> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Report Findings

>  



## OpenAPI

````yaml /public_v2.openapi.yaml post /api/reporting/{deploymentId}/findings
openapi: 3.0.3
info:
  title: Semgrep API
  description: >-
    The API v2 is currently a work in progress as we expand and improve our
    platform capabilities. There are no current plans to deprecate the [v1
    API](/api/v1/docs) – we remain committed to supporting existing integrations
    and will ensure that all v1 use cases are fully supported in v2 before any
    deprecation occurs.

    ## API Maturity Levels


    Each endpoint in the v2 API is marked with a maturity badge to help you
    understand its current state:


    🚧 **Experimental** - Use at your own risk. This endpoint was not originally
    designed for third-party use or is under active development. Expect
    significant breaking changes.


    ⚠️ **Beta** - This endpoint is being refined. We will communicate breaking
    changes to Beta partners as we tweak the implementation.


    ✅ **Stable** - No breaking changes will be made to this API. You can
    confidently build production integrations against these endpoints.


    We recommend using Stable endpoints for production applications and treating
    Experimental/Beta endpoints as previews of upcoming functionality. This API
    is documented in the **OpenAPI format**.


    # Authentication


    The API supports authentication with an API token with the "Web API"
    permission, without limited scopes of access.


    You can provision an API token [from the Settings
    page](https://semgrep.dev/orgs/-/settings/tokens).


    # Terms of Use


    Please note, the materials made available herein are subject to the [Semgrep
    Terms of Use](https://semgrep.dev/resources/website-terms/), and your access
    or use of any of the same is your acknowledgment and acceptance of the such
    terms.


    <br>


    ___
  contact:
    email: support@semgrep.com
  version: v2.0.0.alpha
  x-logo:
    url: https://semgrep.dev/images/SemgrepLogoWithTextWithMargin.svg
    backgroundColor: '#fafafa'
    altText: Semgrep logo
servers: []
security: []
tags:
  - name: AiFixJobsService
    description: Manage AI fix jobs for automated security fixes
    x-displayName: AI Fix Jobs
    x-group: AI Fix Jobs
  - name: AiTasksService
    description: Manage AI tasks, such as triage, auto-triage, and issue tagging backfill
    x-displayName: Ai Tasks
    x-group: Ai Tasks
  - name: AutofixService
    description: Trigger automated fixes for SAST, AI SAST, and SCA issues.
    x-displayName: Autofix
    x-group: Autofix
  - name: AutomationsService
    description: >-
      Automations are a way to automatically take actions on findings based on
      certain conditions.
    x-displayName: Automations
    x-group: Automations
  - name: AutotriageFeedbackService
    description: Feedback for the quality of autotriage, guidance or autofix
    x-displayName: Autotriage Feedback
    x-group: Autotriage Feedback
  - name: ChecklistService
    description: Manage onboarding checklist
    x-displayName: Onboarding Checklist
    x-group: Onboarding Checklist
  - name: DeploymentProductsService
    description: Manage deployment product configurations.
    x-displayName: Deployment Products
    x-group: Deployment Products
  - name: DeploymentService
    description: Manage deployment and its resources.
    x-displayName: Deployment
    x-group: Deployment
  - name: DeploymentSsoProvidersService
    description: Manage Deployment SSO Providers
    x-displayName: Deployment SSO Providers
    x-group: Deployment SSO Providers
  - name: DeploymentTagService
    description: Assign tags to a deployment.
    x-displayName: Deployment Tags
    x-group: Deployment Tags
  - name: DeploymentsService
    description: >-
      Deployments encapsulate your organization's security organization, with
      multiple projects, policies, and integrations. As the root object of the
      organization, they're similarly the root object of the API.
    x-displayName: Deployments
    x-group: Deployments
  - name: EditorService
    description: Run Semgrep patterns against target code in the editor playground
    x-displayName: Editor
    x-group: Editor
  - name: ExternalTicketingService
    description: APIs that power the External Ticketing experience.
    x-displayName: External Ticketing
    x-group: External Ticketing
  - name: FeatureRolloutsService
    description: View feature flags rolled out to all deployments
    x-displayName: Feature Rollouts
    x-group: Feature Rollouts
  - name: IgnoresService
    description: >-
      API for managing global ignores. See
      https://semgrep.dev/docs/ignoring-files-folders-code
    x-displayName: Global Ignores
    x-group: Global Ignores
  - name: InfrastructureConfigurationsService
    description: Infrastructure configuration information.
    x-displayName: Infrastructure Configurations
    x-group: Infrastructure Configurations
  - name: IssuesService
    description: Manage findings found by Semgrep scans
    x-displayName: Issues
    x-group: Issues
  - name: ManagedScanSettingsService
    description: Settings that affect all of a deployment's managed scans
    x-displayName: Managed Scan Settings
    x-group: Managed Scan Settings
  - name: MemoriesService
    description: Memories help reduce noise from findings.
    x-displayName: Memories
    x-group: Memories
  - name: MiscService
    description: Miscellaneous endpoints
    x-displayName: Misc
    x-group: Misc
  - name: NotificationRulesService
    description: Setup rules to get notified about new findings
    x-displayName: Notification Rules
    x-group: Notification Rules
  - name: NotificationWebhooksService
    description: Manage webhook endpoints for deployment notifications.
    x-displayName: Notification Webhooks
    x-group: Notification Webhooks
  - name: NotificationsService
    description: Notifications show in-app toasts to users.
    x-displayName: Notifications
    x-group: Notifications
  - name: PoliciesService
    description: >-
      View and manage the Policies of your organization.


      Deployments on the Unified Policies model use the [Policies V2
      API](/api/v2/docs/#tag/PoliciesV2Service) instead; this service stops
      working after the migration.
    x-displayName: Policies
    x-group: Policies
  - name: PoliciesV2Service
    description: >-
      Declarative management of detection and remediation policies for
      deployments on the Unified Policies model. Designed for GitOps-style
      reconciliation: read the current bundle, edit it, preview the diff with a
      dry run, then apply it strictly with optimistic concurrency control.
    x-displayName: Policies V2
    x-group: Policies V2
  - name: ProjectManagedScanSettingsService
    description: Settings that affect a specific project's managed scans
    x-displayName: Projects – Managed Scan Settings
    x-group: Projects – Managed Scan Settings
  - name: ProjectsService
    description: >-
      Projects are groups of files that are scanned by Semgrep. These normally
      correspond to repositories.
    x-displayName: Projects
    x-group: Projects
  - name: ReportsService
    description: APIs for Reporting Dashboards
    x-displayName: Reporting
    x-group: Reporting
  - name: ReviewCommentProductContentService
    description: >-
      Review comment product content is a way to add additional per-product
      information to a review comment.
    x-displayName: Review Comment Product Content
    x-group: Review Comment Product Content
  - name: RuleboardService
    description: >-
      The [Policies API](/api/v2/docs/#tag/PoliciesService) is *strongly*
      recommended. It is also newer than this Ruleboard service. Deployments on
      the Unified Policies model use the [Policies V2
      API](/api/v2/docs/#tag/PoliciesV2Service) instead; this service stops
      working after the migration.


