Get Issue
Get a single issue by ID with details
Authorizations
Get access to data with your API token. Example header:
Authorization: Bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628
The token can be provisioned from the Tokens section in your Settings, and requires explicitly enabling Web API access.
Query Parameters
When true, include code snippets in the response. Defaults to true for non-secrets when unset. Does not apply to secrets: this option has no effect for secret issues—snippets are never returned for secrets (security; no masking yet).
When true, populate the is_archived field on the response. Defaults to false.
Response
OK
ID of the finding
Creation timestamp
Branch where the finding was detected
Semi-unique hash of a check consisting of: Line Numbers, File Path, Rule ID, Index of finding in file, and Matched code
Semi-unique hash of a check consisting of: File Path, Rule ID, Index of finding in file, and Rule Formula with metavariable bindings substituted in
The ID of the associated semgrep rule
| value | description |
|---|---|
| ISSUE_STATUS_FIXED | |
| ISSUE_STATUS_MUTED | |
| ISSUE_STATUS_REMOVED | |
| ISSUE_STATUS_UNRESOLVED |
ISSUE_STATUS_FIXED, ISSUE_STATUS_MUTED, ISSUE_STATUS_REMOVED, ISSUE_STATUS_UNRESOLVED The repository in which this issue was found
The first scan in which this issue was found
The issue's current triage state.
| value | description |
|---|---|
| FINDING_TRIAGE_STATE_UNTRIAGED | |
| FINDING_TRIAGE_STATE_IGNORED | |
| FINDING_TRIAGE_STATE_REOPENED | |
| FINDING_TRIAGE_STATE_UNKNOWN | |
| FINDING_TRIAGE_STATE_REVIEWING | |
| FINDING_TRIAGE_STATE_FIXING | |
| FINDING_TRIAGE_STATE_PROVISIONALLY_IGNORED |
FINDING_TRIAGE_STATE_UNTRIAGED, FINDING_TRIAGE_STATE_IGNORED, FINDING_TRIAGE_STATE_REOPENED, FINDING_TRIAGE_STATE_UNKNOWN, FINDING_TRIAGE_STATE_REVIEWING, FINDING_TRIAGE_STATE_FIXING, FINDING_TRIAGE_STATE_PROVISIONALLY_IGNORED The reason the issue was triaged.
| value | description |
|---|---|
| FINDING_TRIAGE_REASON_FALSE_POSITIVE | |
| FINDING_TRIAGE_REASON_NO_TIME | |
| FINDING_TRIAGE_REASON_ACCEPTABLE_RISK | |
| FINDING_TRIAGE_REASON_NO_TRIAGE_REASON | |
| FINDING_TRIAGE_REASON_UNKNOWN | |
| FINDING_TRIAGE_REASON_DUPLICATE |
FINDING_TRIAGE_REASON_FALSE_POSITIVE, FINDING_TRIAGE_REASON_NO_TIME, FINDING_TRIAGE_REASON_ACCEPTABLE_RISK, FINDING_TRIAGE_REASON_NO_TRIAGE_REASON, FINDING_TRIAGE_REASON_UNKNOWN, FINDING_TRIAGE_REASON_DUPLICATE The timestamp from which this issue was relevant
The overall state of the issue, accounting for status (controlled by scans), triaging, external events like PR closes, etc. TODO: use the AggregateState enum instead of raw strings.
| value | description |
|---|---|
| AGGREGATE_ISSUE_STATE_OPEN | |
| AGGREGATE_ISSUE_STATE_FIXED | |
| AGGREGATE_ISSUE_STATE_REMOVED | |
| AGGREGATE_ISSUE_STATE_IGNORED_APP | |
| AGGREGATE_ISSUE_STATE_IGNORED_CODE | |
| AGGREGATE_ISSUE_STATE_UNKNOWN | |
| AGGREGATE_ISSUE_STATE_REVIEWING | |
| AGGREGATE_ISSUE_STATE_FIXING | |
| AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP |
AGGREGATE_ISSUE_STATE_OPEN, AGGREGATE_ISSUE_STATE_FIXED, AGGREGATE_ISSUE_STATE_REMOVED, AGGREGATE_ISSUE_STATE_IGNORED_APP, AGGREGATE_ISSUE_STATE_IGNORED_CODE, AGGREGATE_ISSUE_STATE_UNKNOWN, AGGREGATE_ISSUE_STATE_REVIEWING, AGGREGATE_ISSUE_STATE_FIXING, AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP Comment left when triaged
The external ticket reference
The key used to group supply chain vulns (deprecated)
True if this issue is a blocking issue.
The autotriage info related to this issue.
The autotriage tags associated with this issue
The URL to the specific line of code causing this issue
The code snippet causing this issue. Only available when fetching a single issue at a time via the GetIssue RPC. Deprecated in favor of code_snippets for multi-file support.
A call trace order of code locations leading to the site of the issue. Only available when fetching a single issue at a time via the GetIssue RPC.
The URL of the specific commit which introduced this issue. Only available when fetching a single issue at a time via the GetIssue RPC.
