/v2/issues

get

https://app.fossa.com/api/v2/issues

Retrieve multiple issues

Query Params

csv

boolean

Retrieves issues as a CSV

includeDirectDependencyOriginPaths

boolean

Include origin paths for the direct dependency responsible for including the revision(s) affected by this issue

category

string

enum

required

Issue category

Allowed:

status

string

enum

Issue status

Allowed:

scope[type]

string

enum

required

Scope of issues to view / update

Allowed:

scope[id]

string

Project or release group ID (required when scope[type] is "project" or "releaseGroup")

scope[revision]

string

Revision ID (when scope[type] is "project")

scope[revisionScanId]

int32

Revision scan ID (when scope[type] is "project")

scope[release]

string

Release group ID (when scope[type] is "releaseGroup")

scope[releaseScanId]

string

Release scan ID (when scope[type] is "releaseGroup")

scope[compareTo][revision]

string

The revision ID to compare issues with. Only available for Project Scope.

scope[compareTo][changeStatus]

string

enum

The status of issues to fetch when comparing issues. - New issues are present in the current revision but not in the comparison revision. - Remediated issues are present in the comparison revision but not in the current revision. - Unchanged issues are present in both revisions. Only available for Project Scope.

Allowed:

ids[]

array of integers

Filter by specific issue IDs

ids[]

filter[revisionIds][]

array of strings

Filter by specific revision IDs

filter[revisionIds][]

filter[search]

string

Filter by package name or CVE (when category is "vulnerability")

filter[depths][]

array of strings

Filter by issue depth

filter[depths][]

filter[ticketed][]

array of strings

Filter by ticketed status. Only available to premium users.

filter[ticketed][]

filter[containerLayers][]

array of strings

Filter by container layer

filter[containerLayers][]

filter[type][]

Filter by licensing issue type (when category is "licensing") or quality issue type (when category is "quality")

filter[packageManagers][]

array of strings

Filter by specific package managers

filter[packageManagers][]

filter[cwes][]

array of strings

Filter by specific CWE identifiers

filter[cwes][]

filter[projectLabels][]

array of strings

Filter by specific project labels

filter[projectLabels][]

filter[identification][]

array of strings

Filter by license identification (when category is "licensing")

filter[identification][]

filter[severity][]

array of strings

Filter by vuln severity (when category is "vulnerability")

filter[severity][]

filter[severitySource][]

array of strings

Filter by severity source (when category is "vulnerability"). Use 'standard' to filter by CVSS score, 'custom' to filter by custom risk score. When both are provided, issues matching either source are returned. Defaults to 'standard' when not provided. Custom risk score filtering requires the Custom Risk Scores feature to be enabled and a non-global scope.

filter[severitySource][]

filter[foundBefore]

date-time

Include only issues found on before a given ISO timestamp. Only available to premium users

filter[foundAfter]

date-time

Include only issues found on after a given ISO timestamp. Only available to premium users

filter[hasFix][]

array of strings

Filter by vuln fixability (when category is "vulnerability")

filter[hasFix][]

filter[upgradeDistance][]

array of strings

Filter by vuln upgrade distance (when category is "vulnerability")

filter[upgradeDistance][]

filter[exploitMaturity][]

array of strings

Filter by vuln exploit maturity (when category is "vulnerability")

filter[exploitMaturity][]

filter[ignoreReason][]

array of strings

Filter by vuln ignore reason (when category is "vulnerability") This value appears in the vulnerabilities.analysis.detail field in CycloneDX SBOM reports

filter[ignoreReason][]

filter[epss]

object

Filter by epss 'score' or 'percentile'. All fields are required. Only available to premium users.

filter[confidence][]

array of strings

Filter issues by their binary dependency confidence level(s)

filter[confidence][]

filter[issueSource][]

Filter by issue source. Use 'dependency' and 'snippet' to filter by whether the issue comes from a dependency or a code snippet. When the vendored dependency detection feature is enabled, use 'managed-dependency' and 'vendored-dependency' to filter dependency issues by whether the dependency is managed or vendored.

sort

string

enum

Sort by package name, when the issue was created, or severity (when category is "vulnerability")

page

integer

≥ 1

Defaults to 1

The specific page of data to return

count

integer

1 to 1000

Defaults to 20

The number of items to return in each page of results

Responses

200Vulnerability, licensing, or quality issues response

202Empty results with a message indicating the scoped project's build status

400Bad Request

403Forbidden

406Not Acceptable

500Server Error