Skip to main content
GET
Get Issue

Authorizations

Authorization
string
header
required

Get access to data with your API token. Example header:

Authorization: Bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628

The token can be provisioned from the Tokens section in your Settings, and requires explicitly enabling Web API access.

Path Parameters

deploymentId
string
required
issueId
string
required

Query Parameters

includeCodeSnippet
boolean

When true, include code snippets in the response. Defaults to true for non-secrets when unset. Does not apply to secrets: this option has no effect for secret issues—snippets are never returned for secrets (security; no masking yet).

includeIsArchived
boolean

When true, populate the is_archived field on the response. Defaults to false.

Response

200 - application/json

OK

id
string

ID of the finding

createdAt
string<date-time>

Creation timestamp

ref
string

Branch where the finding was detected

syntacticId
string

Semi-unique hash of a check consisting of: Line Numbers, File Path, Rule ID, Index of finding in file, and Matched code

matchBasedId
string

Semi-unique hash of a check consisting of: File Path, Rule ID, Index of finding in file, and Rule Formula with metavariable bindings substituted in

ruleId
string

The ID of the associated semgrep rule

status
enum<string>
valuedescription
ISSUE_STATUS_FIXED
ISSUE_STATUS_MUTED
ISSUE_STATUS_REMOVED
ISSUE_STATUS_UNRESOLVED
Available options:
ISSUE_STATUS_FIXED,
ISSUE_STATUS_MUTED,
ISSUE_STATUS_REMOVED,
ISSUE_STATUS_UNRESOLVED
repository
object

The repository in which this issue was found

firstSeenScan
object

The first scan in which this issue was found

triageState
enum<string>

The issue's current triage state.

valuedescription
FINDING_TRIAGE_STATE_UNTRIAGED
FINDING_TRIAGE_STATE_IGNORED
FINDING_TRIAGE_STATE_REOPENED
FINDING_TRIAGE_STATE_UNKNOWN
FINDING_TRIAGE_STATE_REVIEWING
FINDING_TRIAGE_STATE_FIXING
FINDING_TRIAGE_STATE_PROVISIONALLY_IGNORED
Available options:
FINDING_TRIAGE_STATE_UNTRIAGED,
FINDING_TRIAGE_STATE_IGNORED,
FINDING_TRIAGE_STATE_REOPENED,
FINDING_TRIAGE_STATE_UNKNOWN,
FINDING_TRIAGE_STATE_REVIEWING,
FINDING_TRIAGE_STATE_FIXING,
FINDING_TRIAGE_STATE_PROVISIONALLY_IGNORED
triageReason
enum<string>

The reason the issue was triaged.

valuedescription
FINDING_TRIAGE_REASON_FALSE_POSITIVE
FINDING_TRIAGE_REASON_NO_TIME
FINDING_TRIAGE_REASON_ACCEPTABLE_RISK
FINDING_TRIAGE_REASON_NO_TRIAGE_REASON
FINDING_TRIAGE_REASON_UNKNOWN
FINDING_TRIAGE_REASON_DUPLICATE
Available options:
FINDING_TRIAGE_REASON_FALSE_POSITIVE,
FINDING_TRIAGE_REASON_NO_TIME,
FINDING_TRIAGE_REASON_ACCEPTABLE_RISK,
FINDING_TRIAGE_REASON_NO_TRIAGE_REASON,
FINDING_TRIAGE_REASON_UNKNOWN,
FINDING_TRIAGE_REASON_DUPLICATE
relevantSince
string<date-time>

The timestamp from which this issue was relevant

aggregateState
enum<string>

The overall state of the issue, accounting for status (controlled by scans), triaging, external events like PR closes, etc. TODO: use the AggregateState enum instead of raw strings.

