> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# List Issues

> List an organization's recent issues with filtering, sorting, and pagination



## OpenAPI

````yaml /public_v2.openapi.yaml post /api/agent/deployments/{deploymentId}/issues
openapi: 3.0.3
info:
  title: Semgrep API
  description: >-
    The API v2 is currently a work in progress as we expand and improve our
    platform capabilities. There are no current plans to deprecate the [v1
    API](/api/v1/docs) – we remain committed to supporting existing integrations
    and will ensure that all v1 use cases are fully supported in v2 before any
    deprecation occurs.

    ## API Maturity Levels


    Each endpoint in the v2 API is marked with a maturity badge to help you
    understand its current state:


    🚧 **Experimental** - Use at your own risk. This endpoint was not originally
    designed for third-party use or is under active development. Expect
    significant breaking changes.


    ⚠️ **Beta** - This endpoint is being refined. We will communicate breaking
    changes to Beta partners as we tweak the implementation.


    ✅ **Stable** - No breaking changes will be made to this API. You can
    confidently build production integrations against these endpoints.


    We recommend using Stable endpoints for production applications and treating
    Experimental/Beta endpoints as previews of upcoming functionality. This API
    is documented in the **OpenAPI format**.


    # Authentication


    The API supports authentication with an API token with the "Web API"
    permission, without limited scopes of access.


    You can provision an API token [from the Settings
    page](https://semgrep.dev/orgs/-/settings/tokens).


    # Terms of Use


    Please note, the materials made available herein are subject to the [Semgrep
    Terms of Use](https://semgrep.dev/resources/website-terms/), and your access
    or use of any of the same is your acknowledgment and acceptance of the such
    terms.


    <br>


    ___
  contact:
    email: support@semgrep.com
  version: v2.0.0.alpha
  x-logo:
    url: https://semgrep.dev/images/SemgrepLogoWithTextWithMargin.svg
    backgroundColor: '#fafafa'
    altText: Semgrep logo
servers: []
security: []
tags:
  - name: AiFixJobsService
    description: Manage AI fix jobs for automated security fixes
    x-displayName: AI Fix Jobs
    x-group: AI Fix Jobs
  - name: AiTasksService
    description: Manage AI tasks, such as triage, auto-triage, and issue tagging backfill
    x-displayName: Ai Tasks
    x-group: Ai Tasks
  - name: AutofixService
    description: Trigger automated fixes for SAST, AI SAST, and SCA issues.
    x-displayName: Autofix
    x-group: Autofix
  - name: AutomationsService
    description: >-
      Automations are a way to automatically take actions on findings based on
      certain conditions.
    x-displayName: Automations
    x-group: Automations
  - name: AutotriageFeedbackService
    description: Feedback for the quality of autotriage, guidance or autofix
    x-displayName: Autotriage Feedback
    x-group: Autotriage Feedback
  - name: ChecklistService
    description: Manage onboarding checklist
    x-displayName: Onboarding Checklist
    x-group: Onboarding Checklist
  - name: DeploymentProductsService
    description: Manage deployment product configurations.
    x-displayName: Deployment Products
    x-group: Deployment Products
  - name: DeploymentService
    description: Manage deployment and its resources.
    x-displayName: Deployment
    x-group: Deployment
  - name: DeploymentSsoProvidersService
    description: Manage Deployment SSO Providers
    x-displayName: Deployment SSO Providers
    x-group: Deployment SSO Providers
  - name: DeploymentTagService
    description: Assign tags to a deployment.
    x-displayName: Deployment Tags
    x-group: Deployment Tags
  - name: DeploymentsService
    description: >-
      Deployments encapsulate your organization's security organization, with
      multiple projects, policies, and integrations. As the root object of the
      organization, they're similarly the root object of the API.
    x-displayName: Deployments
    x-group: Deployments
  - name: EditorService
    description: Run Semgrep patterns against target code in the editor playground
    x-displayName: Editor
    x-group: Editor
  - name: ExternalTicketingService
    description: APIs that power the External Ticketing experience.
    x-displayName: External Ticketing
    x-group: External Ticketing
  - name: FeatureRolloutsService
    description: View feature flags rolled out to all deployments
    x-displayName: Feature Rollouts
    x-group: Feature Rollouts
  - name: IgnoresService
    description: >-
      API for managing global ignores. See
      https://semgrep.dev/docs/ignoring-files-folders-code
    x-displayName: Global Ignores
    x-group: Global Ignores
  - name: InfrastructureConfigurationsService
    description: Infrastructure configuration information.
    x-displayName: Infrastructure Configurations
    x-group: Infrastructure Configurations
  - name: IssuesService
    description: Manage findings found by Semgrep scans
    x-displayName: Issues
    x-group: Issues
  - name: ManagedScanSettingsService
    description: Settings that affect all of a deployment's managed scans
    x-displayName: Managed Scan Settings
    x-group: Managed Scan Settings
  - name: MemoriesService
    description: Memories help reduce noise from findings.
    x-displayName: Memories
    x-group: Memories
  - name: MiscService
    description: Miscellaneous endpoints
    x-displayName: Misc
    x-group: Misc
  - name: NotificationRulesService
    description: Setup rules to get notified about new findings
    x-displayName: Notification Rules
    x-group: Notification Rules
  - name: NotificationWebhooksService
    description: Manage webhook endpoints for deployment notifications.
    x-displayName: Notification Webhooks
    x-group: Notification Webhooks
  - name: NotificationsService
    description: Notifications show in-app toasts to users.
    x-displayName: Notifications
    x-group: Notifications
  - name: PoliciesService
    description: >-
      View and manage the Policies of your organization.


      Deployments on the Unified Policies model use the [Policies V2
      API](/api/v2/docs/#tag/PoliciesV2Service) instead; this service stops
      working after the migration.
    x-displayName: Policies
    x-group: Policies
  - name: PoliciesV2Service
    description: >-
      Declarative management of detection and remediation policies for
      deployments on the Unified Policies model. Designed for GitOps-style
      reconciliation: read the current bundle, edit it, preview the diff with a
      dry run, then apply it strictly with optimistic concurrency control.
    x-displayName: Policies V2
    x-group: Policies V2
  - name: ProjectManagedScanSettingsService
    description: Settings that affect a specific project's managed scans
    x-displayName: Projects – Managed Scan Settings
    x-group: Projects – Managed Scan Settings
  - name: ProjectsService
    description: >-
      Projects are groups of files that are scanned by Semgrep. These normally
      correspond to repositories.
    x-displayName: Projects
    x-group: Projects
  - name: ReportsService
    description: APIs for Reporting Dashboards
    x-displayName: Reporting
    x-group: Reporting
  - name: ReviewCommentProductContentService
    description: >-
      Review comment product content is a way to add additional per-product
      information to a review comment.
    x-displayName: Review Comment Product Content
    x-group: Review Comment Product Content
  - name: RuleboardService
    description: >-
      The [Policies API](/api/v2/docs/#tag/PoliciesService) is *strongly*
      recommended. It is also newer than this Ruleboard service. Deployments on
      the Unified Policies model use the [Policies V2
      API](/api/v2/docs/#tag/PoliciesV2Service) instead; this service stops
      working after the migration.


      Manage Ruleboards (sets of policies).
    x-displayName: Ruleboards
    x-group: Ruleboards
  - name: ScansService
    description: View details of scans associated with projects in your organization.
    x-displayName: Scans
    x-group: Scans
  - name: ScmAppsService
    description: >-
      Manage connections to source code management systems (Github, Gitlab,
      etc.)
    x-displayName: Source Code Management (SCM) App
    x-group: Source Code Management (SCM) App
  - name: ScmService
    description: >-
      Manage connections to source code management systems (Github, Gitlab,
      etc.)
    x-displayName: Source Code Management (SCM) Configs
    x-group: Source Code Management (SCM) Configs
  - name: ScmSubscriptionsService
    description: Manage SCM Webhook Subscriptions
    x-displayName: Source Code Management (SCM) Webhooks
    x-group: Source Code Management (SCM) Webhooks
  - name: SlackService
  - name: SmsPackageManagerConfigService
    description: >-
      Manage authentication configurations for package managers used in Supply
      Chain Analysis (SCA) scans.
    x-displayName: Supply Chain - SMS Package Manager Configurations
    x-group: Supply Chain - SMS Package Manager Configurations
  - name: SmsScaResolutionConfigService
    description: >-
      Retrieve custom dependency resolution configurations for lockfileless
      scans.
    x-displayName: Supply Chain - SMS SCA Resolution Configurations
    x-group: Supply Chain - SMS SCA Resolution Configurations
  - name: SupplyChain2Service
    description: >-
      The Supply Chain is all of the dependencies of code, rather than the code
      itself. This service gives information about the supply chain.
    x-displayName: Supply Chain
    x-group: Supply Chain
  - name: SupportService
    description: Create and List Support Cases
    x-displayName: Support Service
    x-group: Support Service
  - name: SurveysService
    description: Retrieve and submit company surveys
    x-displayName: Surveys
    x-group: Surveys
  - name: TasksService
    description: >-
      Many tasks are done asynchronously; this service deals with managing async
      tasks.
    x-displayName: Tasks
    x-group: Tasks
  - name: TeamsService
    description: >-
      Teams are used to manage access control for resources within a deployment.
      For more information visit https://semgrep.dev/docs/deployment/teams.
    x-displayName: Teams
    x-group: Teams
  - name: TokenService
    description: >-
      Tokens are used for programmatic access to the Semgrep Cloud Platform
      APIs.
    x-displayName: Tokens
    x-group: Tokens
  - name: UsersService
    description: Manage user accounts, settings, and organization memberships
    x-displayName: Users Auth Service
    x-group: Users Auth Service
  - name: VersionsService
    description: Semgrep version information
    x-displayName: Versions
    x-group: Versions
  - name: WizCredentialService
    description: Manage Wiz credentials
    x-displayName: Wiz Credentials
    x-group: Wiz Credentials
paths:
  /api/agent/deployments/{deploymentId}/issues:
    post:
      tags:
        - IssuesService
      summary: List Issues
      description: >-
        List an organization's recent issues with filtering, sorting, and
        pagination
      operationId: IssuesService_ListIssues
      parameters:
        - name: deploymentId
          in: path
          description: Specifies the deployment to which the issues belong.
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/protos.issues.v1.ListIssuesRequest'
        required: true
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/protos.issues.v1.ListIssuesResponse'
      security:
        - SemgrepWebToken: []
        - SemgrepJWT: []
components:
  schemas:
    protos.issues.v1.ListIssuesRequest:
      type: object
      properties:
        deploymentId:
          type: string
          description: Specifies the deployment to which the issues belong.
        issueType:
          enum:
            - ISSUE_TYPE_SAST
            - ISSUE_TYPE_SCA
            - ISSUE_TYPE_SECRETS
            - ISSUE_TYPE_RESEARCH
            - ISSUE_TYPE_AI_SAST
          type: string
          description: >+
            Deprecated: use issue_types instead. Filters issues to those with
            the specified type.


