
    x-group: Projects
  - description: View details of scans associated with projects in your organization.
    name: ScansService
    x-displayName: Scans
    x-group: Scans
  - description: View and manage the Secrets of your organization.
    name: SecretsService
    x-displayName: Secrets
    x-group: Secrets
  - description: |-
      Manage the Supply Chain findings and dependencies of your organization.

      A request body is required, but may be an empty object.
    name: SupplyChainService
    x-displayName: Supply Chain
    x-group: Supply Chain
  - description: Create and manage external tickets
    name: TicketingService
    x-displayName: Ticketing
    x-group: Ticketing
  - description: View and manage the triage of your organization.
    name: TriageService
    x-displayName: Triage
    x-group: Triage
paths:
  /api/v1/deployments/{deploymentSlug}/triage:
    post:
      tags:
        - TriageService
      summary: Bulk triage
      description: >-
        Bulk triage your findings. You can select the findings to triage by
        passing in a list of finding IDs as issue_ids, or by passing in filter
        query parameters. You must specify the issue_type of the findings you
        want to bulk triage. One of new_triage_state or new_note is required. If
        specifying a new_triage_reason, you must also use
        new_triage_state=ignored. Some filters only apply for findings
        associated with a given product.
      operationId: TriageService_BulkTriage
      parameters:
        - in: path
          name: deploymentSlug
          required: true
          schema:
            description: >-
              Deployment slug. Can be found at /deployments, or in your Settings
              in the web UI.
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/protos.openapi.v1.BulkTriageRequest'
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/protos.openapi.v1.BulkTriageResponse'
          description: OK
      security:
        - SemgrepWebToken: []
components:
  schemas:
    protos.openapi.v1.BulkTriageRequest:
      properties:
        autotriage_verdict:
          description: The autotriage verdict to filter by
          enum:
            - true_positive
            - false_positive
          example: true_positive
          type: string
        categories:
          description: List of categories to filter by
          example:
            - security
            - performance
          items:
            type: string
          type: array
        component_tags:
          description: List of component tags to filter by
          example:
            - user authentication
            - user data
          items:
            type: string
          type: array
        confidence:
          description: List of confidence levels to filter by
          enum:
            - low
            - medium
            - high
          example: high
          type: string
        dependencies:
          description: Filter by dependency name. Only applies for sca findings.
          example:
            - lodash
            - express
          items:
            type: string
          type: array
        epss_probability:
          description: >-
            Filter by EPSS probability (likelihood of exploit). Only applies for
            sca findings.
          enum:
            - low
            - medium
            - high
            - none
          example:
            - high
            - medium
          items:
            type: string
          type: array
        exposures:
          description: >-
            Filter by exposure (reachability type). Only applies for sca
            findings. Reachability is the ability of an attacker to access a
            vulnerability in a system.
          enum:
            - reachable
            - always_reachable
            - conditionally_reachable
            - unreachable
            - unknown
          example:
            - reachable
            - always_reachable
          items:
            type: string
          type: array
        include_historical:
          description: >-
            Whether to include historical findings. Only applies for secrets
            findings. Defaults to true.
          example: true
          type: boolean
        issue_ids:
          description: >-
            An array of issue IDs to act on. If this is not provided, an issue
            filter should be provided.
          example:
            - 123
            - 456
          items:
            format: int64
            type: integer
          type: array
        issue_type:
          description: Type of findings to bulk triage.
          enum:
            - sast
            - sca
            - secrets
          example: sca
          type: string
        limit:
          default: 3000
          description: >-
            Max number of issues to triage. Must be an integer between 1 and
            3000. Defaults to 3000. When selecting findings to triage, Semgrep
            will also triage findings with the same fingerprint on other
            branches. As a result, the list of triaged issue_ids returned in the
            response may be higher than the specified limit.
          example: 100
          format: int64
          type: integer
        new_note:
          description: >-
            The note to attach to the bulk triaged findings. Maximum 3000
            characters.
          example: some note here
          type: string
        new_triage_reason:
          description: The reason for triaging to a given triage state.
          enum:
            - acceptable_risk
            - false_positive
            - no_time
            - no_triage_reason
            - duplicate
          example: acceptable_risk