valuedescription
AGGREGATE_ISSUE_STATE_OPEN
AGGREGATE_ISSUE_STATE_FIXED
AGGREGATE_ISSUE_STATE_REMOVED
AGGREGATE_ISSUE_STATE_IGNORED_APP
AGGREGATE_ISSUE_STATE_IGNORED_CODE
AGGREGATE_ISSUE_STATE_UNKNOWN
AGGREGATE_ISSUE_STATE_REVIEWING
AGGREGATE_ISSUE_STATE_FIXING
AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP
Available options:
AGGREGATE_ISSUE_STATE_OPEN,
AGGREGATE_ISSUE_STATE_FIXED,
AGGREGATE_ISSUE_STATE_REMOVED,
AGGREGATE_ISSUE_STATE_IGNORED_APP,
AGGREGATE_ISSUE_STATE_IGNORED_CODE,
AGGREGATE_ISSUE_STATE_UNKNOWN,
AGGREGATE_ISSUE_STATE_REVIEWING,
AGGREGATE_ISSUE_STATE_FIXING,
AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP
note
string

Comment left when triaged

externalTicket
object

The external ticket reference

vulnGroupKey
string

The key used to group supply chain vulns (deprecated)

isBlocking
boolean

True if this issue is a blocking issue.

autotriage
object

The autotriage info related to this issue.

aiTags
object

The autotriage tags associated with this issue

lineOfCodeUrl
string

The URL to the specific line of code causing this issue

codeSnippet
string

The code snippet causing this issue. Only available when fetching a single issue at a time via the GetIssue RPC. Deprecated in favor of code_snippets for multi-file support.

dataflowTrace
object

A call trace order of code locations leading to the site of the issue. Only available when fetching a single issue at a time via the GetIssue RPC.

commitUrl
string

The URL of the specific commit which introduced this issue. Only available when fetching a single issue at a time via the GetIssue RPC.

activityHistory
object[]

A chronologically-ordered list of events related to this issue (status change, ai tags, triage events). Always populated by the GetIssue RPC; populated by ListIssues only when ListIssuesRequest.include_activity_history is true.

A list of related issues (with the same match based ID). Only available when fetching a single issue at a time via the GetIssue RPC.

remediation
object

AI remediation info for this issue (guidance and autofix). Available in the GetIssue RPC and in list responses when include_remediation is set to true.

lastSeenScan
object

The last scan in which this issue was found

filePath
string

The path to the file in which this issue was found.

line
integer<int64>

The first line number in which this issue was found.

endLine
integer<int64>

The end line number in which this issue was found (if the offending code spans several lines).

column
integer<int64>

The start column number within the line in which this issue was found.

endColumn
integer<int64>

The end column number within the last line in which this issue was found (if applicable).

severity
enum<string>

The severity ("seriousness") of the issue.

valuedescription
SEVERITY_HIGH
SEVERITY_MEDIUM
SEVERITY_LOW
SEVERITY_CRITICAL
Available options:
SEVERITY_HIGH,
SEVERITY_MEDIUM,
SEVERITY_LOW,
SEVERITY_CRITICAL
message
string

An optional message that helps describe the issue in more detail.

rulePath
string

The full path of the rule used to generate this issue.

confidence
enum<string>

The confidence in false-positive rate of an issue.

valuedescription
CONFIDENCE_HIGH
CONFIDENCE_MEDIUM
CONFIDENCE_LOW
Available options:
CONFIDENCE_HIGH,
CONFIDENCE_MEDIUM,
CONFIDENCE_LOW
ruleUrl
string

The url of the rule used to generate this issue.

ruleReferences
string[]

A list of external references (URLs) which help describe or provide context for the rule used to generate this issue.

ruleOrigin
enum<string>

The origin of the rule (pro rules, semgrep community, or a custom rule)

valuedescription
RULE_ORIGIN_CUSTOM
RULE_ORIGIN_COMMUNITY
RULE_ORIGIN_PRO_RULES
Available options:
RULE_ORIGIN_CUSTOM,
RULE_ORIGIN_COMMUNITY,
RULE_ORIGIN_PRO_RULES
ruleHashId
string

