Update Issues
https://app.fossa.com/api/v2/issuesApply actions to the current selection of issues or set of applied filters. Note that Issue Exports are only allowed for premium users.
Query parameters
categoryenumrequiredIssue category
licensingvulnerabilityqualitystatusenumIssue status
activeignoredscope[type]enumrequiredScope of issues to view / update
globalprojectreleaseGroupscope[id]stringProject or release group ID (required when scope[type] is "project" or "releaseGroup")
scope[revision]stringRevision ID (when scope[type] is "project")
scope[revisionScanId]integer <int32>Revision scan ID (when scope[type] is "project")
scope[release]stringRelease group ID (when scope[type] is "releaseGroup")
scope[releaseScanId]stringRelease scan ID (when scope[type] is "releaseGroup")
scope[compareTo][revision]stringThe revision ID to compare issues with. Only available for Project Scope.
scope[compareTo][changeStatus]enumThe status of issues to fetch when comparing issues. - New issues are present in the current revision but not in the comparison revision. - Remediated issues are present in the comparison revision but not in the current revision. - Unchanged issues are present in both revisions. Only available for Project Scope.
newremediatedunchangedids[]integer[]Filter by specific issue IDs
filter[revisionIds][]string[]Filter by specific revision IDs
filter[search]stringFilter by package name or CVE (when category is "vulnerability")
filter[depths][]enum[]Filter by issue depth
filter[ticketed][]enum[]Filter by ticketed status. Only available to premium users.
filter[containerLayers][]enum[]Filter by container layer
filter[type][]enum[]Filter by licensing issue type (when category is "licensing") or quality issue type (when category is "quality")
filter[packageManagers][]string[]Filter by specific package managers
filter[projectLabels][]string[]Filter by specific project labels
filter[identification][]enum[]Filter by license identification (when category is "licensing")
filter[severity][]enum[]Filter by vuln severity (when category is "vulnerability")
filter[severitySource][]enum[]Filter by severity source (when category is "vulnerability"). Use 'standard' to filter by CVSS score, 'custom' to filter by custom risk score. When both are provided, issues matching either source are returned. Defaults to 'standard' when not provided. Custom risk score filtering is not available for global scope.
filter[foundAfter]string <date-time>Include only issues found on after a given ISO timestamp. Only available to premium users
filter[hasFix][]enum[]Filter by vuln fixability (when category is "vulnerability")
filter[upgradeDistance][]enum[]Filter by vuln upgrade distance (when category is "vulnerability")
filter[exploitMaturity][]enum[]Filter by vuln exploit maturity (when category is "vulnerability")
filter[ignoreReason][]enum[]Filter by vuln ignore reason (when category is "vulnerability") This value appears in the vulnerabilities.analysis.detail field in CycloneDX SBOM reports
filter[licenses][]string[]Filter by issues affected by a set of license ID's (when category is "licensing")
filter[confidence][]enum[]Filter issues by their binary dependency confidence level(s)
filter[issueSource][]enum[]Filter by issue source. Use 'dependency' and 'snippet' to filter by whether the issue comes from a dependency or a code snippet. When the vendored dependency detection feature is enabled, use 'managed-dependency' and 'vendored-dependency' to filter dependency issues by whether the dependency is managed or vendored.
filter[cvssAttackVector][]enum[]Filter by CVSS attack vector (when category is "vulnerability")
filter[cvssAttackComplexity][]enum[]Filter by CVSS attack complexity (when category is "vulnerability"). For CVSS v4, this includes the Attack Requirements (AT) metric.
filter[cvssPrivilegesRequired][]enum[]Filter by CVSS privileges required (when category is "vulnerability")
teamIdstring | string[] | enumFilter issues by one or more team IDs. Accepts a single team ID, an array of team IDs, or the literal string `"null"` to scope to unassigned projects. Requires the `View` permission on each requested team; otherwise the request is rejected with a `403`. Ignored for organizations on the free tier.
Request body · application/json
Responses
200Count of affected issuescountinteger400Bad RequestuuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
403ForbiddenuuidstringUnique identifier associated with the error
codeintegerfossa specific error code
messagestringmessage associated with this error
namestringname of the error
httpStatusCodeintegerhttp status code number
Try this endpoint
Build a request and run it against app.fossa.com.