            | value | description |

            |-------|---------------|

            | ISSUE_TYPE_SAST | Detected by Code rules |

            | ISSUE_TYPE_SCA | Detected by Supply Chain rules |

            | ISSUE_TYPE_SECRETS | Detected by Secrets rules |

            | ISSUE_TYPE_RESEARCH | Detected by research rules or scanners |

            | ISSUE_TYPE_AI_SAST | Detected by AI detection code scanning |

          format: enum
        sortBy:
          enum:
            - SORT_BY_SEVERITY
            - SORT_BY_REF
            - SORT_BY_REPO
            - SORT_BY_RULE
            - SORT_BY_RELEVANT_SINCE
            - SORT_BY_STATE
          type: string
          description: |+
            Specifies the field to sort the results by.

            | value | description |
            |-------|---------------|
            | SORT_BY_SEVERITY |  |
            | SORT_BY_REF |  |
            | SORT_BY_REPO |  |
            | SORT_BY_RULE |  |
            | SORT_BY_RELEVANT_SINCE |  |
            | SORT_BY_STATE |  |

          format: enum
        sortDirection:
          enum:
            - SORT_DIRECTION_ASC
            - SORT_DIRECTION_DESC
          type: string
          description: |+
            Specifies the direction to sort the results.

            | value | description |
            |-------|---------------|
            | SORT_DIRECTION_ASC |  |
            | SORT_DIRECTION_DESC |  |

          format: enum
        limit:
          type: integer
          description: Sets the page size of the paginated list of issues.
          format: int64
        cursor:
          type: string
          description: >-
            Cursor used for pagination -- passing no value or an empty string
            effectively requests the first page.
        filter:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.IssuesFilter'
          description: Filters the issues to list.
        issueTypes:
          enum:
            - ISSUE_TYPE_SAST
            - ISSUE_TYPE_SCA
            - ISSUE_TYPE_SECRETS
            - ISSUE_TYPE_RESEARCH
            - ISSUE_TYPE_AI_SAST
          type: array
          items:
            enum:
              - ISSUE_TYPE_UNSPECIFIED
              - ISSUE_TYPE_SAST
              - ISSUE_TYPE_SCA
              - ISSUE_TYPE_SECRETS
              - ISSUE_TYPE_RESEARCH
              - ISSUE_TYPE_AI_SAST
            type: string
            format: enum
          description: >+
            Filters issues to those with any of the specified types (based on
            the product which produced these issues).
             When empty, falls back to the deprecated issue_type field for backward compatibility.

            | value | description |

            |-------|---------------|

            | ISSUE_TYPE_SAST | Detected by Code rules |

            | ISSUE_TYPE_SCA | Detected by Supply Chain rules |

            | ISSUE_TYPE_SECRETS | Detected by Secrets rules |

            | ISSUE_TYPE_RESEARCH | Detected by research rules or scanners |

            | ISSUE_TYPE_AI_SAST | Detected by AI detection code scanning |

        includeRemediation:
          type: boolean
          description: >-
            When true, include AI remediation info (autofix and guidance) for
            each
             issue in the response. Defaults to false.
        includeActivityHistory:
          type: boolean
          description: >-
            When true, include activity history (status changes, triage events,
            etc.) for each
             issue in the response. Defaults to false.
        includeIsArchived:
          type: boolean
          description: >-
            When true, populate the is_archived field on each issue in the
            response.
             Defaults to false.
    protos.issues.v1.ListIssuesResponse:
      type: object
      properties:
        issues:
          type: array
          items:
            $ref: >-
              #/components/schemas/protos.issues.v1.ListIssuesResponse_IssueSummary
        cursor:
          type: string
    protos.issues.v1.IssuesFilter:
      type: object
      properties:
        ids:
          type: array
          items:
            type: string
          description: >-
            Filters issues to those whose ids match any of the specified values.
            Applies to all issue types.
        since:
          type: string
          description: >-
            Filters issues relevant since the specified timestamp. Applies to
            all issue types.
          format: date-time
        until:
          type: string
          description: >-
            Filters issues created before the specified timestamp. Applies to
            all issue types.
          format: date-time
        repositoryNames:
          type: array
          items:
            type: string
          description: >-
            Filters issues which belong to a repo with one of the specified
            names. Applies to all issue types.
        repositoryIds:
          type: array
          items:
            type: string
          description: >-
            Filters issues which belong to a repo with one of the specified ids.
            Applies to all issue types.
        repositoryTags:
          type: array
          items:
            type: string
          description: >-
            Filters issues which belong to a repo with one of the specified
            tags. Applies to all issue types.
        refs:
          type: array
          items:
            type: string
          description: >-
            Filters issues which were found in a ref with one of the specified
            names. Applies to all issue types.
        repositoryRefIds:
          type: array
          items:
            type: string
          description: >-
            Filters issues which were found on the repo and ref associated with
            the repo ref id. Applies to all issue types.
        aiVerdicts:
          enum:
            - VERDICT_TRUE_POSITIVE
            - VERDICT_FALSE_POSITIVE
            - VERDICT_NO_VERDICT
          type: array
          items:
            enum:
              - VERDICT_UNSPECIFIED
              - VERDICT_TRUE_POSITIVE
              - VERDICT_FALSE_POSITIVE
              - VERDICT_NO_VERDICT
            type: string
            format: enum
          description: >+
            Filters issues whose autotriage verdict matches one of the specified
            values. Applies to all issue types.


            | value | description |

            |-------|---------------|

            | VERDICT_TRUE_POSITIVE |  |

            | VERDICT_FALSE_POSITIVE |  |

            | VERDICT_NO_VERDICT |  |

        aiSensitivities:
          type: array
          items:
            type: string
          description: >-
            Filters issues whose autotriage tag matches one of the specified
            values. Applies to all issue types.
        status:
          enum:
            - ISSUE_STATUS_FIXED
            - ISSUE_STATUS_MUTED
            - ISSUE_STATUS_REMOVED
            - ISSUE_STATUS_UNRESOLVED
          type: array
          items:
            enum:
              - ISSUE_STATUS_UNSPECIFIED
              - ISSUE_STATUS_FIXED
              - ISSUE_STATUS_MUTED
              - ISSUE_STATUS_REMOVED
              - ISSUE_STATUS_UNRESOLVED
            type: string
            format: enum
          description: >+
            Filters issues whose status matches one of the specified values.
            Applies to all issue types.
             Deprecated in favor of `aggregate_issue_states`, which is the forward-looking state filter.

            | value | description |

            |-------|---------------|

            | ISSUE_STATUS_FIXED |  |

            | ISSUE_STATUS_MUTED |  |

            | ISSUE_STATUS_REMOVED |  |

            | ISSUE_STATUS_UNRESOLVED |  |

        tab:
          enum:
            - ISSUE_TAB_OPEN
            - ISSUE_TAB_IGNORED
            - ISSUE_TAB_CLOSED
            - ISSUE_TAB_REVIEWING
            - ISSUE_TAB_FIXING
            - ISSUE_TAB_PROVISIONALLY_IGNORED
          type: string
          description: >+
            Filters issues whose general status (open, ignored, fixed) matches
            one of the specified values. Applies to all issue types.


            | value | description |

            |-------|---------------|

            | ISSUE_TAB_OPEN |  |

            | ISSUE_TAB_IGNORED |  |

            | ISSUE_TAB_CLOSED |  |

            | ISSUE_TAB_REVIEWING |  |

            | ISSUE_TAB_FIXING |  |

            | ISSUE_TAB_PROVISIONALLY_IGNORED |  |

          format: enum
        teamNames:
          type: array
          items:
            type: string
          description: >-
            Filter issues which belong to a repo assigned to one of the
            specified teams. Applies to all issue types.
        actions:
          enum:
            - MODE_MONITOR
            - MODE_COMMENT
            - MODE_BLOCK
            - MODE_DISABLED
          type: array
          items:
            enum:
              - MODE_UNSPECIFIED
              - MODE_MONITOR
              - MODE_COMMENT
              - MODE_BLOCK
              - MODE_DISABLED
            type: string
            format: enum
          description: >+
            Filters SAST issues whose action mode matches one of the specified
            values. Only applies when the provided issue_type is SAST.
             Deprecated: action mode is tied to the legacy policy model and has no effect for deployments on unified policies. This filter will be removed in a future release.

            | value | description |

            |-------|---------------|

            | MODE_MONITOR | Monitor mode, silently report findings |

            | MODE_COMMENT | Comment mode, leaves PR comments but does not block
            |

            | MODE_BLOCK | Block mode, leaves PR comments and blocks PR |

            | MODE_DISABLED | Disabled mode, not active |

        policySlugs:
          type: array
          items:
            type: string
          description: >-
            Filters SAST issues whose policy slug matches one of the specified
            values. Deprecated in favor of `action`. Only applies when the
            provided issue_type is SAST.
        rules:
          type: array
          items:
            type: string
          description: >-
            Filters SAST issues whose rule paths match one of the specified
            values. Only applies when the provided issue_type is SAST.
        ruleIds:
          type: array
          items:
            type: string
          description: >-
            Filters issues whose rule id matches one of the specified values.
            Applies to all issue types.
        rulesets:
          type: array
          items:
            type: string
          description: >-
            Filters SAST issues whose ruleset name matches one of the specified
            values. Only applies when the provided issue_type is SAST.
        categories:
          type: array
          items:
            type: string
          description: >-
            Filters SAST issues whose category matches one of the specified
            values. Only applies when the provided issue_type is SAST.
        confidences:
          enum:
            - CONFIDENCE_HIGH
            - CONFIDENCE_MEDIUM
            - CONFIDENCE_LOW
          type: array
          items:
            enum:
              - CONFIDENCE_UNSPECIFIED
              - CONFIDENCE_HIGH
              - CONFIDENCE_MEDIUM
              - CONFIDENCE_LOW
            type: string
            format: enum
          description: >+
            Filters SAST issues whose confidence rating matches one of the
            specified values. Only applies when the provided issue_type is SAST.


            | value | description |

            |-------|---------------|

            | CONFIDENCE_HIGH |  |

            | CONFIDENCE_MEDIUM |  |

            | CONFIDENCE_LOW |  |

        severities:
          enum:
            - SEVERITY_HIGH
            - SEVERITY_MEDIUM
            - SEVERITY_LOW
            - SEVERITY_CRITICAL
          type: array
          items:
            enum:
              - SEVERITY_UNSPECIFIED
              - SEVERITY_HIGH
              - SEVERITY_MEDIUM
              - SEVERITY_LOW
              - SEVERITY_CRITICAL
            type: string
            format: enum
          description: >+
            Filters SAST issues whose severity matches one of the specified
            values. Only applies when the provided issue_type is SAST.