          type: string
        new_triage_state:
          description: The triage state you would like to bulk triage your findings to.
          enum:
            - ignored
            - reviewing
            - fixing
            - reopened
            - provisionally_ignored
          example: reopened
          type: string
        policies:
          description: List of policy modes to filter by
          example:
            - rule-board-block
            - rule-board-pr-comments
            - rule-board-audit
          items:
            type: string
          type: array
        policy_mode:
          description: List of policy modes to filter by
          enum:
            - monitor
            - comment
            - block
          example:
            - monitor
            - block
          items:
            type: string
          type: array
        pro_only:
          description: >-
            Filter by whether a finding is only available with Semgrep Pro
            features.
          example: true
          type: boolean
        project_tags:
          description: List of project tags to filter by
          example:
            - my_project_tag_1
            - my_project_tag_2
          items:
            type: string
          type: array
        ref:
          description: Branch reference to filter by
          example: refs/pull/1234/merge
          type: string
        repos:
          description: List of repository names to filter by
          example:
            - myorg/repo1
            - myorg/repo2
          items:
            type: string
          type: array
        repository_visibility:
          description: Filter by repository visibility. Only applies for secrets findings.
          enum:
            - public
            - private
            - unknown
          example:
            - public
            - private
          items:
            type: string
          type: array
        rules:
          description: List of rule names to filter by
          example:
            - typescript.react.security.audit.react-no-refs.react-no-refs
            - ajinabraham.njsscan.hardcoded_secrets.node_username
          items:
            type: string
          type: array
        ruleset:
          description: List of Semgrep Registry rulesets to filter by
          example:
            - owasp-top-ten
            - default
          items:
            type: string
          type: array
        secret_types:
          description: >-
            Filter by type of secret (typically provider-related). Only applies
            for secrets findings.
          example:
            - Github
            - Heroku
            - AWS
          items:
            type: string
          type: array
        severities:
          description: List of severities to filter by
          enum:
            - low
            - medium
            - high
            - critical
          example:
            - low
            - high
          items:
            type: string
          type: array
        since:
          description: >-
            Epoch timestamp in seconds. Filters using the relevant_since field:
            the timestamp when this finding was detected by Semgrep (the first
            time, or when reintroduced).
          example: 1717334400
          type: string
        status:
          description: The status to filter by
          enum:
            - open
            - fixed
            - ignored
            - reviewing
            - fixing
            - provisionally_ignored
          example: open
          type: string
        transitivities:
          description: >-
            Filter by transitivity of a dependency. Only applies for sca
            findings.
          enum:
            - direct
            - transitive
            - unknown
          example:
            - transitive
            - direct
          items:
            type: string
          type: array
        triage_reasons:
          description: List of triage reasons to filter by
          enum:
            - acceptable_risk
            - false_positive
            - no_time
            - no_triage_reason
            - duplicate
          example:
            - acceptable_risk
            - false_positive
          items:
            type: string
          type: array
        validation_state:
          description: >-
            Filter by whether a secret could be validated. Only applies for
            secrets findings.
          enum:
            - confirmed_valid
            - confirmed_invalid
            - validation_error
            - no_validator
          example:
            - valid
            - invalid
          items:
            type: string
          type: array
      required:
        - deployment_slug
        - issue_type
      title: Bulk Triage Request
      type: object
    protos.openapi.v1.BulkTriageResponse:
      properties:
        num_triaged:
          description: Number of items updated
          format: int64
          type: integer
        triaged_issues:
          description: List of triaged issue IDs
          items:
            format: int64
            type: integer
          type: array
      required:
        - num_triaged
        - triaged_issues
      title: Bulk Triage Response
      type: object
  securitySchemes:
    SemgrepWebToken:
      bearerFormat: string
      description: >-
        Get access to data with your API token. Example header:


        `Authorization: Bearer
        2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628`


        The token can be provisioned from the Tokens section in your Settings,
        and requires explicitly enabling `Web API` access.
      scheme: bearer
      type: http

````