Stored in this browser for 24 hours. Try It uses a docs proxy for CORS and does not store tokens server-side.
PUT https://app.fossa.com/api/v2/issuescurl --request PUT \ --url 'https://app.fossa.com/api/v2/issues' \ --header 'accept: application/json' \ --header 'authorization: Bearer YOUR_API_TOKEN' \ --header 'content-type: application/json' \ --data '{ "type": "ignore", "notes": "string", "reason": "string"}'Real request. Mutating methods can change data.
Query params
categoryenumrequiredIssue category
statusenumIssue status
scope[type]enumrequiredScope of issues to view / update
scope[id]stringProject or release group ID (required when scope[type] is "project" or "releaseGroup")
scope[revision]stringRevision ID (when scope[type] is "project")
scope[revisionScanId]integerRevision scan ID (when scope[type] is "project")
scope[release]stringRelease group ID (when scope[type] is "releaseGroup")
scope[releaseScanId]stringRelease scan ID (when scope[type] is "releaseGroup")
scope[compareTo][revision]stringThe revision ID to compare issues with. Only available for Project Scope.
scope[compareTo][changeStatus]enumThe status of issues to fetch when comparing issues. - New issues are present in the current revision but not in the comparison revision. - Remediated issues are present in the comparison revision but not in the current revision. - Unchanged issues are present in both revisions. Only available for Project Scope.
ids[]arrayFilter by specific issue IDs
filter[revisionIds][]arrayFilter by specific revision IDs
filter[search]stringFilter by package name or CVE (when category is "vulnerability")
filter[depths][]arrayFilter by issue depth
filter[ticketed][]arrayFilter by ticketed status. Only available to premium users.
filter[containerLayers][]arrayFilter by container layer
filter[type][]stringFilter by licensing issue type (when category is "licensing") or quality issue type (when category is "quality")
filter[packageManagers][]arrayFilter by specific package managers
filter[projectLabels][]arrayFilter by specific project labels
filter[identification][]arrayFilter by license identification (when category is "licensing")
filter[severity][]arrayFilter by vuln severity (when category is "vulnerability")
filter[severitySource][]arrayFilter by severity source (when category is "vulnerability"). Use 'standard' to filter by CVSS score, 'custom' to filter by custom risk score. When both are provided, issues matching either source are returned. Defaults to 'standard' when not provided. Custom risk score filtering is not available for global scope.
filter[foundAfter]stringInclude only issues found on after a given ISO timestamp. Only available to premium users
filter[hasFix][]arrayFilter by vuln fixability (when category is "vulnerability")
filter[upgradeDistance][]arrayFilter by vuln upgrade distance (when category is "vulnerability")
filter[exploitMaturity][]arrayFilter by vuln exploit maturity (when category is "vulnerability")
filter[ignoreReason][]arrayFilter by vuln ignore reason (when category is "vulnerability") This value appears in the vulnerabilities.analysis.detail field in CycloneDX SBOM reports
filter[licenses][]arrayFilter by issues affected by a set of license ID's (when category is "licensing")
filter[confidence][]arrayFilter issues by their binary dependency confidence level(s)
filter[issueSource][]stringFilter by issue source. Use 'dependency' and 'snippet' to filter by whether the issue comes from a dependency or a code snippet. When the vendored dependency detection feature is enabled, use 'managed-dependency' and 'vendored-dependency' to filter dependency issues by whether the dependency is managed or vendored.
filter[cvssAttackVector][]arrayFilter by CVSS attack vector (when category is "vulnerability")
filter[cvssAttackComplexity][]arrayFilter by CVSS attack complexity (when category is "vulnerability"). For CVSS v4, this includes the Attack Requirements (AT) metric.
filter[cvssPrivilegesRequired][]arrayFilter by CVSS privileges required (when category is "vulnerability")
teamIdstringFilter issues by one or more team IDs. Accepts a single team ID, an array of team IDs, or the literal string `"null"` to scope to unassigned projects. Requires the `View` permission on each requested team; otherwise the request is rejected with a `403`. Ignored for organizations on the free tier.