            | value | description |

            |-------|---------------|

            | SEVERITY_HIGH |  |

            | SEVERITY_MEDIUM |  |

            | SEVERITY_LOW |  |

            | SEVERITY_CRITICAL |  |

        transitivities:
          enum:
            - UNKNOWN_TRANSITIVITY
            - TRANSITIVE
            - DIRECT
          type: array
          items:
            enum:
              - UNKNOWN_TRANSITIVITY
              - TRANSITIVE
              - DIRECT
            type: string
            format: enum
          description: >+
            Filters supply chain issues whose transitivity matches one of the
            specified values. Only applies when the provided issue_type is SCA.


            | value | description |

            |-------|---------------|

            | UNKNOWN_TRANSITIVITY |  |

            | TRANSITIVE |  |

            | DIRECT |  |

        exposures:
          enum:
            - UNKNOWN_EXPOSURE
            - UNREACHABLE
            - REACHABLE
          type: array
          items:
            enum:
              - UNKNOWN_EXPOSURE
              - UNREACHABLE
              - REACHABLE
            type: string
            format: enum
          description: >+
            Filters supply chain issues whose exposure (a.k.a. "reachability")
            matches one of the specified values. Only applies when the provided
            issue_type is SCA.


            | value | description |

            |-------|---------------|

            | UNKNOWN_EXPOSURE |  |

            | UNREACHABLE |  |

            | REACHABLE |  |

        dependencies:
          type: array
          items:
            type: string
          description: >-
            Filters supply chain issues found in a dependency whose name matches
            any of the specified values. Only applies when the provided
            issue_type is SCA.
        cves:
          type: array
          items:
            type: string
          description: >-
            Filters supply chain issues belonging to a CVE whose name matches
            the specified value. Only applies when the provided issue_type is
            SCA.
        source:
          enum:
            - SOURCE_PRO
            - SOURCE_COMMUNITY
            - SOURCE_CUSTOM
          type: array
          items:
            enum:
              - SOURCE_UNSPECIFIED
              - SOURCE_PRO
              - SOURCE_COMMUNITY
              - SOURCE_CUSTOM
            type: string
            format: enum
          description: >+
            Filters issues whose source matches one of the specified values.
            Applies to SAST now, and maybe Secrets in the future.


            | value | description |

            |-------|---------------|

            | SOURCE_PRO | From Pro rules |

            | SOURCE_COMMUNITY | From Semgrep Community rules |

            | SOURCE_CUSTOM | From Custom rules |

        reachabilities:
          enum:
            - REACHABILITY_CONDITIONALLY_REACHABLE
            - REACHABILITY_ALWAYS_REACHABLE
            - REACHABILITY_REACHABLE
            - REACHABILITY_UNREACHABLE
            - REACHABILITY_UNKNOWN
          type: array
          items:
            enum:
              - REACHABILITY_UNSPECIFIED
              - REACHABILITY_CONDITIONALLY_REACHABLE
              - REACHABILITY_ALWAYS_REACHABLE
              - REACHABILITY_REACHABLE
              - REACHABILITY_UNREACHABLE
              - REACHABILITY_UNKNOWN
            type: string
            format: enum
          description: >+
            Filters supply chain issues whose reachability matches one of the
            specified values. Only applies when the provided issue_type is SCA.


            | value | description |

            |-------|---------------|

            | REACHABILITY_CONDITIONALLY_REACHABLE |  |

            | REACHABILITY_ALWAYS_REACHABLE |  |

            | REACHABILITY_REACHABLE |  |

            | REACHABILITY_UNREACHABLE |  |

            | REACHABILITY_UNKNOWN |  |

        issueParentIds:
          type: array
          items:
            type: string
          description: >-
            Filters issues to those whose issue parent ids match any of the
            specified values. Applies to all types.
        validationStates:
          enum:
            - VALIDATION_STATE_CONFIRMED_VALID
            - VALIDATION_STATE_CONFIRMED_INVALID
            - VALIDATION_STATE_VALIDATION_ERROR
            - VALIDATION_STATE_NO_VALIDATOR
          type: array
          items:
            enum:
              - VALIDATION_STATE_UNSPECIFIED
              - VALIDATION_STATE_CONFIRMED_VALID
              - VALIDATION_STATE_CONFIRMED_INVALID
              - VALIDATION_STATE_VALIDATION_ERROR
              - VALIDATION_STATE_NO_VALIDATOR
            type: string
            format: enum
          description: >+
            Filters secrets issues whose validation state matches one of the
            specified values. Only applies when the provided issue_type is
            SECRETS.


            | value | description |

            |-------|---------------|

            | VALIDATION_STATE_CONFIRMED_VALID |  |

            | VALIDATION_STATE_CONFIRMED_INVALID |  |

            | VALIDATION_STATE_VALIDATION_ERROR |  |

            | VALIDATION_STATE_NO_VALIDATOR |  |

        secretTypes:
          type: array
          items:
            type: string
          description: >-
            Filters secrets issues whose secret type matches one of the
            specified values. Only applies when the provided issue_type is
            SECRETS.
        repoVisibilities:
          enum:
            - REPOSITORY_VISIBILITY_PUBLIC
            - REPOSITORY_VISIBILITY_PRIVATE
            - REPOSITORY_VISIBILITY_UNKNOWN
          type: array
          items:
            enum:
              - REPOSITORY_VISIBILITY_UNSPECIFIED
              - REPOSITORY_VISIBILITY_PUBLIC
              - REPOSITORY_VISIBILITY_PRIVATE
              - REPOSITORY_VISIBILITY_UNKNOWN
            type: string
            format: enum
          description: >+
            Filters secrets issues whose status matches one of the specified
            values. Only applies when the provided issue_type is SECRETS.


            | value | description |

            |-------|---------------|

            | REPOSITORY_VISIBILITY_PUBLIC |  |

            | REPOSITORY_VISIBILITY_PRIVATE |  |

            | REPOSITORY_VISIBILITY_UNKNOWN |  |

        excludeHistorical:
          type: boolean
          description: >-
            Filters out historical secrets issues if true. Only applies when the
            provided issue_type is SECRETS.
        onPrimaryBranch:
          type: boolean
          description: >-
            Filter down to only issues that are - or are not - found on the
            default branch of their project.
        epssProbabilities:
          enum:
            - EPSS_PROBABILITY_LOW
            - EPSS_PROBABILITY_MEDIUM
            - EPSS_PROBABILITY_HIGH
            - EPSS_PROBABILITY_NONE
          type: array
          items:
            enum:
              - EPSS_PROBABILITY_UNSPECIFIED
              - EPSS_PROBABILITY_LOW
              - EPSS_PROBABILITY_MEDIUM
              - EPSS_PROBABILITY_HIGH
              - EPSS_PROBABILITY_NONE
            type: string
            format: enum
          description: >+
            Filters supply chain issues whose corresponding EPSS scores fall in
            one of the specified buckets. Only applies when the provided
            issue_type is SCA.


            | value | description |

            |-------|---------------|

            | EPSS_PROBABILITY_LOW |  |

            | EPSS_PROBABILITY_MEDIUM |  |

            | EPSS_PROBABILITY_HIGH |  |

            | EPSS_PROBABILITY_NONE |  |

        triageReasons:
          enum:
            - FINDING_TRIAGE_REASON_FALSE_POSITIVE
            - FINDING_TRIAGE_REASON_NO_TIME
            - FINDING_TRIAGE_REASON_ACCEPTABLE_RISK
            - FINDING_TRIAGE_REASON_NO_TRIAGE_REASON
            - FINDING_TRIAGE_REASON_UNKNOWN
            - FINDING_TRIAGE_REASON_DUPLICATE
          type: array
          items:
            enum:
              - FINDING_TRIAGE_REASON_UNSPECIFIED
              - FINDING_TRIAGE_REASON_FALSE_POSITIVE
              - FINDING_TRIAGE_REASON_NO_TIME
              - FINDING_TRIAGE_REASON_ACCEPTABLE_RISK
              - FINDING_TRIAGE_REASON_NO_TRIAGE_REASON
              - FINDING_TRIAGE_REASON_UNKNOWN
              - FINDING_TRIAGE_REASON_DUPLICATE
            type: string
            format: enum
          description: >+
            Filters issues whose triage reason matches one of the specified
            values. Applies to all issue types.


            | value | description |

            |-------|---------------|

            | FINDING_TRIAGE_REASON_FALSE_POSITIVE |  |

            | FINDING_TRIAGE_REASON_NO_TIME |  |

            | FINDING_TRIAGE_REASON_ACCEPTABLE_RISK |  |

            | FINDING_TRIAGE_REASON_NO_TRIAGE_REASON |  |

            | FINDING_TRIAGE_REASON_UNKNOWN |  |

            | FINDING_TRIAGE_REASON_DUPLICATE |  |

        timeFilter:
          enum:
            - TIME_FILTER_RELEVANT_SINCE
            - TIME_FILTER_TRIAGED_AT
            - TIME_FILTER_FIXED_AT
          type: string
          description: >+
            Filters issues by date based on different attributes related to
            status changes or triaging


            | value | description |

            |-------|---------------|

            | TIME_FILTER_RELEVANT_SINCE |  |

            | TIME_FILTER_TRIAGED_AT |  |

            | TIME_FILTER_FIXED_AT |  |

          format: enum
        includeTicketed:
          type: boolean
          description: >-
            Filters issues based on if they have a nango_external_ticket
            associated with them
        backlogType:
          enum:
            - ISSUE_BACKLOG_TYPE_PROD
            - ISSUE_BACKLOG_TYPE_PREPROD
          type: string
          description: >+
            Filters issues to either all (prod), or only those with review
            comments (pre-prod). Only applies when the provided issue_type is
            SAST.
             TODO: once experiment is successful, prod should mean only issues in actual production (very similar to on_primary_branch)
             TODO: verify if review_comment is correct for SCA/SECRETS and enable this filter for those issue types too

            | value | description |

            |-------|---------------|

            | ISSUE_BACKLOG_TYPE_PROD |  |

            | ISSUE_BACKLOG_TYPE_PREPROD |  |

          format: enum
        scaRuleKind:
          enum:
            - SCA_RULE_KIND_REACHABLE
            - SCA_RULE_KIND_UPGRADE_ONLY
            - SCA_RULE_KIND_MALICIOUS_DEPENDENCY
            - SCA_RULE_KIND_LEGACY
          type: array
          items:
            enum:
              - SCA_RULE_KIND_UNSPECIFIED
              - SCA_RULE_KIND_REACHABLE
              - SCA_RULE_KIND_UPGRADE_ONLY
              - SCA_RULE_KIND_MALICIOUS_DEPENDENCY
              - SCA_RULE_KIND_LEGACY
            type: string
            format: enum
          description: >+
            Filters supply chain issues by its kind (malicious dependency,
            reachable, upgrade-only, legacy). Only applies when the provided
            issue_type is SCA.