      Manage Ruleboards (sets of policies).
    x-displayName: Ruleboards
    x-group: Ruleboards
  - name: ScansService
    description: View details of scans associated with projects in your organization.
    x-displayName: Scans
    x-group: Scans
  - name: ScmAppsService
    description: >-
      Manage connections to source code management systems (Github, Gitlab,
      etc.)
    x-displayName: Source Code Management (SCM) App
    x-group: Source Code Management (SCM) App
  - name: ScmService
    description: >-
      Manage connections to source code management systems (Github, Gitlab,
      etc.)
    x-displayName: Source Code Management (SCM) Configs
    x-group: Source Code Management (SCM) Configs
  - name: ScmSubscriptionsService
    description: Manage SCM Webhook Subscriptions
    x-displayName: Source Code Management (SCM) Webhooks
    x-group: Source Code Management (SCM) Webhooks
  - name: SlackService
  - name: SmsPackageManagerConfigService
    description: >-
      Manage authentication configurations for package managers used in Supply
      Chain Analysis (SCA) scans.
    x-displayName: Supply Chain - SMS Package Manager Configurations
    x-group: Supply Chain - SMS Package Manager Configurations
  - name: SmsScaResolutionConfigService
    description: >-
      Retrieve custom dependency resolution configurations for lockfileless
      scans.
    x-displayName: Supply Chain - SMS SCA Resolution Configurations
    x-group: Supply Chain - SMS SCA Resolution Configurations
  - name: SupplyChain2Service
    description: >-
      The Supply Chain is all of the dependencies of code, rather than the code
      itself. This service gives information about the supply chain.
    x-displayName: Supply Chain
    x-group: Supply Chain
  - name: SupportService
    description: Create and List Support Cases
    x-displayName: Support Service
    x-group: Support Service
  - name: SurveysService
    description: Retrieve and submit company surveys
    x-displayName: Surveys
    x-group: Surveys
  - name: TasksService
    description: >-
      Many tasks are done asynchronously; this service deals with managing async
      tasks.
    x-displayName: Tasks
    x-group: Tasks
  - name: TeamsService
    description: >-
      Teams are used to manage access control for resources within a deployment.
      For more information visit https://semgrep.dev/docs/deployment/teams.
    x-displayName: Teams
    x-group: Teams
  - name: TokenService
    description: >-
      Tokens are used for programmatic access to the Semgrep Cloud Platform
      APIs.
    x-displayName: Tokens
    x-group: Tokens
  - name: UsersService
    description: Manage user accounts, settings, and organization memberships
    x-displayName: Users Auth Service
    x-group: Users Auth Service
  - name: VersionsService
    description: Semgrep version information
    x-displayName: Versions
    x-group: Versions
  - name: WizCredentialService
    description: Manage Wiz credentials
    x-displayName: Wiz Credentials
    x-group: Wiz Credentials
paths:
  /api/reporting/{deploymentId}/findings:
    post:
      tags:
        - ReportsService
      summary: Get Report Findings
      description: ' '
      operationId: ReportsService_GetReportFindings
      parameters:
        - name: deploymentId
          in: path
          required: true
          schema:
            example: '1234'
            title: Deployment ID
            type: string
            description: >-
              The unique numerical identifier of the deployment associated with
              the report. 
            format: int64
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/protos.reporting.v1.GetReportFindingsRequest
        required: true
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/protos.reporting.v1.GetReportFindingsResponse
      security:
        - SemgrepWebToken: []
        - SemgrepJWT: []
components:
  schemas:
    protos.reporting.v1.GetReportFindingsRequest:
      type: object
      properties:
        reportType:
          enum:
            - REPORT_TYPE_TOTAL_OPEN
            - REPORT_TYPE_TOTAL_FIXED
            - REPORT_TYPE_TOTAL_IGNORED
            - REPORT_TYPE_TOTAL_PROVISIONALLY_IGNORED
            - REPORT_TYPE_OPEN_BACKLOG
            - REPORT_TYPE_BACKLOG_ACTIVITY
            - REPORT_TYPE_PROJECT
            - REPORT_TYPE_GUARDRAILS_ACTIVITY
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | REPORT_TYPE_TOTAL_OPEN |  |
            | REPORT_TYPE_TOTAL_FIXED |  |
            | REPORT_TYPE_TOTAL_IGNORED |  |
            | REPORT_TYPE_TOTAL_PROVISIONALLY_IGNORED |  |
            | REPORT_TYPE_OPEN_BACKLOG |  |
            | REPORT_TYPE_BACKLOG_ACTIVITY |  |
            | REPORT_TYPE_PROJECT |  |
            | REPORT_TYPE_GUARDRAILS_ACTIVITY |  |

          format: enum
        filters:
          $ref: '#/components/schemas/protos.reporting.v1.ReportFilters'
        cursor:
          type: string
        limit:
          type: integer
          format: int64
        bucketStart:
          type: string
          format: date-time
        findingState:
          enum:
            - AGGREGATE_ISSUE_STATE_OPEN
            - AGGREGATE_ISSUE_STATE_FIXED
            - AGGREGATE_ISSUE_STATE_REMOVED
            - AGGREGATE_ISSUE_STATE_IGNORED_APP
            - AGGREGATE_ISSUE_STATE_IGNORED_CODE
            - AGGREGATE_ISSUE_STATE_UNKNOWN
            - AGGREGATE_ISSUE_STATE_REVIEWING
            - AGGREGATE_ISSUE_STATE_FIXING
            - AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | AGGREGATE_ISSUE_STATE_OPEN |  |
            | AGGREGATE_ISSUE_STATE_FIXED |  |
            | AGGREGATE_ISSUE_STATE_REMOVED |  |
            | AGGREGATE_ISSUE_STATE_IGNORED_APP |  |
            | AGGREGATE_ISSUE_STATE_IGNORED_CODE |  |
            | AGGREGATE_ISSUE_STATE_UNKNOWN |  |
            | AGGREGATE_ISSUE_STATE_REVIEWING |  |
            | AGGREGATE_ISSUE_STATE_FIXING |  |
            | AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP |  |

          format: enum
        guardrailsState:
          type: string
    protos.reporting.v1.GetReportFindingsResponse:
      type: object
      properties:
        findings:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.Issue'
        cursor:
          type: string
        total:
          type: integer
          format: int64
        totalCode:
          type: integer
          format: int64
        totalSca:
          type: integer
          format: int64
        totalSecrets:
          type: integer
          format: int64
    protos.reporting.v1.ReportFilters:
      type: object
      properties:
        timePeriod:
          $ref: '#/components/schemas/protos.reporting.v1.TimePeriod'
        timeBucketSize:
          enum:
            - TIME_BUCKET_SIZE_DAY
            - TIME_BUCKET_SIZE_WEEK
            - TIME_BUCKET_SIZE_MONTH
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | TIME_BUCKET_SIZE_DAY |  |
            | TIME_BUCKET_SIZE_WEEK |  |
            | TIME_BUCKET_SIZE_MONTH |  |

          format: enum
        findingTypes:
          enum:
            - FINDING_TYPE_CODE
            - FINDING_TYPE_SCA
            - FINDING_TYPE_SECRETS
          type: array
          items:
            enum:
              - FINDING_TYPE_UNSPECIFIED
              - FINDING_TYPE_CODE
              - FINDING_TYPE_SCA
              - FINDING_TYPE_SECRETS
            type: string
            format: enum
          description: |+

            | value | description |
            |-------|---------------|
            | FINDING_TYPE_CODE |  |
            | FINDING_TYPE_SCA |  |
            | FINDING_TYPE_SECRETS |  |

        findingSeverities:
          enum:
            - FINDING_SEVERITY_LOW
            - FINDING_SEVERITY_MEDIUM
            - FINDING_SEVERITY_HIGH
            - FINDING_SEVERITY_CRITICAL
          type: array
          items:
            enum:
              - FINDING_SEVERITY_UNSPECIFIED
              - FINDING_SEVERITY_LOW
              - FINDING_SEVERITY_MEDIUM
              - FINDING_SEVERITY_HIGH
              - FINDING_SEVERITY_CRITICAL
            type: string
            format: enum
          description: |+

            | value | description |
            |-------|---------------|
            | FINDING_SEVERITY_LOW |  |
            | FINDING_SEVERITY_MEDIUM |  |
            | FINDING_SEVERITY_HIGH |  |
            | FINDING_SEVERITY_CRITICAL |  |

        projects:
          type: array
          items:
            type: string
          description: Case sensitive project names, prefer project_ids for filtering.