A chronologically-ordered list of events related to this issue (status change, ai tags, triage events). Always populated by the GetIssue RPC; populated by ListIssues only when ListIssuesRequest.include_activity_history is true.
A list of related issues (with the same match based ID). Only available when fetching a single issue at a time via the GetIssue RPC.
AI remediation info for this issue (guidance and autofix). Available in the GetIssue RPC and in list responses when include_remediation is set to true.
The last scan in which this issue was found
The path to the file in which this issue was found.
The first line number in which this issue was found.
The end line number in which this issue was found (if the offending code spans several lines).
The start column number within the line in which this issue was found.
The end column number within the last line in which this issue was found (if applicable).
The severity ("seriousness") of the issue.
| value | description |
|---|---|
| SEVERITY_HIGH | |
| SEVERITY_MEDIUM | |
| SEVERITY_LOW | |
| SEVERITY_CRITICAL |
SEVERITY_HIGH, SEVERITY_MEDIUM, SEVERITY_LOW, SEVERITY_CRITICAL An optional message that helps describe the issue in more detail.
The full path of the rule used to generate this issue.
The confidence in false-positive rate of an issue.
| value | description |
|---|---|
| CONFIDENCE_HIGH | |
| CONFIDENCE_MEDIUM | |
| CONFIDENCE_LOW |
CONFIDENCE_HIGH, CONFIDENCE_MEDIUM, CONFIDENCE_LOW The url of the rule used to generate this issue.
A list of external references (URLs) which help describe or provide context for the rule used to generate this issue.
The origin of the rule (pro rules, semgrep community, or a custom rule)
| value | description |
|---|---|
| RULE_ORIGIN_CUSTOM | |
| RULE_ORIGIN_COMMUNITY | |
| RULE_ORIGIN_PRO_RULES |
RULE_ORIGIN_CUSTOM, RULE_ORIGIN_COMMUNITY, RULE_ORIGIN_PRO_RULES The hash of the associated rule.
The names of the CWEs associated with this issue's rule.
The names of the OWASP categories associated with this issue's rule.
The ruleset to which this issue's rule belongs (if applicable).
A slugified version of the associated rule's policy.
The issue's category (or "other" if none).
A list of rules which supersede this issue's rule.
The product which owns this issue, e.g. SAST (code), SCA (supply chain), etc.
| value | description |
|---|---|
| ISSUE_TYPE_SAST | Detected by Code rules |
| ISSUE_TYPE_SCA | Detected by Supply Chain rules |
| ISSUE_TYPE_SECRETS | Detected by Secrets rules |
| ISSUE_TYPE_RESEARCH | Detected by research rules or scanners |
| ISSUE_TYPE_AI_SAST | Detected by AI detection code scanning |
ISSUE_TYPE_SAST, ISSUE_TYPE_SCA, ISSUE_TYPE_SECRETS, ISSUE_TYPE_RESEARCH, ISSUE_TYPE_AI_SAST Parent ID of the finding. Present for all types.
The failed attempts at ticket creation
Only set for code issues (i.e. if issue_type == SAST)
Only set for supply chain issues (i.e. if issue_type == SCA)
Only set for secrets issues (i.e. if issue_type == SECRETS)
The issue's subcategories
The URL of the specific commit which introduced this issue. Only available when fetching a single issue at a time via the GetIssue RPC.
The content of files involved in this issue. Only available when fetching a single issue at a time via the GetIssue RPC.
AI-generated explanation for true positive autotriage cases. Only available when fetching a single issue at a time via the GetIssue RPC.
The human-readable display name of the rule (e.g., "Hardcoded secret"). Only available when fetching a single issue at a time via the GetIssue RPC.
The URL of the Click-to-Fix PR that was opened to fix this issue (if any). Available in the GetIssue RPC and in list responses that opt into it.
AI Detection only: LLM-generated description of the vulnerability's impact. Only available when fetching a single issue at a time via the GetIssue RPC.
AI Detection only: Conditions that must be true for the vulnerability to be exploitable. Only available when fetching a single issue at a time via the GetIssue RPC.
The commit message for the Click-to-Fix PR (if any). Only available when fetching a single issue at a time via the GetIssue RPC.
A summary of the exception request for this issue, shaped for the findings list UI. Only returned if include_exception_request_info was true in the request.
The SCM-agnostic PR identifier for the Click-to-Fix PR (if any). Available in the GetIssue RPC and in list responses that opt into it. Prefer this over parsing the PR number from click_to_fix_pr_url.
The triage permission for this issue: whether a developer may ignore it themselves, must request an exception, or cannot triage it at all. Only defined when the developer approvals feature is enabled.
| value | description |
|---|---|
| TRIAGE_PERMISSION_IGNORE | |
| TRIAGE_PERMISSION_REQUEST | |
| TRIAGE_PERMISSION_NONE |
TRIAGE_PERMISSION_IGNORE, TRIAGE_PERMISSION_REQUEST, TRIAGE_PERMISSION_NONE True if this finding's project is archived (Semgrep-initiated via is_semgrep_archived, or SCM-archived).