            | value | description |

            |-------|---------------|

            | SCA_RULE_KIND_REACHABLE |  |

            | SCA_RULE_KIND_UPGRADE_ONLY |  |

            | SCA_RULE_KIND_MALICIOUS_DEPENDENCY |  |

            | SCA_RULE_KIND_LEGACY |  |

        aiMemoryWillFlipVerdict:
          type: string
          description: >-
            Filters issues where a given memory ID's preanalysi shows the AI
            verdict would change. Supports only one memory ID at a time.
        aiMemoryReferenced:
          type: string
          description: >-
            Filters issues to those which have an AI memory referenced. Applies
            to SAST issues only.
        includeAiMemoryRendered:
          type: boolean
          description: >-
            Filters for issues based on if they have any AI memory rendered.
            Applies to SAST issues only.
        aiMemoryRendered:
          type: string
          description: >-
            Filters issues to those which have a specific AI memory rendered.
            Applies to SAST issues only.
        memoryIdInScope:
          type: string
          description: >-
            Filters to issues that are in scope of the given memory. Applies to
            SAST issues only.
        relativeSince:
          enum:
            - RELATIVE_SINCE_ONE_DAY
            - RELATIVE_SINCE_ONE_WEEK
            - RELATIVE_SINCE_ONE_MONTH
            - RELATIVE_SINCE_THREE_MONTHS
            - RELATIVE_SINCE_SIX_MONTHS
            - RELATIVE_SINCE_ONE_YEAR
            - RELATIVE_SINCE_ALL_TIME
            - RELATIVE_SINCE_ONE_MINUTE
          type: string
          description: >+
            Filters issues relevant since the specified relative time. Applies
            to all issue types.


            | value | description |

            |-------|---------------|

            | RELATIVE_SINCE_ONE_DAY |  |

            | RELATIVE_SINCE_ONE_WEEK |  |

            | RELATIVE_SINCE_ONE_MONTH |  |

            | RELATIVE_SINCE_THREE_MONTHS |  |

            | RELATIVE_SINCE_SIX_MONTHS |  |

            | RELATIVE_SINCE_ONE_YEAR |  |

            | RELATIVE_SINCE_ALL_TIME |  |

            | RELATIVE_SINCE_ONE_MINUTE |  |

          format: enum
        repositoryDeploymentStatuses:
          enum:
            - DEPLOYMENT_STATUS_UNKNOWN
            - DEPLOYMENT_STATUS_DEPLOYED
            - DEPLOYMENT_STATUS_NOT_DEPLOYED
          type: array
          items:
            enum:
              - DEPLOYMENT_STATUS_UNSPECIFIED
              - DEPLOYMENT_STATUS_UNKNOWN
              - DEPLOYMENT_STATUS_DEPLOYED
              - DEPLOYMENT_STATUS_NOT_DEPLOYED
            type: string
            format: enum
          description: >+
            Filters issues to whose projects are deployed in an environment.
            Applies to all issue types.


            | value | description |

            |-------|---------------|

            | DEPLOYMENT_STATUS_UNKNOWN |  |

            | DEPLOYMENT_STATUS_DEPLOYED |  |

            | DEPLOYMENT_STATUS_NOT_DEPLOYED |  |

        upgradeGuidance:
          enum:
            - BREAKING_CHANGE_TYPE_PARAMETER_CHANGE
            - BREAKING_CHANGE_TYPE_FUNCTION_OR_CLASS_REMOVAL
            - BREAKING_CHANGE_TYPE_FUNCTION_RENAME
            - BREAKING_CHANGE_TYPE_LOGIC_CHANGE
            - BREAKING_CHANGE_TYPE_NOT_BREAKING
          type: array
          items:
            enum:
              - BREAKING_CHANGE_TYPE_UNSPECIFIED
              - BREAKING_CHANGE_TYPE_PARAMETER_CHANGE
              - BREAKING_CHANGE_TYPE_FUNCTION_OR_CLASS_REMOVAL
              - BREAKING_CHANGE_TYPE_FUNCTION_RENAME
              - BREAKING_CHANGE_TYPE_LOGIC_CHANGE
              - BREAKING_CHANGE_TYPE_NOT_BREAKING
            type: string
            format: enum
          description: >+
            Filters supply chain issues whose upgrade guidance matches one of
            the specified values. Only applies when the provided issue_type is
            SCA.
             Deprecated in favor of `upgrade_guidance_filters`.

            | value | description |

            |-------|---------------|

            | BREAKING_CHANGE_TYPE_PARAMETER_CHANGE | The symbol has a breaking
            change due to a change in the parameters of the function. This
            includes changes in the number of parameters, their names, their
            types, etc. |

            | BREAKING_CHANGE_TYPE_FUNCTION_OR_CLASS_REMOVAL | The symbol has a
            breaking change due to the removal of a function or class. This
            means that the function or class is no longer available in the
            target version. |

            | BREAKING_CHANGE_TYPE_FUNCTION_RENAME | The symbol has a breaking
            change due to a change in the name of the function or class. |

            | BREAKING_CHANGE_TYPE_LOGIC_CHANGE | The symbol has a breaking
            change due to a change in the logic of the function or class. This
            means that the function or class still exists, but its behavior has
            changed in a way that may affect the code that uses it. |

            | BREAKING_CHANGE_TYPE_NOT_BREAKING | The symbol does not have a
            breaking change, meaning it can be used in the target version
            without any issues. |

        repositoryPublicExposures:
          enum:
            - PUBLIC_EXPOSURE_UNKNOWN
            - PUBLIC_EXPOSURE_PUBLIC
            - PUBLIC_EXPOSURE_NOT_PUBLIC
          type: array
          items:
            enum:
              - PUBLIC_EXPOSURE_UNSPECIFIED
              - PUBLIC_EXPOSURE_UNKNOWN
              - PUBLIC_EXPOSURE_PUBLIC
              - PUBLIC_EXPOSURE_NOT_PUBLIC
            type: string
            format: enum
          description: >+
            Filters issues to those whose deployed services are publicly
            accessible. Applies to all issue types.


            | value | description |

            |-------|---------------|

            | PUBLIC_EXPOSURE_UNKNOWN |  |

            | PUBLIC_EXPOSURE_PUBLIC |  |

            | PUBLIC_EXPOSURE_NOT_PUBLIC |  |

        clickToFixPrStates:
          enum:
            - CLICK_TO_FIX_PR_STATE_OPEN
            - CLICK_TO_FIX_PR_STATE_MERGED
            - CLICK_TO_FIX_PR_STATE_NO_PR
          type: array
          items:
            enum:
              - CLICK_TO_FIX_PR_STATE_UNSPECIFIED
              - CLICK_TO_FIX_PR_STATE_OPEN
              - CLICK_TO_FIX_PR_STATE_MERGED
              - CLICK_TO_FIX_PR_STATE_NO_PR
            type: string
            format: enum
          description: >+
            Filters issues by their Click to Fix PR state. Only applies when the
            provided issue_type is SAST or SCA.


            | value | description |

            |-------|---------------|

            | CLICK_TO_FIX_PR_STATE_OPEN |  |

            | CLICK_TO_FIX_PR_STATE_MERGED |  |

            | CLICK_TO_FIX_PR_STATE_NO_PR |  |

        advisoryIds:
          type: array
          items:
            type: string
          description: >-
            Filters supply chain issues by advisory IDs (CVE, GHSA, MAL, etc.).
            Only applies when the provided issue_type is SCA.
        aggregateIssueStates:
          enum:
            - AGGREGATE_ISSUE_STATE_OPEN
            - AGGREGATE_ISSUE_STATE_FIXED
            - AGGREGATE_ISSUE_STATE_REMOVED
            - AGGREGATE_ISSUE_STATE_IGNORED_APP
            - AGGREGATE_ISSUE_STATE_IGNORED_CODE
            - AGGREGATE_ISSUE_STATE_UNKNOWN
            - AGGREGATE_ISSUE_STATE_REVIEWING
            - AGGREGATE_ISSUE_STATE_FIXING
            - AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP
          type: array
          items:
            enum:
              - AGGREGATE_ISSUE_STATE_UNSPECIFIED
              - AGGREGATE_ISSUE_STATE_OPEN
              - AGGREGATE_ISSUE_STATE_FIXED
              - AGGREGATE_ISSUE_STATE_REMOVED
              - AGGREGATE_ISSUE_STATE_IGNORED_APP
              - AGGREGATE_ISSUE_STATE_IGNORED_CODE
              - AGGREGATE_ISSUE_STATE_UNKNOWN
              - AGGREGATE_ISSUE_STATE_REVIEWING
              - AGGREGATE_ISSUE_STATE_FIXING
              - AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP
            type: string
            format: enum
          description: >+
            Filters issues whose aggregate state matches one of the specified
            values. Applies to all issue types.
             Only supported in the Duplo code path.

            | value | description |

            |-------|---------------|

            | AGGREGATE_ISSUE_STATE_OPEN |  |

            | AGGREGATE_ISSUE_STATE_FIXED |  |

            | AGGREGATE_ISSUE_STATE_REMOVED |  |

            | AGGREGATE_ISSUE_STATE_IGNORED_APP |  |

            | AGGREGATE_ISSUE_STATE_IGNORED_CODE |  |

            | AGGREGATE_ISSUE_STATE_UNKNOWN |  |

            | AGGREGATE_ISSUE_STATE_REVIEWING |  |

            | AGGREGATE_ISSUE_STATE_FIXING |  |

            | AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP |  |

        upgradeGuidanceFilters:
          enum:
            - UPGRADE_GUIDANCE_SELECTION_SAFE
            - UPGRADE_GUIDANCE_SELECTION_BREAKING
          type: array
          items:
            enum:
              - UPGRADE_GUIDANCE_SELECTION_UNSPECIFIED
              - UPGRADE_GUIDANCE_SELECTION_SAFE
              - UPGRADE_GUIDANCE_SELECTION_BREAKING
            type: string
            format: enum
          description: >+
            Filters supply chain issues by generic upgrade guidance selections
            (safe or breaking). Only applies when the provided issue_type is
            SCA.


            | value | description |

            |-------|---------------|

            | UPGRADE_GUIDANCE_SELECTION_SAFE |  |

            | UPGRADE_GUIDANCE_SELECTION_BREAKING |  |

        filterIssueTypes:
          enum:
            - ISSUE_TYPE_SAST
            - ISSUE_TYPE_SCA
            - ISSUE_TYPE_SECRETS
            - ISSUE_TYPE_RESEARCH
            - ISSUE_TYPE_AI_SAST
          type: array
          items:
            enum:
              - ISSUE_TYPE_UNSPECIFIED
              - ISSUE_TYPE_SAST
              - ISSUE_TYPE_SCA
              - ISSUE_TYPE_SECRETS
              - ISSUE_TYPE_RESEARCH
              - ISSUE_TYPE_AI_SAST
            type: string
            format: enum
          description: >+
            Frontend-only: this field is included in IssuesFilter to leverage
            proto-generated TypeScript
             types for filter state management and URL serialization. When non-empty, restricts the duplo
             combined Code view to show only the specified issue types. The backend ignores this field.