        tags:
          type: array
          items:
            type: string
        confidence:
          enum:
            - FINDING_CONFIDENCE_LOW
            - FINDING_CONFIDENCE_MEDIUM
            - FINDING_CONFIDENCE_HIGH
          type: array
          items:
            enum:
              - FINDING_CONFIDENCE_UNSPECIFIED
              - FINDING_CONFIDENCE_LOW
              - FINDING_CONFIDENCE_MEDIUM
              - FINDING_CONFIDENCE_HIGH
            type: string
            format: enum
          description: |+

            | value | description |
            |-------|---------------|
            | FINDING_CONFIDENCE_LOW |  |
            | FINDING_CONFIDENCE_MEDIUM |  |
            | FINDING_CONFIDENCE_HIGH |  |

        reachability:
          enum:
            - FINDING_REACHABILITY_REACHABLE
            - FINDING_REACHABILITY_ALWAYS_REACHABLE
            - FINDING_REACHABILITY_CONDITIONALLY_REACHABLE
            - FINDING_REACHABILITY_NO_REACHABILITY_ANALYSIS
            - FINDING_REACHABILITY_UNREACHABLE
          type: array
          items:
            enum:
              - FINDING_REACHABILITY_UNSPECIFIED
              - FINDING_REACHABILITY_REACHABLE
              - FINDING_REACHABILITY_ALWAYS_REACHABLE
              - FINDING_REACHABILITY_CONDITIONALLY_REACHABLE
              - FINDING_REACHABILITY_NO_REACHABILITY_ANALYSIS
              - FINDING_REACHABILITY_UNREACHABLE
            type: string
            format: enum
          description: |+

            | value | description |
            |-------|---------------|
            | FINDING_REACHABILITY_REACHABLE |  |
            | FINDING_REACHABILITY_ALWAYS_REACHABLE |  |
            | FINDING_REACHABILITY_CONDITIONALLY_REACHABLE |  |
            | FINDING_REACHABILITY_NO_REACHABILITY_ANALYSIS |  |
            | FINDING_REACHABILITY_UNREACHABLE |  |

        validity:
          enum:
            - FINDING_VALIDITY_VALID
            - FINDING_VALIDITY_INVALID
            - FINDING_VALIDITY_ERROR
            - FINDING_VALIDITY_NO_VALIDATOR
          type: array
          items:
            enum:
              - FINDING_VALIDITY_UNSPECIFIED
              - FINDING_VALIDITY_VALID
              - FINDING_VALIDITY_INVALID
              - FINDING_VALIDITY_ERROR
              - FINDING_VALIDITY_NO_VALIDATOR
            type: string
            format: enum
          description: |+

            | value | description |
            |-------|---------------|
            | FINDING_VALIDITY_VALID |  |
            | FINDING_VALIDITY_INVALID |  |
            | FINDING_VALIDITY_ERROR |  |
            | FINDING_VALIDITY_NO_VALIDATOR |  |

        teams:
          type: array
          items:
            type: string
        ruleIds:
          type: array
          items:
            type: string
        aiVerdicts:
          enum:
            - VERDICT_TRUE_POSITIVE
            - VERDICT_FALSE_POSITIVE
            - VERDICT_NO_VERDICT
          type: array
          items:
            enum:
              - VERDICT_UNSPECIFIED
              - VERDICT_TRUE_POSITIVE
              - VERDICT_FALSE_POSITIVE
              - VERDICT_NO_VERDICT
            type: string
            format: enum
          description: |+

            | value | description |
            |-------|---------------|
            | VERDICT_TRUE_POSITIVE |  |
            | VERDICT_FALSE_POSITIVE |  |
            | VERDICT_NO_VERDICT |  |

        deploymentStatuses:
          enum:
            - DEPLOYMENT_STATUS_UNKNOWN
            - DEPLOYMENT_STATUS_DEPLOYED
            - DEPLOYMENT_STATUS_NOT_DEPLOYED
          type: array
          items:
            enum:
              - DEPLOYMENT_STATUS_UNSPECIFIED
              - DEPLOYMENT_STATUS_UNKNOWN
              - DEPLOYMENT_STATUS_DEPLOYED
              - DEPLOYMENT_STATUS_NOT_DEPLOYED
            type: string
            format: enum
          description: |+

            | value | description |
            |-------|---------------|
            | DEPLOYMENT_STATUS_UNKNOWN |  |
            | DEPLOYMENT_STATUS_DEPLOYED |  |
            | DEPLOYMENT_STATUS_NOT_DEPLOYED |  |

        publicExposures:
          enum:
            - PUBLIC_EXPOSURE_UNKNOWN
            - PUBLIC_EXPOSURE_PUBLIC
            - PUBLIC_EXPOSURE_NOT_PUBLIC
          type: array
          items:
            enum:
              - PUBLIC_EXPOSURE_UNSPECIFIED
              - PUBLIC_EXPOSURE_UNKNOWN
              - PUBLIC_EXPOSURE_PUBLIC
              - PUBLIC_EXPOSURE_NOT_PUBLIC
            type: string
            format: enum
          description: |+

            | value | description |
            |-------|---------------|
            | PUBLIC_EXPOSURE_UNKNOWN |  |
            | PUBLIC_EXPOSURE_PUBLIC |  |
            | PUBLIC_EXPOSURE_NOT_PUBLIC |  |

        findingCategories:
          type: array
          items:
            type: string
        projectIds:
          type: array
          items:
            type: string
    protos.issues.v1.Issue:
      type: object
      properties:
        id:
          type: string
          description: ID of the finding
        createdAt:
          type: string
          description: Creation timestamp
          format: date-time
        ref:
          type: string
          description: Branch where the finding was detected
        syntacticId:
          type: string
          description: >-
            Semi-unique hash of a check consisting of: Line Numbers, File Path,
            Rule ID, Index of finding in file, and Matched code
        matchBasedId:
          type: string
          description: >-
            Semi-unique hash of a check consisting of: File Path, Rule ID, Index
            of finding in file, and Rule Formula with metavariable bindings
            substituted in
        ruleId:
          type: string
          description: The ID of the associated semgrep rule
        status:
          enum:
            - ISSUE_STATUS_FIXED
            - ISSUE_STATUS_MUTED
            - ISSUE_STATUS_REMOVED
            - ISSUE_STATUS_UNRESOLVED
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | ISSUE_STATUS_FIXED |  |
            | ISSUE_STATUS_MUTED |  |
            | ISSUE_STATUS_REMOVED |  |
            | ISSUE_STATUS_UNRESOLVED |  |

          format: enum
        repository:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_Repository'
          description: The repository in which this issue was found
        firstSeenScan:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_Scan'
          description: The first scan in which this issue was found
        triageState:
          enum:
            - FINDING_TRIAGE_STATE_UNTRIAGED
            - FINDING_TRIAGE_STATE_IGNORED
            - FINDING_TRIAGE_STATE_REOPENED
            - FINDING_TRIAGE_STATE_UNKNOWN
            - FINDING_TRIAGE_STATE_REVIEWING
            - FINDING_TRIAGE_STATE_FIXING
            - FINDING_TRIAGE_STATE_PROVISIONALLY_IGNORED
          type: string
          description: |+
            The issue's current triage state.

            | value | description |
            |-------|---------------|
            | FINDING_TRIAGE_STATE_UNTRIAGED |  |
            | FINDING_TRIAGE_STATE_IGNORED |  |
            | FINDING_TRIAGE_STATE_REOPENED |  |
            | FINDING_TRIAGE_STATE_UNKNOWN |  |
            | FINDING_TRIAGE_STATE_REVIEWING |  |
            | FINDING_TRIAGE_STATE_FIXING |  |
            | FINDING_TRIAGE_STATE_PROVISIONALLY_IGNORED |  |

          format: enum
        triageReason:
          enum:
            - FINDING_TRIAGE_REASON_FALSE_POSITIVE
            - FINDING_TRIAGE_REASON_NO_TIME
            - FINDING_TRIAGE_REASON_ACCEPTABLE_RISK
            - FINDING_TRIAGE_REASON_NO_TRIAGE_REASON
            - FINDING_TRIAGE_REASON_UNKNOWN
            - FINDING_TRIAGE_REASON_DUPLICATE
          type: string
          description: |+
            The reason the issue was triaged.