The hash of the associated rule.

ruleCweNames
string[]

The names of the CWEs associated with this issue's rule.

ruleOwaspNames
string[]

The names of the OWASP categories associated with this issue's rule.

ruleset
string

The ruleset to which this issue's rule belongs (if applicable).

policySlug
string

A slugified version of the associated rule's policy.

category
string

The issue's category (or "other" if none).

ruleSupersededBy
object[]

A list of rules which supersede this issue's rule.

issueType
enum<string>

The product which owns this issue, e.g. SAST (code), SCA (supply chain), etc.

valuedescription
ISSUE_TYPE_SASTDetected by Code rules
ISSUE_TYPE_SCADetected by Supply Chain rules
ISSUE_TYPE_SECRETSDetected by Secrets rules
ISSUE_TYPE_RESEARCHDetected by research rules or scanners
ISSUE_TYPE_AI_SASTDetected by AI detection code scanning
Available options:
ISSUE_TYPE_SAST,
ISSUE_TYPE_SCA,
ISSUE_TYPE_SECRETS,
ISSUE_TYPE_RESEARCH,
ISSUE_TYPE_AI_SAST
issueParentId
string

Parent ID of the finding. Present for all types.

ticketAttempts
object[]

The failed attempts at ticket creation

sastAttributes
object

Only set for code issues (i.e. if issue_type == SAST)

scaAttributes
object

Only set for supply chain issues (i.e. if issue_type == SCA)

secretsAttributes
object

Only set for secrets issues (i.e. if issue_type == SECRETS)

subcategories
string[]

The issue's subcategories

refUrl
string

The URL of the specific commit which introduced this issue. Only available when fetching a single issue at a time via the GetIssue RPC.

codeowners
object[]
codeSnippets
object[]

The content of files involved in this issue. Only available when fetching a single issue at a time via the GetIssue RPC.

ruleExplanation
object

AI-generated explanation for true positive autotriage cases. Only available when fetching a single issue at a time via the GetIssue RPC.

ruleDisplayName
string

The human-readable display name of the rule (e.g., "Hardcoded secret"). Only available when fetching a single issue at a time via the GetIssue RPC.

clickToFixPrUrl
string

The URL of the Click-to-Fix PR that was opened to fix this issue (if any). Available in the GetIssue RPC and in list responses that opt into it.

aiImpact
string

AI Detection only: LLM-generated description of the vulnerability's impact. Only available when fetching a single issue at a time via the GetIssue RPC.

aiExploitConditions
object[]

AI Detection only: Conditions that must be true for the vulnerability to be exploitable. Only available when fetching a single issue at a time via the GetIssue RPC.

clickToFixCommitMsg
string

The commit message for the Click-to-Fix PR (if any). Only available when fetching a single issue at a time via the GetIssue RPC.

exceptionRequest
object

A summary of the exception request for this issue, shaped for the findings list UI. Only returned if include_exception_request_info was true in the request.

clickToFixPrId
string

The SCM-agnostic PR identifier for the Click-to-Fix PR (if any). Available in the GetIssue RPC and in list responses that opt into it. Prefer this over parsing the PR number from click_to_fix_pr_url.

triagePermission
enum<string>

The triage permission for this issue: whether a developer may ignore it themselves, must request an exception, or cannot triage it at all. Only defined when the developer approvals feature is enabled.

valuedescription
TRIAGE_PERMISSION_IGNORE
TRIAGE_PERMISSION_REQUEST
TRIAGE_PERMISSION_NONE
Available options:
TRIAGE_PERMISSION_IGNORE,
TRIAGE_PERMISSION_REQUEST,
TRIAGE_PERMISSION_NONE
isArchived
boolean

True if this finding's project is archived (Semgrep-initiated via is_semgrep_archived, or SCM-archived).