            | value | description |

            |-------|---------------|

            | ISSUE_TYPE_SAST | Detected by Code rules |

            | ISSUE_TYPE_SCA | Detected by Supply Chain rules |

            | ISSUE_TYPE_SECRETS | Detected by Secrets rules |

            | ISSUE_TYPE_RESEARCH | Detected by research rules or scanners |

            | ISSUE_TYPE_AI_SAST | Detected by AI detection code scanning |

        filePaths:
          type: array
          items:
            type: string
          description: >-
            Fuzzy file path search. Filters issues whose file path matches one
            of the specified values using
             analyzed text search (splits on / . _ - etc. and supports typo tolerance). Only works when
             Duplo is enabled for the deployment — ignored otherwise. Accepts an array of strings but
             currently only the first value is used.
        includeArchived:
          type: boolean
          description: >-
            When true, include findings on archived projects in results. By
            default
             (unset/false), findings on archived projects are hidden from all product
             tabs and their counts — but only for deployments that have archived
             projects (gated by the `appex.has_archived_projects` config). Applies to
             all issue types. Archival is a separate dimension from aggregate state, so
             this is an independent toggle rather than an `aggregate_issue_states` value.
    protos.issues.v1.ListIssuesResponse_IssueSummary:
      type: object
      properties:
        issue:
          $ref: '#/components/schemas/protos.issues.v1.Issue'
        reviewCount:
          type: string
        triageCount:
          type: string
        allRefs:
          type: array
          items:
            type: string
        aiSilencedCount:
          type: string
        allReviewThreadIds:
          type: array
          items:
            type: string
        allReviewComments:
          type: array
          items:
            $ref: >-
              #/components/schemas/protos.issues.v1.ListIssuesResponse_ReviewComment
    protos.issues.v1.Issue:
      type: object
      properties:
        id:
          type: string
          description: ID of the finding
        createdAt:
          type: string
          description: Creation timestamp
          format: date-time
        ref:
          type: string
          description: Branch where the finding was detected
        syntacticId:
          type: string
          description: >-
            Semi-unique hash of a check consisting of: Line Numbers, File Path,
            Rule ID, Index of finding in file, and Matched code
        matchBasedId:
          type: string
          description: >-
            Semi-unique hash of a check consisting of: File Path, Rule ID, Index
            of finding in file, and Rule Formula with metavariable bindings
            substituted in
        ruleId:
          type: string
          description: The ID of the associated semgrep rule
        status:
          enum:
            - ISSUE_STATUS_FIXED
            - ISSUE_STATUS_MUTED
            - ISSUE_STATUS_REMOVED
            - ISSUE_STATUS_UNRESOLVED
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | ISSUE_STATUS_FIXED |  |
            | ISSUE_STATUS_MUTED |  |
            | ISSUE_STATUS_REMOVED |  |
            | ISSUE_STATUS_UNRESOLVED |  |

          format: enum
        repository:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_Repository'
          description: The repository in which this issue was found
        firstSeenScan:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_Scan'
          description: The first scan in which this issue was found
        triageState:
          enum:
            - FINDING_TRIAGE_STATE_UNTRIAGED
            - FINDING_TRIAGE_STATE_IGNORED
            - FINDING_TRIAGE_STATE_REOPENED
            - FINDING_TRIAGE_STATE_UNKNOWN
            - FINDING_TRIAGE_STATE_REVIEWING
            - FINDING_TRIAGE_STATE_FIXING
            - FINDING_TRIAGE_STATE_PROVISIONALLY_IGNORED
          type: string
          description: |+
            The issue's current triage state.

            | value | description |
            |-------|---------------|
            | FINDING_TRIAGE_STATE_UNTRIAGED |  |
            | FINDING_TRIAGE_STATE_IGNORED |  |
            | FINDING_TRIAGE_STATE_REOPENED |  |
            | FINDING_TRIAGE_STATE_UNKNOWN |  |
            | FINDING_TRIAGE_STATE_REVIEWING |  |
            | FINDING_TRIAGE_STATE_FIXING |  |
            | FINDING_TRIAGE_STATE_PROVISIONALLY_IGNORED |  |

          format: enum
        triageReason:
          enum:
            - FINDING_TRIAGE_REASON_FALSE_POSITIVE
            - FINDING_TRIAGE_REASON_NO_TIME
            - FINDING_TRIAGE_REASON_ACCEPTABLE_RISK
            - FINDING_TRIAGE_REASON_NO_TRIAGE_REASON
            - FINDING_TRIAGE_REASON_UNKNOWN
            - FINDING_TRIAGE_REASON_DUPLICATE
          type: string
          description: |+
            The reason the issue was triaged.

            | value | description |
            |-------|---------------|
            | FINDING_TRIAGE_REASON_FALSE_POSITIVE |  |
            | FINDING_TRIAGE_REASON_NO_TIME |  |
            | FINDING_TRIAGE_REASON_ACCEPTABLE_RISK |  |
            | FINDING_TRIAGE_REASON_NO_TRIAGE_REASON |  |
            | FINDING_TRIAGE_REASON_UNKNOWN |  |
            | FINDING_TRIAGE_REASON_DUPLICATE |  |

          format: enum
        relevantSince:
          type: string
          description: The timestamp from which this issue was relevant
          format: date-time
        aggregateState:
          enum:
            - AGGREGATE_ISSUE_STATE_OPEN
            - AGGREGATE_ISSUE_STATE_FIXED
            - AGGREGATE_ISSUE_STATE_REMOVED
            - AGGREGATE_ISSUE_STATE_IGNORED_APP
            - AGGREGATE_ISSUE_STATE_IGNORED_CODE
            - AGGREGATE_ISSUE_STATE_UNKNOWN
            - AGGREGATE_ISSUE_STATE_REVIEWING
            - AGGREGATE_ISSUE_STATE_FIXING
            - AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP
          type: string
          description: >+
            The overall state of the issue, accounting for status (controlled by
            scans), triaging, external events like PR closes, etc. TODO: use the
            `AggregateState` enum instead of raw strings.


            | value | description |

            |-------|---------------|

            | AGGREGATE_ISSUE_STATE_OPEN |  |

            | AGGREGATE_ISSUE_STATE_FIXED |  |

            | AGGREGATE_ISSUE_STATE_REMOVED |  |

            | AGGREGATE_ISSUE_STATE_IGNORED_APP |  |

            | AGGREGATE_ISSUE_STATE_IGNORED_CODE |  |

            | AGGREGATE_ISSUE_STATE_UNKNOWN |  |

            | AGGREGATE_ISSUE_STATE_REVIEWING |  |

            | AGGREGATE_ISSUE_STATE_FIXING |  |

            | AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP |  |

          format: enum
        note:
          type: string
          description: Comment left when triaged
        externalTicket:
          allOf:
            - $ref: '#/components/schemas/protos.ticketing.v1.ExternalTicket'
          description: The external ticket reference
        vulnGroupKey:
          type: string
          description: The key used to group supply chain vulns (deprecated)
        isBlocking:
          type: boolean
          description: True if this issue is a blocking issue.
        autotriage:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.Autotriage'
          description: The autotriage info related to this issue.
        aiTags:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.SensitivityTags'
          description: The autotriage tags associated with this issue
        lineOfCodeUrl:
          type: string
          description: The URL to the specific line of code causing this issue
        codeSnippet:
          type: string
          description: >-
            The code snippet causing this issue. Only available when fetching a
            single issue at a time via the GetIssue RPC. Deprecated in favor of
            `code_snippets` for multi-file support.
        dataflowTrace:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_DataflowTrace'
          description: >-
            A call trace order of code locations leading to the site of the
            issue. Only available when fetching a single issue at a time via the
            GetIssue RPC.
        commitUrl:
          type: string
          description: >-
            The URL of the specific commit which introduced this issue. Only
            available when fetching a single issue at a time via the GetIssue
            RPC.
        activityHistory:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.Issue_ActivityHistoryEvent'
          description: >-
            A chronologically-ordered list of events related to this issue
            (status change, ai tags, triage events). Always populated by the
            GetIssue RPC; populated by ListIssues only when
            ListIssuesRequest.include_activity_history is true.
        relatedIssues:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.Issue_RelatedIssue'
          description: >-
            A list of related issues (with the same match based ID). Only
            available when fetching a single issue at a time via the GetIssue
            RPC.
        remediation:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.Remediation'
          description: |-
            AI remediation info for this issue (guidance and autofix).
             Available in the GetIssue RPC and in list responses when include_remediation is set to true.
        lastSeenScan:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_Scan'
          description: The last scan in which this issue was found
        filePath:
          type: string
          description: The path to the file in which this issue was found.
        line:
          type: integer
          description: The first line number in which this issue was found.
          format: int64
        endLine:
          type: integer
          description: >-
            The end line number in which this issue was found (if the offending
            code spans several lines).
          format: int64
        column:
          type: integer
          description: >-
            The start column number within the line in which this issue was
            found.
          format: int64
        endColumn:
          type: integer
          description: >-
            The end column number within the last line in which this issue was
            found (if applicable).
          format: int64
        severity:
          enum:
            - SEVERITY_HIGH
            - SEVERITY_MEDIUM
            - SEVERITY_LOW
            - SEVERITY_CRITICAL
          type: string
          description: |+
            The severity ("seriousness") of the issue.

            | value | description |
            |-------|---------------|
            | SEVERITY_HIGH |  |
            | SEVERITY_MEDIUM |  |
            | SEVERITY_LOW |  |
            | SEVERITY_CRITICAL |  |

          format: enum
        message:
          type: string
          description: An optional message that helps describe the issue in more detail.
        rulePath:
          type: string
          description: The full path of the rule used to generate this issue.
        confidence:
          enum:
            - CONFIDENCE_HIGH
            - CONFIDENCE_MEDIUM
            - CONFIDENCE_LOW
          type: string
          description: |+
            The confidence in false-positive rate of an issue.