            | value | description |
            |-------|---------------|
            | FINDING_TRIAGE_REASON_FALSE_POSITIVE |  |
            | FINDING_TRIAGE_REASON_NO_TIME |  |
            | FINDING_TRIAGE_REASON_ACCEPTABLE_RISK |  |
            | FINDING_TRIAGE_REASON_NO_TRIAGE_REASON |  |
            | FINDING_TRIAGE_REASON_UNKNOWN |  |
            | FINDING_TRIAGE_REASON_DUPLICATE |  |

          format: enum
        relevantSince:
          type: string
          description: The timestamp from which this issue was relevant
          format: date-time
        aggregateState:
          enum:
            - AGGREGATE_ISSUE_STATE_OPEN
            - AGGREGATE_ISSUE_STATE_FIXED
            - AGGREGATE_ISSUE_STATE_REMOVED
            - AGGREGATE_ISSUE_STATE_IGNORED_APP
            - AGGREGATE_ISSUE_STATE_IGNORED_CODE
            - AGGREGATE_ISSUE_STATE_UNKNOWN
            - AGGREGATE_ISSUE_STATE_REVIEWING
            - AGGREGATE_ISSUE_STATE_FIXING
            - AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP
          type: string
          description: >+
            The overall state of the issue, accounting for status (controlled by
            scans), triaging, external events like PR closes, etc. TODO: use the
            `AggregateState` enum instead of raw strings.


            | value | description |

            |-------|---------------|

            | AGGREGATE_ISSUE_STATE_OPEN |  |

            | AGGREGATE_ISSUE_STATE_FIXED |  |

            | AGGREGATE_ISSUE_STATE_REMOVED |  |

            | AGGREGATE_ISSUE_STATE_IGNORED_APP |  |

            | AGGREGATE_ISSUE_STATE_IGNORED_CODE |  |

            | AGGREGATE_ISSUE_STATE_UNKNOWN |  |

            | AGGREGATE_ISSUE_STATE_REVIEWING |  |

            | AGGREGATE_ISSUE_STATE_FIXING |  |

            | AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP |  |

          format: enum
        note:
          type: string
          description: Comment left when triaged
        externalTicket:
          allOf:
            - $ref: '#/components/schemas/protos.ticketing.v1.ExternalTicket'
          description: The external ticket reference
        vulnGroupKey:
          type: string
          description: The key used to group supply chain vulns (deprecated)
        isBlocking:
          type: boolean
          description: True if this issue is a blocking issue.
        autotriage:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.Autotriage'
          description: The autotriage info related to this issue.
        aiTags:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.SensitivityTags'
          description: The autotriage tags associated with this issue
        lineOfCodeUrl:
          type: string
          description: The URL to the specific line of code causing this issue
        codeSnippet:
          type: string
          description: >-
            The code snippet causing this issue. Only available when fetching a
            single issue at a time via the GetIssue RPC. Deprecated in favor of
            `code_snippets` for multi-file support.
        dataflowTrace:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_DataflowTrace'
          description: >-
            A call trace order of code locations leading to the site of the
            issue. Only available when fetching a single issue at a time via the
            GetIssue RPC.
        commitUrl:
          type: string
          description: >-
            The URL of the specific commit which introduced this issue. Only
            available when fetching a single issue at a time via the GetIssue
            RPC.
        activityHistory:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.Issue_ActivityHistoryEvent'
          description: >-
            A chronologically-ordered list of events related to this issue
            (status change, ai tags, triage events). Always populated by the
            GetIssue RPC; populated by ListIssues only when
            ListIssuesRequest.include_activity_history is true.
        relatedIssues:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.Issue_RelatedIssue'
          description: >-
            A list of related issues (with the same match based ID). Only
            available when fetching a single issue at a time via the GetIssue
            RPC.
        remediation:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.Remediation'
          description: |-
            AI remediation info for this issue (guidance and autofix).
             Available in the GetIssue RPC and in list responses when include_remediation is set to true.
        lastSeenScan:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_Scan'
          description: The last scan in which this issue was found
        filePath:
          type: string
          description: The path to the file in which this issue was found.
        line:
          type: integer
          description: The first line number in which this issue was found.
          format: int64
        endLine:
          type: integer
          description: >-
            The end line number in which this issue was found (if the offending
            code spans several lines).
          format: int64
        column:
          type: integer
          description: >-
            The start column number within the line in which this issue was
            found.
          format: int64
        endColumn:
          type: integer
          description: >-
            The end column number within the last line in which this issue was
            found (if applicable).
          format: int64
        severity:
          enum:
            - SEVERITY_HIGH
            - SEVERITY_MEDIUM
            - SEVERITY_LOW
            - SEVERITY_CRITICAL
          type: string
          description: |+
            The severity ("seriousness") of the issue.

            | value | description |
            |-------|---------------|
            | SEVERITY_HIGH |  |
            | SEVERITY_MEDIUM |  |
            | SEVERITY_LOW |  |
            | SEVERITY_CRITICAL |  |

          format: enum
        message:
          type: string
          description: An optional message that helps describe the issue in more detail.
        rulePath:
          type: string
          description: The full path of the rule used to generate this issue.
        confidence:
          enum:
            - CONFIDENCE_HIGH
            - CONFIDENCE_MEDIUM
            - CONFIDENCE_LOW
          type: string
          description: |+
            The confidence in false-positive rate of an issue.

            | value | description |
            |-------|---------------|
            | CONFIDENCE_HIGH |  |
            | CONFIDENCE_MEDIUM |  |
            | CONFIDENCE_LOW |  |

          format: enum
        ruleUrl:
          type: string
          description: The url of the rule used to generate this issue.
        ruleReferences:
          type: array
          items:
            type: string
          description: >-
            A list of external references (URLs) which help describe or provide
            context for the rule used to generate this issue.
        ruleOrigin:
          enum:
            - RULE_ORIGIN_CUSTOM
            - RULE_ORIGIN_COMMUNITY
            - RULE_ORIGIN_PRO_RULES
          type: string
          description: >+
            The origin of the rule (pro rules, semgrep community, or a custom
            rule)


            | value | description |

            |-------|---------------|

            | RULE_ORIGIN_CUSTOM |  |

            | RULE_ORIGIN_COMMUNITY |  |

            | RULE_ORIGIN_PRO_RULES |  |

          format: enum
        ruleHashId:
          type: string
          description: The hash of the associated rule.
        ruleCweNames:
          type: array
          items:
            type: string
          description: The names of the CWEs associated with this issue's rule.
        ruleOwaspNames:
          type: array
          items:
            type: string
          description: The names of the OWASP categories associated with this issue's rule.
        ruleset:
          type: string
          description: The ruleset to which this issue's rule belongs (if applicable).
        policySlug:
          type: string
          description: A slugified version of the associated rule's policy.
        category:
          type: string
          description: The issue's category (or "other" if none).
        ruleSupersededBy:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.SupersededRule'
          description: A list of rules which supersede this issue's rule.
        issueType:
          enum:
            - ISSUE_TYPE_SAST
            - ISSUE_TYPE_SCA
            - ISSUE_TYPE_SECRETS
            - ISSUE_TYPE_RESEARCH
            - ISSUE_TYPE_AI_SAST
          type: string
          description: >+
            The product which owns this issue, e.g. SAST (code), SCA (supply
            chain), etc.


            | value | description |

            |-------|---------------|

            | ISSUE_TYPE_SAST | Detected by Code rules |

            | ISSUE_TYPE_SCA | Detected by Supply Chain rules |

            | ISSUE_TYPE_SECRETS | Detected by Secrets rules |

            | ISSUE_TYPE_RESEARCH | Detected by research rules or scanners |

            | ISSUE_TYPE_AI_SAST | Detected by AI detection code scanning |

          format: enum
        issueParentId:
          type: string
          description: Parent ID of the finding. Present for all types.
        ticketAttempts:
          type: array
          items:
            $ref: '#/components/schemas/protos.ticketing.v1.TicketAttempt'
          description: The failed attempts at ticket creation
        sastAttributes:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_SastAttributes'
          description: Only set for code issues (i.e. if issue_type == `SAST`)
        scaAttributes:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_ScaAttributes'
          description: Only set for supply chain issues (i.e. if issue_type == `SCA`)
        secretsAttributes:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.Issue_SecretsAttributes'
          description: Only set for secrets issues (i.e. if issue_type == `SECRETS`)
        subcategories:
          type: array
          items:
            type: string
          description: The issue's subcategories
        refUrl:
          type: string
          description: >-
            The URL of the specific commit which introduced this issue. Only
            available when fetching a single issue at a time via the GetIssue
            RPC.
        codeowners:
          type: array
          items:
            $ref: '#/components/schemas/protos.ai.v1.Codeowner'
        codeSnippets:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.Issue_CodeSnippet'
          description: >-
            The content of files involved in this issue. Only available when
            fetching a single issue at a time via the GetIssue RPC.
        ruleExplanation:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.RuleExplanation'
          description: >-
            AI-generated explanation for true positive autotriage cases. Only
            available when fetching a single issue at a time via the GetIssue
            RPC.
        ruleDisplayName:
          type: string
          description: >-
            The human-readable display name of the rule (e.g., "Hardcoded
            secret"). Only available when fetching a single issue at a time via
            the GetIssue RPC.
        clickToFixPrUrl:
          type: string
          description: >-
            The URL of the Click-to-Fix PR that was opened to fix this issue (if
            any).
             Available in the GetIssue RPC and in list responses that opt into it.
        aiImpact:
          type: string
          description: >-
            AI Detection only: LLM-generated description of the vulnerability's
            impact. Only available when fetching a single issue at a time via
            the GetIssue RPC.
        aiExploitConditions:
          type: array
          items:
            $ref: '#/components/schemas/protos.ai.v1.ExploitCondition'
          description: >-
            AI Detection only: Conditions that must be true for the
            vulnerability to be exploitable. Only available when fetching a
            single issue at a time via the GetIssue RPC.
        clickToFixCommitMsg:
          type: string
          description: >-
            The commit message for the Click-to-Fix PR (if any). Only available
            when fetching a single issue at a time via the GetIssue RPC.
        exceptionRequest:
          allOf:
            - $ref: >-
                #/components/schemas/protos.issues.v1.IssueExceptionRequestSummary
          description: >-
            A summary of the exception request for this issue, shaped for the
            findings
             list UI. Only returned if include_exception_request_info was true in the request.
        clickToFixPrId:
          type: string
          description: |-
            The SCM-agnostic PR identifier for the Click-to-Fix PR (if any).
             Available in the GetIssue RPC and in list responses that opt into it.
             Prefer this over parsing the PR number from click_to_fix_pr_url.
        triagePermission:
          enum:
            - TRIAGE_PERMISSION_IGNORE
            - TRIAGE_PERMISSION_REQUEST
            - TRIAGE_PERMISSION_NONE
          type: string
          description: >+
            The triage permission for this issue: whether a developer may ignore
            it
             themselves, must request an exception, or cannot triage it at all.
             Only defined when the developer approvals feature is enabled.

            | value | description |

            |-------|---------------|

            | TRIAGE_PERMISSION_IGNORE |  |

            | TRIAGE_PERMISSION_REQUEST |  |

            | TRIAGE_PERMISSION_NONE |  |

          format: enum
        isArchived:
          type: boolean
          description: >-
            True if this finding's project is archived (Semgrep-initiated via
            is_semgrep_archived, or SCM-archived).
    protos.reporting.v1.TimePeriod:
      type: object
      properties:
        since:
          type: string
          format: date-time
        until:
          type: string
          format: date-time
      description: |-
        ******************************************
         Shared types
         ******************************************
    protos.issues.v1.Issue_Repository:
      type: object
      properties:
        name:
          type: string
          description: Repository name
        id:
          type: string
        type:
          enum:
            - SCM_TYPE_GITHUB
            - SCM_TYPE_GITHUB_ENTERPRISE
            - SCM_TYPE_GITLAB
            - SCM_TYPE_GITLAB_SELFMANAGED
            - SCM_TYPE_BITBUCKET
            - SCM_TYPE_BITBUCKET_DATACENTER
            - SCM_TYPE_AZURE_DEVOPS
            - SCM_TYPE_UNKNOWN
            - SCM_TYPE_HARNESS
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | SCM_TYPE_GITHUB | GitHub Cloud |
            | SCM_TYPE_GITHUB_ENTERPRISE | GitHub Enterprise |
            | SCM_TYPE_GITLAB | GitLab Cloud |
            | SCM_TYPE_GITLAB_SELFMANAGED | GitLab Self-Managed |
            | SCM_TYPE_BITBUCKET | Bitbucket Cloud |
            | SCM_TYPE_BITBUCKET_DATACENTER | Bitbucket Data Center |
            | SCM_TYPE_AZURE_DEVOPS | Azure DevOps |
            | SCM_TYPE_UNKNOWN |  |
            | SCM_TYPE_HARNESS | Harness |

          format: enum
        primaryRef:
          $ref: '#/components/schemas/protos.issues.v1.Issue_PrimaryRefItem'
    protos.issues.v1.Issue_Scan:
      type: object
      properties:
        id:
          type: string
        meta:
          type: object
    protos.ticketing.v1.ExternalTicket:
      type: object
      properties:
        url:
          type: string
          description: URL of the external ticket.
        externalSlug:
          type: string
          description: >-
            Identifier of the external ticket (e.g. for Jira, something like
            OPS-158).
        id:
          type: string
          description: Nango ticket id
        linkedIssueIds:
          type: array
          items:
            type: string
          description: Semgrep issue ids that are linked to this external ticket
    protos.ai.v1.Autotriage:
      type: object
      properties:
        id:
          type: string
        issueId:
          type: string
        verdict:
          enum:
            - VERDICT_TRUE_POSITIVE
            - VERDICT_FALSE_POSITIVE
            - VERDICT_NO_VERDICT
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | VERDICT_TRUE_POSITIVE |  |
            | VERDICT_FALSE_POSITIVE |  |
            | VERDICT_NO_VERDICT |  |

          format: enum
        reason:
          type: string
          description: >-
            The reasoning for a false positive verdict, explaining why you might
            want to ignore the finding. Empty string if verdict is true
            positive.