            | value | description |
            |-------|---------------|
            | CONFIDENCE_HIGH |  |
            | CONFIDENCE_MEDIUM |  |
            | CONFIDENCE_LOW |  |

          format: enum
        ruleUrl:
          type: string
          description: The url of the rule used to generate this issue.
        ruleReferences:
          type: array
          items:
            type: string
          description: >-
            A list of external references (URLs) which help describe or provide
            context for the rule used to generate this issue.
        ruleOrigin:
          enum:
            - RULE_ORIGIN_CUSTOM
            - RULE_ORIGIN_COMMUNITY
            - RULE_ORIGIN_PRO_RULES
          type: string
          description: >+
            The origin of the rule (pro rules, semgrep community, or a custom
            rule)


            | value | description |

            |-------|---------------|

            | RULE_ORIGIN_CUSTOM |  |

            | RULE_ORIGIN_COMMUNITY |  |

            | RULE_ORIGIN_PRO_RULES |  |

          format: enum
        ruleHashId:
          type: string
          description: The hash of the associated rule.
        ruleCweNames:
          type: array
          items:
            type: string
          description: The names of the CWEs associated with this issue's rule.
        ruleOwaspNames:
          type: array
          items:
            type: string
          description: The names of the OWASP categories associated with this issue's rule.
        ruleset:
          type: string
          description: The ruleset to which this issue's rule belongs (if applicable).
        policySlug:
          type: string
          description: A slugified version of the associated rule's policy.
        category:
          type: string
          description: The issue's category (or "other" if none).
        ruleSupersededBy:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.SupersededRule'
          description: A list of rules which supersede this issue's rule.
        issueType:
          enum:
            - ISSUE_TYPE_SAST
            - ISSUE_TYPE_SCA
            - ISSUE_TYPE_SECRETS
            - ISSUE_TYPE_RESEARCH
            - ISSUE_TYPE_AI_SAST
          type: string
          description: >+
            The product which owns this issue, e.g. SAST (code), SCA (supply
            chain), etc.


            | value | description |

            |-------|---------------|

            | ISSUE_TYPE_SAST | Detected by Code rules |

            | ISSUE_TYPE_SCA | Detected by Supply Chain rules |

            | ISSUE_TYPE_SECRETS | Detected by Secrets rules |

            | ISSUE_TYPE_RESEARCH | Detected by research rules or scanners |

            | ISSUE_TYPE_AI_SAST | Detected by AI detection code scanning |

          format: enum
        issueParentId:
          type: string
          description: Parent ID of the finding. Present for all types.
        ticketAttempts:
          type: array
          items:
            $ref: '#/components/schemas/protos.ticketing.v1.TicketAttempt'
          description: The failed attempts at ticket creation
        sastAttributes:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_SastAttributes'
          description: Only set for code issues (i.e. if issue_type == `SAST`)
        scaAttributes:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_ScaAttributes'
          description: Only set for supply chain issues (i.e. if issue_type == `SCA`)
        secretsAttributes:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_SecretsAttributes'
          description: Only set for secrets issues (i.e. if issue_type == `SECRETS`)
        subcategories:
          type: array
          items:
            type: string
          description: The issue's subcategories
        refUrl:
          type: string
          description: >-
            The URL of the specific commit which introduced this issue. Only
            available when fetching a single issue at a time via the GetIssue
            RPC.
        codeowners:
          type: array
          items:
            $ref: '#/components/schemas/protos.ai.v1.Codeowner'
        codeSnippets:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.Issue_CodeSnippet'
          description: >-
            The content of files involved in this issue. Only available when
            fetching a single issue at a time via the GetIssue RPC.
        ruleExplanation:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.RuleExplanation'
          description: >-
            AI-generated explanation for true positive autotriage cases. Only
            available when fetching a single issue at a time via the GetIssue
            RPC.
        ruleDisplayName:
          type: string
          description: >-
            The human-readable display name of the rule (e.g., "Hardcoded
            secret"). Only available when fetching a single issue at a time via
            the GetIssue RPC.
        clickToFixPrUrl:
          type: string
          description: >-
            The URL of the Click-to-Fix PR that was opened to fix this issue (if
            any).
             Available in the GetIssue RPC and in list responses that opt into it.
        aiImpact:
          type: string
          description: >-
            AI Detection only: LLM-generated description of the vulnerability's
            impact. Only available when fetching a single issue at a time via
            the GetIssue RPC.
        aiExploitConditions:
          type: array
          items:
            $ref: '#/components/schemas/protos.ai.v1.ExploitCondition'
          description: >-
            AI Detection only: Conditions that must be true for the
            vulnerability to be exploitable. Only available when fetching a
            single issue at a time via the GetIssue RPC.
        clickToFixCommitMsg:
          type: string
          description: >-
            The commit message for the Click-to-Fix PR (if any). Only available
            when fetching a single issue at a time via the GetIssue RPC.
        exceptionRequest:
          allOf:
            - $ref: >-
                #/components/schemas/protos.issues.v1.IssueExceptionRequestSummary
          description: >-
            A summary of the exception request for this issue, shaped for the
            findings
             list UI. Only returned if include_exception_request_info was true in the request.
        clickToFixPrId:
          type: string
          description: |-
            The SCM-agnostic PR identifier for the Click-to-Fix PR (if any).
             Available in the GetIssue RPC and in list responses that opt into it.
             Prefer this over parsing the PR number from click_to_fix_pr_url.
        triagePermission:
          enum:
            - TRIAGE_PERMISSION_IGNORE
            - TRIAGE_PERMISSION_REQUEST
            - TRIAGE_PERMISSION_NONE
          type: string
          description: >+
            The triage permission for this issue: whether a developer may ignore
            it
             themselves, must request an exception, or cannot triage it at all.
             Only defined when the developer approvals feature is enabled.

            | value | description |

            |-------|---------------|

            | TRIAGE_PERMISSION_IGNORE |  |

            | TRIAGE_PERMISSION_REQUEST |  |

            | TRIAGE_PERMISSION_NONE |  |

          format: enum
        isArchived:
          type: boolean
          description: >-
            True if this finding's project is archived (Semgrep-initiated via
            is_semgrep_archived, or SCM-archived).
    protos.issues.v1.ListIssuesResponse_ReviewComment:
      type: object
      properties:
        isInline:
          type: boolean
        threadId:
          type: string
    protos.issues.v1.Issue_Repository:
      type: object
      properties:
        name:
          type: string
          description: Repository name
        id:
          type: string
        type:
          enum:
            - SCM_TYPE_GITHUB
            - SCM_TYPE_GITHUB_ENTERPRISE
            - SCM_TYPE_GITLAB
            - SCM_TYPE_GITLAB_SELFMANAGED
            - SCM_TYPE_BITBUCKET
            - SCM_TYPE_BITBUCKET_DATACENTER
            - SCM_TYPE_AZURE_DEVOPS
            - SCM_TYPE_UNKNOWN
            - SCM_TYPE_HARNESS
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | SCM_TYPE_GITHUB | GitHub Cloud |
            | SCM_TYPE_GITHUB_ENTERPRISE | GitHub Enterprise |
            | SCM_TYPE_GITLAB | GitLab Cloud |
            | SCM_TYPE_GITLAB_SELFMANAGED | GitLab Self-Managed |
            | SCM_TYPE_BITBUCKET | Bitbucket Cloud |
            | SCM_TYPE_BITBUCKET_DATACENTER | Bitbucket Data Center |
            | SCM_TYPE_AZURE_DEVOPS | Azure DevOps |
            | SCM_TYPE_UNKNOWN |  |
            | SCM_TYPE_HARNESS | Harness |

          format: enum
        primaryRef:
          $ref: '#/components/schemas/protos.issues.v1.Issue_PrimaryRefItem'
    protos.issues.v1.Issue_Scan:
      type: object
      properties:
        id:
          type: string
        meta:
          type: object
    protos.ticketing.v1.ExternalTicket:
      type: object
      properties:
        url:
          type: string
          description: URL of the external ticket.
        externalSlug:
          type: string
          description: >-
            Identifier of the external ticket (e.g. for Jira, something like
            OPS-158).
        id:
          type: string
          description: Nango ticket id
        linkedIssueIds:
          type: array
          items:
            type: string
          description: Semgrep issue ids that are linked to this external ticket
    protos.ai.v1.Autotriage:
      type: object
      properties:
        id:
          type: string
        issueId:
          type: string
        verdict:
          enum:
            - VERDICT_TRUE_POSITIVE
            - VERDICT_FALSE_POSITIVE
            - VERDICT_NO_VERDICT
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | VERDICT_TRUE_POSITIVE |  |
            | VERDICT_FALSE_POSITIVE |  |
            | VERDICT_NO_VERDICT |  |

          format: enum
        reason:
          type: string
          description: >-
            The reasoning for a false positive verdict, explaining why you might
            want to ignore the finding. Empty string if verdict is true
            positive.