        feedback:
          $ref: '#/components/schemas/protos.ai.v1.AutotriageFeedback'
        matchBasedId:
          type: string
        memoryIdsReferenced:
          type: array
          items:
            type: string
        memoryIdsRendered:
          type: array
          items:
            type: string
    protos.ai.v1.SensitivityTags:
      type: object
      properties:
        id:
          type: string
          description: The database id of the sensitivity tags
        path:
          type: string
          description: The path of the file
        tags:
          type: string
          description: |-
            The tag that is associated with the file
             The tags are defined in SensitivityTag
        sensitivity:
          enum:
            - SENSITIVITY_HIGH_SENSITIVITY
            - SENSITIVITY_LOW_SENSITIVITY
            - SENSITIVITY_NEUTRAL_SENSITIVITY
          type: string
          description: |+
            The sensitivity of the given tag
             Sensitivities are defined in HighSensitivityTag and LowSensitivityTag

            | value | description |
            |-------|---------------|
            | SENSITIVITY_HIGH_SENSITIVITY |  |
            | SENSITIVITY_LOW_SENSITIVITY |  |
            | SENSITIVITY_NEUTRAL_SENSITIVITY |  |

          format: enum
    protos.issues.v1.Issue_DataflowTrace:
      type: object
      properties:
        taintSource:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Location'
        intermediateVars:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Location'
        taintSink:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Location'
    protos.issues.v1.Issue_ActivityHistoryEvent:
      type: object
      properties:
        date:
          type: string
          format: date-time
        title:
          type: string
        triageReason:
          type: string
        note:
          type: string
        actor:
          type: string
        historyType:
          enum:
            - HISTORY_TYPE_STATUS
            - HISTORY_TYPE_TRIAGE
            - HISTORY_TYPE_AUTOTRIAGE
            - HISTORY_TYPE_AUTOTRIAGE_FEEDBACK
            - HISTORY_TYPE_AI_TAG
            - HISTORY_TYPE_ANALYSIS_STARTED
            - HISTORY_TYPE_REVIEW_COMMENT_SILENCED
            - HISTORY_TYPE_TICKET_CREATED
            - HISTORY_TYPE_TICKET_ATTEMPTED
            - HISTORY_TYPE_GUIDANCE_REGENERATION
            - HISTORY_TYPE_SCM_MENTION
            - HISTORY_TYPE_CLICK_TO_FIX_PR_REQUESTED
            - HISTORY_TYPE_CLICK_TO_FIX_PR_OPENED
            - HISTORY_TYPE_CLICK_TO_FIX_PR_FAILED
            - HISTORY_TYPE_CLICK_TO_FIX_PR_MERGED
            - HISTORY_TYPE_EXCEPTION_REQUEST_CREATED
            - HISTORY_TYPE_EXCEPTION_REQUEST_APPROVED
            - HISTORY_TYPE_EXCEPTION_REQUEST_REJECTED
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | HISTORY_TYPE_STATUS |  |
            | HISTORY_TYPE_TRIAGE |  |
            | HISTORY_TYPE_AUTOTRIAGE |  |
            | HISTORY_TYPE_AUTOTRIAGE_FEEDBACK |  |
            | HISTORY_TYPE_AI_TAG |  |
            | HISTORY_TYPE_ANALYSIS_STARTED |  |
            | HISTORY_TYPE_REVIEW_COMMENT_SILENCED |  |
            | HISTORY_TYPE_TICKET_CREATED |  |
            | HISTORY_TYPE_TICKET_ATTEMPTED |  |
            | HISTORY_TYPE_GUIDANCE_REGENERATION |  |
            | HISTORY_TYPE_SCM_MENTION |  |
            | HISTORY_TYPE_CLICK_TO_FIX_PR_REQUESTED |  |
            | HISTORY_TYPE_CLICK_TO_FIX_PR_OPENED |  |
            | HISTORY_TYPE_CLICK_TO_FIX_PR_FAILED |  |
            | HISTORY_TYPE_CLICK_TO_FIX_PR_MERGED |  |
            | HISTORY_TYPE_EXCEPTION_REQUEST_CREATED |  |
            | HISTORY_TYPE_EXCEPTION_REQUEST_APPROVED |  |
            | HISTORY_TYPE_EXCEPTION_REQUEST_REJECTED |  |

          format: enum
        exceptionRequestDetails:
          $ref: >-
            #/components/schemas/protos.issues.v1.ActivityHistoryEvent_ExceptionRequestDetails
    protos.issues.v1.Issue_RelatedIssue:
      type: object
      properties:
        id:
          type: string
        ref:
          type: string
        pullRequestId:
          type: string
        aggregateState:
          enum:
            - AGGREGATE_ISSUE_STATE_OPEN
            - AGGREGATE_ISSUE_STATE_FIXED
            - AGGREGATE_ISSUE_STATE_REMOVED
            - AGGREGATE_ISSUE_STATE_IGNORED_APP
            - AGGREGATE_ISSUE_STATE_IGNORED_CODE
            - AGGREGATE_ISSUE_STATE_UNKNOWN
            - AGGREGATE_ISSUE_STATE_REVIEWING
            - AGGREGATE_ISSUE_STATE_FIXING
            - AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | AGGREGATE_ISSUE_STATE_OPEN |  |
            | AGGREGATE_ISSUE_STATE_FIXED |  |
            | AGGREGATE_ISSUE_STATE_REMOVED |  |
            | AGGREGATE_ISSUE_STATE_IGNORED_APP |  |
            | AGGREGATE_ISSUE_STATE_IGNORED_CODE |  |
            | AGGREGATE_ISSUE_STATE_UNKNOWN |  |
            | AGGREGATE_ISSUE_STATE_REVIEWING |  |
            | AGGREGATE_ISSUE_STATE_FIXING |  |
            | AGGREGATE_ISSUE_STATE_PROVISIONALLY_IGNORED_APP |  |

          format: enum
        createdAt:
          type: string
          format: date-time
    protos.ai.v1.Remediation:
      type: object
      properties:
        issueId:
          type: string
          description: The issue id that the remediation is for
        matchBasedId:
          type: string
          description: The match based id of the issue that remediation is for
        autofix:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.Autofix'
          description: The autofix to fix the issue
        guidance:
          allOf:
            - $ref: '#/components/schemas/protos.ai.v1.Guidance'
          description: The guidance to fix the issue
    protos.issues.v1.SupersededRule:
      type: object
      properties:
        product:
          enum:
            - RULE_TYPE_SAST
            - RULE_TYPE_SCA
            - RULE_TYPE_SECRETS
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | RULE_TYPE_SAST |  |
            | RULE_TYPE_SCA |  |
            | RULE_TYPE_SECRETS |  |

          format: enum
        rulePath:
          type: string
      description: This represents the information of a rule which may supersede another.
    protos.ticketing.v1.TicketAttempt:
      type: object
      properties:
        attemptedAt:
          type: string
          description: Date that the ticket was last attempted
          format: date-time
        responseMessage:
          type: string
          description: The (error) message returned when the attempt was made
    protos.issues.v1.Issue_SastAttributes:
      type: object
      properties: {}
      description: Groups the fields of Issue that are specific to the SAST product
    protos.issues.v1.Issue_ScaAttributes:
      type: object
      properties:
        severity:
          enum:
            - SEVERITY_HIGH
            - SEVERITY_MEDIUM
            - SEVERITY_LOW
            - SEVERITY_CRITICAL
          type: string
          description: >+
            Severity of the SCA issue (TODO: reconcile this with the
            Issue.severity field, which *should* agree but doesn't necessarily
            agree yet)


            | value | description |

            |-------|---------------|

            | SEVERITY_HIGH |  |

            | SEVERITY_MEDIUM |  |

            | SEVERITY_LOW |  |

            | SEVERITY_CRITICAL |  |

          format: enum
        vulnDatabaseIdentifier:
          type: string
          description: ID of the CVE or GHSA from upon which this SCA issue's rule is based
        reachability:
          enum:
            - REACHABILITY_CONDITIONALLY_REACHABLE
            - REACHABILITY_ALWAYS_REACHABLE
            - REACHABILITY_REACHABLE
            - REACHABILITY_UNREACHABLE
            - REACHABILITY_UNKNOWN
          type: string
          description: >+
            SCA issue's reachability (whether the issue is reachable from the
            client's code and, if so, how)


            | value | description |

            |-------|---------------|

            | REACHABILITY_CONDITIONALLY_REACHABLE |  |

            | REACHABILITY_ALWAYS_REACHABLE |  |

            | REACHABILITY_REACHABLE |  |

            | REACHABILITY_UNREACHABLE |  |

            | REACHABILITY_UNKNOWN |  |

          format: enum
        reachableCondition:
          type: string
          description: >-
            For SCA issues which are conditionally reachable, this will store a
            human-readable description of the condition.
        cwes:
          type: array
          items:
            type: string
          description: >-
            Stands for "common weakness enumeration": a taxonomy for identifying
            the common sources of software flaws (e.g., buffer overflows,
            failure to check input data)
        foundDependency:
          allOf:
            - $ref: >-
                #/components/schemas/protos.issues.v1.ScaAttributes_FoundDependency
          description: The dependency in which this SCA issue was found.