        feedback:
          $ref: '#/components/schemas/protos.ai.v1.AutotriageFeedback'
        matchBasedId:
          type: string
        memoryIdsReferenced:
          type: array
          items:
            type: string
        memoryIdsRendered:
          type: array
          items:
            type: string
    protos.ai.v1.SensitivityTags:
      type: object
      properties:
        id:
          type: string
          description: The database id of the sensitivity tags
        path:
          type: string
          description: The path of the file
        tags:
          type: string
          description: |-
            The tag that is associated with the file
             The tags are defined in SensitivityTag
        sensitivity:
          enum:
            - SENSITIVITY_HIGH_SENSITIVITY
            - SENSITIVITY_LOW_SENSITIVITY
            - SENSITIVITY_NEUTRAL_SENSITIVITY
          type: string
          description: |+
            The sensitivity of the given tag
             Sensitivities are defined in HighSensitivityTag and LowSensitivityTag

            | value | description |
            |-------|---------------|
            | SENSITIVITY_HIGH_SENSITIVITY |  |
            | SENSITIVITY_LOW_SENSITIVITY |  |
            | SENSITIVITY_NEUTRAL_SENSITIVITY |  |

          format: enum
    protos.issues.v1.Issue_DataflowTrace:
      type: object
      properties:
        taintSource:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Location'
        intermediateVars:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Location'
        taintSink:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Location'
    protos.issues.v1.Issue_ActivityHistoryEvent:
      type: object
      properties:
        date:
          type: string
          format: date-time
        title:
          type: string
        triageReason:
          type: string
        note:
          type: string
        actor:
          type: string
        historyType:
          enum:
            - HISTORY_TYPE_STATUS
            - HISTORY_TYPE_TRIAGE
            - HISTORY_TYPE_AUTOTRIAGE
            - HISTORY_TYPE_AUTOTRIAGE_FEEDBACK
            - HISTORY_TYPE_AI_TAG
            - HISTORY_TYPE_ANALYSIS_STARTED
            - HISTORY_TYPE_REVIEW_COMMENT_SILENCED
            - HISTORY_TYPE_TICKET_CREATED
            - HISTORY_TYPE_TICKET_ATTEMPTED
            - HISTORY_TYPE_GUIDANCE_REGENERATION
            - HISTORY_TYPE_SCM_MENTION
            - HISTORY_TYPE_CLICK_TO_FIX_PR_REQUESTED
            - HISTORY_TYPE_CLICK_TO_FIX_PR_OPENED
            - HISTORY_TYPE_CLICK_TO_FIX_PR_FAILED
            - HISTORY_TYPE_CLICK_TO_FIX_PR_MERGED
            - HISTORY_TYPE_EXCEPTION_REQUEST_CREATED
            - HISTORY_TYPE_EXCEPTION_REQUEST_APPROVED
            - HISTORY_TYPE_EXCEPTION_REQUEST_REJECTED
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | HISTORY_TYPE_STATUS |  |
            | HISTORY_TYPE_TRIAGE |  |
            | HISTORY_TYPE_AUTOTRIAGE |  |
            | HISTORY_TYPE_AUTOTRIAGE_FEEDBACK |  |
            | HISTORY_TYPE_AI_TAG |  |
            | HISTORY_TYPE_ANALYSIS_STARTED |  |
            | HISTORY_TYPE_REVIEW_COMMENT_SILENCED |  |
            | HISTORY_TYPE_TICKET_CREATED |  |
            | HISTORY_TYPE_TICKET_ATTEMPTED |  |
            | HISTORY_TYPE_GUIDANCE_REGENERATION |  |
            | HISTORY_TYPE_SCM_MENTION |  |
            | HISTORY_TYPE_CLICK_TO_FIX_PR_REQUESTED |  |
            | HISTORY_TYPE_CLICK_TO_FIX_PR_OPENED |  |
            | HISTORY_TYPE_CLICK_TO_FIX_PR_FAILED |  |
            | HISTORY_TYPE_CLICK_TO_FIX_PR_MERGED |  |
            | HISTORY_TYPE_EXCEPTION_REQUEST_CREATED |  |
            | HISTORY_TYPE_EXCEPTION_REQUEST_APPROVED |  |
            | HISTORY_TYPE_EXCEPTION_REQUEST_REJECTED |  |

          format: enum
        exceptionRequestDetails:
          $ref: >-
            #/components/schemas/protos.issues.v1.ActivityHistoryEvent_ExceptionRequestDetails
    protos.issues.v1.Issue_RelatedIssue:
      type: object
      properties:
        id:
          type: string
        ref:
          type: string
        pullRequestId:
          type: string
        aggregateState:
          enum:
            - AGGREGATE_ISSUE_STATE_OPEN
            - AGGREGATE_ISSUE_STATE_FIXED
            - AGGREGATE_ISSUE_STATE_REMOVED
            - AGGREGATE_ISSUE_STATE_IGNORED_APP
            - AGGREGATE_ISSUE_STATE_IGNORED_CODE
            - AGGREGATE_ISSUE_STATE_UNKNOWN
            - AGGREGATE_ISSUE_STATE_REVIEWING
            - AGGREGATE_ISSUE_STATE_FIXING
            - AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | AGGREGATE_ISSUE_STATE_OPEN |  |
            | AGGREGATE_ISSUE_STATE_FIXED |  |
            | AGGREGATE_ISSUE_STATE_REMOVED |  |
            | AGGREGATE_ISSUE_STATE_IGNORED_APP |  |
            | AGGREGATE_ISSUE_STATE_IGNORED_CODE |  |
            | AGGREGATE_ISSUE_STATE_UNKNOWN |  |
            | AGGREGATE_ISSUE_STATE_REVIEWING |  |
            | AGGREGATE_ISSUE_STATE_FIXING |  |
            | AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP |  |

          format: enum
        createdAt:
          type: string
          format: date-time
    protos.ai.v1.Remediation:
      type: object
      properties:
        issueId:
          type: string
          description: The issue id that the remediation is for
        matchBasedId:
          type: string
          description: The match based id of the issue that remediation is for
        autofix:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.Autofix'
          description: The autofix to fix the issue
        guidance:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.Guidance'
          description: The guidance to fix the issue
    protos.issues.v1.SupersededRule:
      type: object
      properties:
        product:
          enum:
            - RULE_TYPE_SAST
            - RULE_TYPE_SCA
            - RULE_TYPE_SECRETS
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | RULE_TYPE_SAST |  |
            | RULE_TYPE_SCA |  |
            | RULE_TYPE_SECRETS |  |

          format: enum
        rulePath:
          type: string
      description: This represents the information of a rule which may supersede another.
    protos.ticketing.v1.TicketAttempt:
      type: object
      properties:
        attemptedAt:
          type: string
          description: Date that the ticket was last attempted
          format: date-time
        responseMessage:
          type: string
          description: The (error) message returned when the attempt was made
    protos.issues.v1.Issue_SastAttributes:
      type: object
      properties: {}
      description: Groups the fields of Issue that are specific to the SAST product
    protos.issues.v1.Issue_ScaAttributes:
      type: object
      properties:
        severity:
          enum:
            - SEVERITY_HIGH
            - SEVERITY_MEDIUM
            - SEVERITY_LOW
            - SEVERITY_CRITICAL
          type: string
          description: >+
            Severity of the SCA issue (TODO: reconcile this with the
            Issue.severity field, which *should* agree but doesn't necessarily
            agree yet)


            | value | description |

            |-------|---------------|

            | SEVERITY_HIGH |  |

            | SEVERITY_MEDIUM |  |

            | SEVERITY_LOW |  |

            | SEVERITY_CRITICAL |  |

          format: enum
        vulnDatabaseIdentifier:
          type: string
          description: ID of the CVE or GHSA from upon which this SCA issue's rule is based
        reachability:
          enum:
            - REACHABILITY_CONDITIONALLY_REACHABLE
            - REACHABILITY_ALWAYS_REACHABLE
            - REACHABILITY_REACHABLE
            - REACHABILITY_UNREACHABLE
            - REACHABILITY_UNKNOWN
          type: string
          description: >+
            SCA issue's reachability (whether the issue is reachable from the
            client's code and, if so, how)


            | value | description |

            |-------|---------------|

            | REACHABILITY_CONDITIONALLY_REACHABLE |  |

            | REACHABILITY_ALWAYS_REACHABLE |  |

            | REACHABILITY_REACHABLE |  |

            | REACHABILITY_UNREACHABLE |  |

            | REACHABILITY_UNKNOWN |  |

          format: enum
        reachableCondition:
          type: string
          description: >-
            For SCA issues which are conditionally reachable, this will store a
            human-readable description of the condition.
        cwes:
          type: array
          items:
            type: string
          description: >-
            Stands for "common weakness enumeration": a taxonomy for identifying
            the common sources of software flaws (e.g., buffer overflows,
            failure to check input data)
        foundDependency:
          allOf:
            - $ref: >-
                #/components/schemas/protos.issues.v1.ScaAttributes_FoundDependency
          description: The dependency in which this SCA issue was found.
        fixRecommendations:
          type: array
          items:
            $ref: >-
              #/components/schemas/protos.issues.v1.ScaAttributes_FixRecommendation
          description: >-
            A list of Semgrep's dependency upgrade recommendations which would
            addressing the SCA issue's underlying rule.
        bestFix:
          allOf:
            - $ref: >-
                #/components/schemas/protos.issues.v1.ScaAttributes_FixRecommendation
          description: One of the `fix_recommendations` that we have identified as best
        epssScore:
          allOf:
            - $ref: '#/components/schemas/protos.sca.v1.EpssScore'
          description: >-
            the exploit prediction score associated with the issue's
            corresponding CVE calculated by https://www.first.org/epss/ (only
            present if the issue is associated with a CVE)
        rulePublishDate:
          type: string
          description: the date the associated rule was published
          format: date-time
        scaRuleKind:
          enum:
            - SCA_RULE_KIND_REACHABLE
            - SCA_RULE_KIND_UPGRADE_ONLY
            - SCA_RULE_KIND_MALICIOUS_DEPENDENCY
            - SCA_RULE_KIND_LEGACY
          type: string
          description: >+
            SCA issue's kind (malicious, reachable, upgrade-only, etc.). Note
            that this repeats some information that is included in
            `reachability` and `transitivity`.
             TODO: consolidate with `reachability` and `transitivity` when we roll out TR for everyone.

            | value | description |

            |-------|---------------|

            | SCA_RULE_KIND_REACHABLE |  |

            | SCA_RULE_KIND_UPGRADE_ONLY |  |

            | SCA_RULE_KIND_MALICIOUS_DEPENDENCY |  |

            | SCA_RULE_KIND_LEGACY |  |

          format: enum
        scaMatchInfo:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.ScaAttributes_ScaMatchInfo'
          description: The new sca_match_kind, used for transitive reachability.
        introducedBy:
          type: array
          items:
            $ref: >-
              #/components/schemas/protos.issues.v1.ScaAttributes_IntroducingDependency
          description: >-
            The distinct direct dependencies that introduced this transitive
            dependency.
             Empty for direct dependencies (not applicable).
      description: Groups the fields of Issue that are specific to the SCA product
    protos.issues.v1.Issue_SecretsAttributes:
      type: object
      properties:
        validationState:
          enum:
            - VALIDATION_STATE_CONFIRMED_VALID
            - VALIDATION_STATE_CONFIRMED_INVALID
            - VALIDATION_STATE_VALIDATION_ERROR
            - VALIDATION_STATE_NO_VALIDATOR
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | VALIDATION_STATE_CONFIRMED_VALID |  |
            | VALIDATION_STATE_CONFIRMED_INVALID |  |
            | VALIDATION_STATE_VALIDATION_ERROR |  |
            | VALIDATION_STATE_NO_VALIDATOR |  |

          format: enum
        secretType:
          type: string
        historicalInfo:
          $ref: '#/components/schemas/protos.secrets.v1.HistoricalInfo'
      description: Groups the fields of Issue that are specific to the Secrets product
    protos.ai.v1.Codeowner:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        isTeam:
          type: boolean
        members:
          type: array
          items:
            $ref: '#/components/schemas/protos.ai.v1.Codeowner'
    protos.issues.v1.Issue_CodeSnippet:
      type: object
      properties:
        path:
          type: string
        content:
          type: string
    protos.ai.v1.RuleExplanation:
      type: object
      properties:
        id:
          type: string
          description: The database id of the rule explanation
        summary:
          type: string
          description: A concise summary of the rule explanation
        explanation:
          type: string
          description: The full detailed explanation of why this rule flagged the code
      description: >-
        RuleExplanation contains AI-generated explanations for why a rule
        flagged specific code
    protos.ai.v1.ExploitCondition:
      type: object
      properties:
        description:
          type: string
          description: Plain english description of the step
        confirmed:
          type: boolean
          description: Whether the LLM was able to confirm this condition is met
      description: >-
        One step in a list of conditions that must be true to exploit a
        vulnerability
    protos.issues.v1.IssueExceptionRequestSummary:
      type: object
      properties:
        exceptionState:
          enum:
            - FINDING_EXCEPTION_REQUEST_STATE_REQUESTED
            - FINDING_EXCEPTION_REQUEST_STATE_APPROVED
            - FINDING_EXCEPTION_REQUEST_STATE_REJECTED
          type: string
          description: |+
            Current state of the exception request.

            | value | description |
            |-------|---------------|
            | FINDING_EXCEPTION_REQUEST_STATE_REQUESTED |  |
            | FINDING_EXCEPTION_REQUEST_STATE_APPROVED |  |
            | FINDING_EXCEPTION_REQUEST_STATE_REJECTED |  |

          format: enum
        requesterLogin:
          type: string
          description: >-
            Login of the user who submitted the request. Absent if created
            programmatically.
        requesterNote:
          type: string
          description: Note provided by the requester.
        requesterTriageReason:
          enum:
            - FINDING_TRIAGE_REASON_FALSE_POSITIVE
            - FINDING_TRIAGE_REASON_NO_TIME
            - FINDING_TRIAGE_REASON_ACCEPTABLE_RISK
            - FINDING_TRIAGE_REASON_NO_TRIAGE_REASON
            - FINDING_TRIAGE_REASON_UNKNOWN
            - FINDING_TRIAGE_REASON_DUPLICATE
          type: string
          description: |+
            Triage reason provided by the requester.

            | value | description |
            |-------|---------------|
            | FINDING_TRIAGE_REASON_FALSE_POSITIVE |  |
            | FINDING_TRIAGE_REASON_NO_TIME |  |
            | FINDING_TRIAGE_REASON_ACCEPTABLE_RISK |  |
            | FINDING_TRIAGE_REASON_NO_TRIAGE_REASON |  |
            | FINDING_TRIAGE_REASON_UNKNOWN |  |
            | FINDING_TRIAGE_REASON_DUPLICATE |  |

          format: enum
        requesterActionSource:
          enum:
            - FINDING_EXCEPTION_REQUEST_SOURCE_SCM_COMMENT
            - FINDING_EXCEPTION_REQUEST_SOURCE_SEMGREP_APPSEC_PLATFORM
            - FINDING_EXCEPTION_REQUEST_SOURCE_API
          type: string
          description: |+
            Source system that originated the request.

            | value | description |
            |-------|---------------|
            | FINDING_EXCEPTION_REQUEST_SOURCE_SCM_COMMENT |  |
            | FINDING_EXCEPTION_REQUEST_SOURCE_SEMGREP_APPSEC_PLATFORM |  |
            | FINDING_EXCEPTION_REQUEST_SOURCE_API |  |

          format: enum
        reviewerLogin:
          type: string
          description: >-
            Login of the reviewer. Only populated when exception_state is
            APPROVED or REJECTED.
        requestId:
          type: string
          description: Unique identifier for this exception request.
        reviewId:
          type: string
          description: Unique identifier for this exception review.
        issueId:
          type: string
          description: ID of the issue this exception request applies to.
        createdAt:
          type: string
          description: The timestamp when the exception request was created.
          format: date-time
        reviewedAt:
          type: string
          description: When the exception request was last reviewed.
          format: date-time
      description: |-
        A summary of the exception request state for a finding, shaped for the
         findings list UI. Only returned when include_exception_request_info is true.
    protos.issues.v1.Issue_PrimaryRefItem:
      type: object
      properties:
        id:
          type: string
        ref:
          type: string
    protos.ai.v1.AutotriageFeedback:
      type: object
      properties:
        autotriageId:
          type: string
        rating:
          enum:
            - RATING_GOOD
            - RATING_BAD
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | RATING_GOOD | Autotriage rated positively by a user. |
            | RATING_BAD | Autotriage rated negatively by a user. |

          format: enum
        note:
          type: string
    protos.issues.v1.DataflowTrace_Location:
      type: object
      properties:
        path:
          type: string
        start:
          $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Position'
        end:
          $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Position'
        locationUrl:
          type: string
    protos.issues.v1.ActivityHistoryEvent_ExceptionRequestDetails:
      type: object
      properties:
        actionSource:
          enum:
            - FINDING_EXCEPTION_REQUEST_SOURCE_SCM_COMMENT
            - FINDING_EXCEPTION_REQUEST_SOURCE_SEMGREP_APPSEC_PLATFORM
            - FINDING_EXCEPTION_REQUEST_SOURCE_API
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | FINDING_EXCEPTION_REQUEST_SOURCE_SCM_COMMENT |  |
            | FINDING_EXCEPTION_REQUEST_SOURCE_SEMGREP_APPSEC_PLATFORM |  |
            | FINDING_EXCEPTION_REQUEST_SOURCE_API |  |

          format: enum
    protos.ai.v1.Autofix:
      type: object
      properties:
        id:
          type: string
          description: The database id of the autofix
        fixCode:
          type: string
          description: |-
            The code to fix the issue
             This is the entire code block that is already fixed
        fixDiff:
          type: string
          description: |-
            The diff to fix the issue
             This is the diff to apply to the vulnerable code to fix the issue
        explanation:
          type: string
          description: |-
            The explanation of the autofix
             The model may explain additional context about the autofix that it is unable to
             Fix inside the limitations of a single diff, e.g. changes in another file or
             environment variables
        url:
          type: string
          description: The url to the autofix pr/mr comment
    protos.ai.v1.Guidance:
      type: object
      properties:
        id:
          type: string
          description: The database id of the guidance
        summary:
          type: string
          description: The summary of the guidance_text
        guidanceText:
          type: string
          description: The step by step instructions on how to fix the issue
        memoryIdsUsed:
          type: array
          items:
            type: string
          description: The IDs of memories that were used to generate this guidance
    protos.issues.v1.ScaAttributes_FoundDependency:
      type: object
      properties:
        package:
          type: string
          description: Name of the dependency's package
        version:
          type: string
          description: The Version of the dependency
        transitivity:
          enum:
            - UNKNOWN_TRANSITIVITY
            - TRANSITIVE
            - DIRECT
          type: string
          description: >+
            The transitivity (whether or not a dependency is directly imported
            into a project) of the dependency


            | value | description |

            |-------|---------------|

            | UNKNOWN_TRANSITIVITY |  |

            | TRANSITIVE |  |

            | DIRECT |  |

          format: enum
        lockfileLineUrl:
          type: string
          description: >-
            The URL (on the SCM) to the line in the lockfile at which the
            dependency is defined (might not exist if the dependency was
            surfaced in a non SCM context)
        filePath:
          type: string
          description: >-
            The relative path (from the project root) to the lockfile in which
            the dependency is defined
        ecosystem:
          enum:
            - no_package_manager
            - npm
            - pypi
            - gomod
            - cargo
            - maven
            - gem
            - composer
            - nuget
            - pub
            - swiftpm
            - hex
            - cocoapods
            - mix
            - opam
          type: string
          description: >+
            Package ecosystem (enum defined in sca/vi/sca.proto) to which the
            dependency belongs


            | value | description |

            |-------|---------------|

            | no_package_manager |  |

            | npm |  |

            | pypi |  |

            | gomod |  |

            | cargo |  |

            | maven |  |

            | gem |  |

            | composer |  |

            | nuget |  |

            | pub |  |

            | swiftpm |  |

            | hex |  |

            | cocoapods |  |

            | mix |  |

            | opam |  |

          format: enum
        manifestFilePath:
          type: string
          description: >-
            The relative path (from the project root) to the manifest file which
            defines the subproject which the dependency is part of
    protos.issues.v1.ScaAttributes_FixRecommendation:
      type: object
      properties:
        package:
          type: string
        version:
          type: string
    protos.sca.v1.EpssScore:
      type: object
      properties:
        score:
          type: number
          format: float
        percentile:
          type: number
          format: float
        updatedAt:
          type: string
          format: date-time
        categorization:
          enum:
            - EPSS_PROBABILITY_LOW
            - EPSS_PROBABILITY_MEDIUM
            - EPSS_PROBABILITY_HIGH
            - EPSS_PROBABILITY_NONE
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | EPSS_PROBABILITY_LOW |  |
            | EPSS_PROBABILITY_MEDIUM |  |
            | EPSS_PROBABILITY_HIGH |  |
            | EPSS_PROBABILITY_NONE |  |

          format: enum
      description: >-
        Represents a single "Exploit Prediction Scoring System" score
        (https://www.first.org/epss/)
    protos.issues.v1.ScaAttributes_ScaMatchInfo:
      type: object
      properties:
        matchKind:
          enum:
            - SCA_MATCH_KIND_LOCKFILE_ONLY
            - SCA_MATCH_KIND_DIRECT_REACHABLE
            - SCA_MATCH_KIND_DIRECT_UNREACHABLE
            - SCA_MATCH_KIND_TRANSITIVE_REACHABLE
            - SCA_MATCH_KIND_TRANSITIVE_UNREACHABLE
            - SCA_MATCH_KIND_TRANSITIVE_UNDETERMINED
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | SCA_MATCH_KIND_LOCKFILE_ONLY |  |
            | SCA_MATCH_KIND_DIRECT_REACHABLE |  |
            | SCA_MATCH_KIND_DIRECT_UNREACHABLE |  |
            | SCA_MATCH_KIND_TRANSITIVE_REACHABLE |  |
            | SCA_MATCH_KIND_TRANSITIVE_UNREACHABLE |  |
            | SCA_MATCH_KIND_TRANSITIVE_UNDETERMINED |  |

          format: enum
        analyzedPackages:
          type: array
          items:
            $ref: >-
              #/components/schemas/protos.issues.v1.ScaAttributes_FoundDependency
        transitiveMatches:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.ScaMatchInfo_TransitiveMatch'
    protos.issues.v1.ScaAttributes_IntroducingDependency:
      type: object
      properties:
        package:
          type: string
        version:
          type: string
      description: >-
        A direct dependency that pulls in a transitive dependency, making it
        part of the dependency tree.
    protos.secrets.v1.HistoricalInfo:
      type: object
      properties:
        gitCommit:
          type: string
          description: >-
            Git commit at which the finding is present. Used by "historical"
            scans,
             which scan non-HEAD commits in the git history. Relevant for finding, e.g.,
             secrets which are buried in the git history which we wouldn't find at HEAD
        gitCommitTimestamp:
          type: string
          format: date-time
        gitBlob:
          type: string
          description: >-
            Git blob at which the finding is present. Sent in addition to the
            commit
             since some SCMs have permalinks which use the blob sha, so this information
             is useful when generating links back to the SCM.
    protos.issues.v1.DataflowTrace_Position:
      type: object
      properties:
        line:
          type: string
        col:
          type: string
        offset:
          type: string
    protos.issues.v1.ScaMatchInfo_TransitiveMatch:
      type: object
      properties:
        dependency:
          $ref: '#/components/schemas/protos.issues.v1.ScaAttributes_FoundDependency'
        path:
          type: string
        line:
          type: string
  securitySchemes:
    SemgrepWebToken:
      type: http
      description: >-
        Get access to data with your API token. Example header:


        `Authorization: Bearer
        2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628`


        The token can be provisioned from the Tokens section in your Settings,
        and requires explicitly enabling `Web API` access.
      scheme: bearer
      bearerFormat: string
    SemgrepJWT:
      type: http
      description: Get access to data with your user's JSON Web Token.
      scheme: bearer
      bearerFormat: string

````