        fixRecommendations:
          type: array
          items:
            $ref: >-
              #/components/schemas/protos.issues.v1.ScaAttributes_FixRecommendation
          description: >-
            A list of Semgrep's dependency upgrade recommendations which would
            addressing the SCA issue's underlying rule.
        bestFix:
          allOf:
            - $ref: >-
                #/components/schemas/protos.issues.v1.ScaAttributes_FixRecommendation
          description: One of the `fix_recommendations` that we have identified as best
        epssScore:
          allOf:
            - $ref: '#/components/schemas/protos.sca.v1.EpssScore'
          description: >-
            the exploit prediction score associated with the issue's
            corresponding CVE calculated by https://www.first.org/epss/ (only
            present if the issue is associated with a CVE)
        rulePublishDate:
          type: string
          description: the date the associated rule was published
          format: date-time
        scaRuleKind:
          enum:
            - SCA_RULE_KIND_REACHABLE
            - SCA_RULE_KIND_UPGRADE_ONLY
            - SCA_RULE_KIND_MALICIOUS_DEPENDENCY
            - SCA_RULE_KIND_LEGACY
          type: string
          description: >+
            SCA issue's kind (malicious, reachable, upgrade-only, etc.). Note
            that this repeats some information that is included in
            `reachability` and `transitivity`.
             TODO: consolidate with `reachability` and `transitivity` when we roll out TR for everyone.

            | value | description |

            |-------|---------------|

            | SCA_RULE_KIND_REACHABLE |  |

            | SCA_RULE_KIND_UPGRADE_ONLY |  |

            | SCA_RULE_KIND_MALICIOUS_DEPENDENCY |  |

            | SCA_RULE_KIND_LEGACY |  |

          format: enum
        scaMatchInfo:
          allOf:
            - $ref: '#/components/schemas/protos.issues.v1.ScaAttributes_ScaMatchInfo'
          description: The new sca_match_kind, used for transitive reachability.
        introducedBy:
          type: array
          items:
            $ref: >-
              #/components/schemas/protos.issues.v1.ScaAttributes_IntroducingDependency
          description: >-
            The distinct direct dependencies that introduced this transitive
            dependency.
             Empty for direct dependencies (not applicable).
      description: Groups the fields of Issue that are specific to the SCA product
    protos.issues.v1.Issue_SecretsAttributes:
      type: object
      properties:
        validationState:
          enum:
            - VALIDATION_STATE_CONFIRMED_VALID
            - VALIDATION_STATE_CONFIRMED_INVALID
            - VALIDATION_STATE_VALIDATION_ERROR
            - VALIDATION_STATE_NO_VALIDATOR
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | VALIDATION_STATE_CONFIRMED_VALID |  |
            | VALIDATION_STATE_CONFIRMED_INVALID |  |
            | VALIDATION_STATE_VALIDATION_ERROR |  |
            | VALIDATION_STATE_NO_VALIDATOR |  |

          format: enum
        secretType:
          type: string
        historicalInfo:
          $ref: '#/components/schemas/protos.secrets.v1.HistoricalInfo'
      description: Groups the fields of Issue that are specific to the Secrets product
    protos.ai.v1.Codeowner:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        isTeam:
          type: boolean
        members:
          type: array
          items:
            $ref: '#/components/schemas/protos.ai.v1.Codeowner'
    protos.issues.v1.Issue_CodeSnippet:
      type: object
      properties:
        path:
          type: string
        content:
          type: string
    protos.ai.v1.RuleExplanation:
      type: object
      properties:
        id:
          type: string
          description: The database id of the rule explanation
        summary:
          type: string
          description: A concise summary of the rule explanation
        explanation:
          type: string
          description: The full detailed explanation of why this rule flagged the code
      description: >-
        RuleExplanation contains AI-generated explanations for why a rule
        flagged specific code
    protos.ai.v1.ExploitCondition:
      type: object
      properties:
        description:
          type: string
          description: Plain english description of the step
        confirmed:
          type: boolean
          description: Whether the LLM was able to confirm this condition is met
      description: >-
        One step in a list of conditions that must be true to exploit a
        vulnerability
    protos.issues.v1.IssueExceptionRequestSummary:
      type: object
      properties:
        exceptionState:
          enum:
            - FINDING_EXCEPTION_REQUEST_STATE_REQUESTED
            - FINDING_EXCEPTION_REQUEST_STATE_APPROVED
            - FINDING_EXCEPTION_REQUEST_STATE_REJECTED
          type: string
          description: |+
            Current state of the exception request.

            | value | description |
            |-------|---------------|
            | FINDING_EXCEPTION_REQUEST_STATE_REQUESTED |  |
            | FINDING_EXCEPTION_REQUEST_STATE_APPROVED |  |
            | FINDING_EXCEPTION_REQUEST_STATE_REJECTED |  |

          format: enum
        requesterLogin:
          type: string
          description: >-
            Login of the user who submitted the request. Absent if created
            programmatically.
        requesterNote:
          type: string
          description: Note provided by the requester.
        requesterTriageReason:
          enum:
            - FINDING_TRIAGE_REASON_FALSE_POSITIVE
            - FINDING_TRIAGE_REASON_NO_TIME
            - FINDING_TRIAGE_REASON_ACCEPTABLE_RISK
            - FINDING_TRIAGE_REASON_NO_TRIAGE_REASON
            - FINDING_TRIAGE_REASON_UNKNOWN
            - FINDING_TRIAGE_REASON_DUPLICATE
          type: string
          description: |+
            Triage reason provided by the requester.

            | value | description |
            |-------|---------------|
            | FINDING_TRIAGE_REASON_FALSE_POSITIVE |  |
            | FINDING_TRIAGE_REASON_NO_TIME |  |
            | FINDING_TRIAGE_REASON_ACCEPTABLE_RISK |  |
            | FINDING_TRIAGE_REASON_NO_TRIAGE_REASON |  |
            | FINDING_TRIAGE_REASON_UNKNOWN |  |
            | FINDING_TRIAGE_REASON_DUPLICATE |  |

          format: enum
        requesterActionSource:
          enum:
            - FINDING_EXCEPTION_REQUEST_SOURCE_SCM_COMMENT
            - FINDING_EXCEPTION_REQUEST_SOURCE_SEMGREP_APPSEC_PLATFORM
            - FINDING_EXCEPTION_REQUEST_SOURCE_API
          type: string
          description: |+
            Source system that originated the request.

            | value | description |
            |-------|---------------|
            | FINDING_EXCEPTION_REQUEST_SOURCE_SCM_COMMENT |  |
            | FINDING_EXCEPTION_REQUEST_SOURCE_SEMGREP_APPSEC_PLATFORM |  |
            | FINDING_EXCEPTION_REQUEST_SOURCE_API |  |

          format: enum
        reviewerLogin:
          type: string
          description: >-
            Login of the reviewer. Only populated when exception_state is
            APPROVED or REJECTED.
        requestId:
          type: string
          description: Unique identifier for this exception request.
        reviewId:
          type: string
          description: Unique identifier for this exception review.
        issueId:
          type: string
          description: ID of the issue this exception request applies to.
        createdAt:
          type: string
          description: The timestamp when the exception request was created.
          format: date-time
        reviewedAt:
          type: string
          description: When the exception request was last reviewed.
          format: date-time
      description: |-
        A summary of the exception request state for a finding, shaped for the
         findings list UI. Only returned when include_exception_request_info is true.
    protos.issues.v1.Issue_PrimaryRefItem:
      type: object
      properties:
        id:
          type: string
        ref:
          type: string
    protos.ai.v1.AutotriageFeedback:
      type: object
      properties:
        autotriageId:
          type: string
        rating:
          enum:
            - RATING_GOOD
            - RATING_BAD
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | RATING_GOOD | Autotriage rated positively by a user. |
            | RATING_BAD | Autotriage rated negatively by a user. |

          format: enum
        note:
          type: string
    protos.issues.v1.DataflowTrace_Location:
      type: object
      properties:
        path:
          type: string
        start:
          $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Position'
        end:
          $ref: '#/components/schemas/protos.issues.v1.DataflowTrace_Position'
        locationUrl:
          type: string
    protos.issues.v1.ActivityHistoryEvent_ExceptionRequestDetails:
      type: object
      properties:
        actionSource:
          enum:
            - FINDING_EXCEPTION_REQUEST_SOURCE_SCM_COMMENT
            - FINDING_EXCEPTION_REQUEST_SOURCE_SEMGREP_APPSEC_PLATFORM
            - FINDING_EXCEPTION_REQUEST_SOURCE_API
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | FINDING_EXCEPTION_REQUEST_SOURCE_SCM_COMMENT |  |
            | FINDING_EXCEPTION_REQUEST_SOURCE_SEMGREP_APPSEC_PLATFORM |  |
            | FINDING_EXCEPTION_REQUEST_SOURCE_API |  |

          format: enum
    protos.ai.v1.Autofix:
      type: object
      properties:
        id:
          type: string
          description: The database id of the autofix
        fixCode:
          type: string
          description: |-
            The code to fix the issue
             This is the entire code block that is already fixed
        fixDiff:
          type: string
          description: |-
            The diff to fix the issue
             This is the diff to apply to the vulnerable code to fix the issue
        explanation:
          type: string
          description: |-
            The explanation of the autofix
             The model may explain additional context about the autofix that it is unable to
             Fix inside the limitations of a single diff, e.g. changes in another file or
             environment variables
        url:
          type: string
          description: The url to the autofix pr/mr comment
    protos.ai.v1.Guidance:
      type: object
      properties:
        id:
          type: string
          description: The database id of the guidance
        summary:
          type: string
          description: The summary of the guidance_text
        guidanceText:
          type: string
          description: The step by step instructions on how to fix the issue
        memoryIdsUsed:
          type: array
          items:
            type: string
          description: The IDs of memories that were used to generate this guidance
    protos.issues.v1.ScaAttributes_FoundDependency:
      type: object
      properties:
        package:
          type: string
          description: Name of the dependency's package
        version:
          type: string
          description: The Version of the dependency
        transitivity:
          enum:
            - UNKNOWN_TRANSITIVITY
            - TRANSITIVE
            - DIRECT
          type: string
          description: >+
            The transitivity (whether or not a dependency is directly imported
            into a project) of the dependency


            | value | description |

            |-------|---------------|

            | UNKNOWN_TRANSITIVITY |  |

            | TRANSITIVE |  |

            | DIRECT |  |

          format: enum
        lockfileLineUrl:
          type: string
          description: >-
            The URL (on the SCM) to the line in the lockfile at which the
            dependency is defined (might not exist if the dependency was
            surfaced in a non SCM context)
        filePath:
          type: string
          description: >-
            The relative path (from the project root) to the lockfile in which
            the dependency is defined
        ecosystem:
          enum:
            - no_package_manager
            - npm
            - pypi
            - gomod
            - cargo
            - maven
            - gem
            - composer
            - nuget
            - pub
            - swiftpm
            - hex
            - cocoapods
            - mix
            - opam
          type: string
          description: >+
            Package ecosystem (enum defined in sca/vi/sca.proto) to which the
            dependency belongs


            | value | description |

            |-------|---------------|

            | no_package_manager |  |

            | npm |  |

            | pypi |  |

            | gomod |  |

            | cargo |  |

            | maven |  |

            | gem |  |

            | composer |  |

            | nuget |  |

            | pub |  |

            | swiftpm |  |

            | hex |  |

            | cocoapods |  |

            | mix |  |

            | opam |  |

          format: enum
        manifestFilePath:
          type: string
          description: >-
            The relative path (from the project root) to the manifest file which
            defines the subproject which the dependency is part of
    protos.issues.v1.ScaAttributes_FixRecommendation:
      type: object
      properties:
        package:
          type: string
        version:
          type: string
    protos.sca.v1.EpssScore:
      type: object
      properties:
        score:
          type: number
          format: float
        percentile:
          type: number
          format: float
        updatedAt:
          type: string
          format: date-time
        categorization:
          enum:
            - EPSS_PROBABILITY_LOW
            - EPSS_PROBABILITY_MEDIUM
            - EPSS_PROBABILITY_HIGH
            - EPSS_PROBABILITY_NONE
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | EPSS_PROBABILITY_LOW |  |
            | EPSS_PROBABILITY_MEDIUM |  |
            | EPSS_PROBABILITY_HIGH |  |
            | EPSS_PROBABILITY_NONE |  |

          format: enum
      description: >-
        Represents a single "Exploit Prediction Scoring System" score
        (https://www.first.org/epss/)
    protos.issues.v1.ScaAttributes_ScaMatchInfo:
      type: object
      properties:
        matchKind:
          enum:
            - SCA_MATCH_KIND_LOCKFILE_ONLY
            - SCA_MATCH_KIND_DIRECT_REACHABLE
            - SCA_MATCH_KIND_DIRECT_UNREACHABLE
            - SCA_MATCH_KIND_TRANSITIVE_REACHABLE
            - SCA_MATCH_KIND_TRANSITIVE_UNREACHABLE
            - SCA_MATCH_KIND_TRANSITIVE_UNDETERMINED
          type: string
          description: |+

            | value | description |
            |-------|---------------|
            | SCA_MATCH_KIND_LOCKFILE_ONLY |  |
            | SCA_MATCH_KIND_DIRECT_REACHABLE |  |
            | SCA_MATCH_KIND_DIRECT_UNREACHABLE |  |
            | SCA_MATCH_KIND_TRANSITIVE_REACHABLE |  |
            | SCA_MATCH_KIND_TRANSITIVE_UNREACHABLE |  |
            | SCA_MATCH_KIND_TRANSITIVE_UNDETERMINED |  |

          format: enum
        analyzedPackages:
          type: array
          items:
            $ref: >-
              #/components/schemas/protos.issues.v1.ScaAttributes_FoundDependency
        transitiveMatches:
          type: array
          items:
            $ref: '#/components/schemas/protos.issues.v1.ScaMatchInfo_TransitiveMatch'
    protos.issues.v1.ScaAttributes_IntroducingDependency:
      type: object
      properties:
        package:
          type: string
        version:
          type: string
      description: >-
        A direct dependency that pulls in a transitive dependency, making it
        part of the dependency tree.
    protos.secrets.v1.HistoricalInfo:
      type: object
      properties:
        gitCommit:
          type: string
          description: >-
            Git commit at which the finding is present. Used by "historical"
            scans,
             which scan non-HEAD commits in the git history. Relevant for finding, e.g.,
             secrets which are buried in the git history which we wouldn't find at HEAD
        gitCommitTimestamp:
          type: string
          format: date-time
        gitBlob:
          type: string
          description: >-
            Git blob at which the finding is present. Sent in addition to the
            commit
             since some SCMs have permalinks which use the blob sha, so this information
             is useful when generating links back to the SCM.
    protos.issues.v1.DataflowTrace_Position:
      type: object
      properties:
        line:
          type: string
        col:
          type: string
        offset:
          type: string
    protos.issues.v1.ScaMatchInfo_TransitiveMatch:
      type: object
      properties:
        dependency:
          $ref: '#/components/schemas/protos.issues.v1.ScaAttributes_FoundDependency'
        path:
          type: string
        line:
          type: string
  securitySchemes:
    SemgrepWebToken:
      type: http
      description: >-
        Get access to data with your API token. Example header:


        `Authorization: Bearer
        2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628`


        The token can be provisioned from the Tokens section in your Settings,
        and requires explicitly enabling `Web API` access.
      scheme: bearer
      bearerFormat: string
    SemgrepJWT:
      type: http
      description: Get access to data with your user's JSON Web Token.
      scheme: bearer
      bearerFormat: string

````