Back
Semgrep
Description
Plugin for Semgrep. A plugin for scanning your code with Semgrep for security, correctness, and performance issues.
Details
https://semgrep.dev/.well-known/ai-plugin.json
{
"schema_version": "v1",
"name_for_human": "Semgrep Plugin",
"name_for_model": "Semgrep",
"description_for_human": "Plugin for Semgrep. A plugin for scanning your code with Semgrep for security, correctness, and performance issues.",
"description_for_model": "Plugin for Semgrep. A plugin for scanning your code with Semgrep for security, correctness, and performance issues.",
"auth": {
"type": "user_http",
"authorization_type": "bearer"
},
"api": {
"type": "openapi",
"url": "https://semgrep.dev/api/v1/openapi.yaml",
"is_user_authenticated": true
},
"logo_url": "https://semgrep.dev/logo.png",
"contact_email": "support@semgrep.dev",
"legal_info_url": "https://semgrep.dev/terms"
}https://semgrep.dev/api/v1/openapi.yaml
components:
securitySchemes:
SemgrepWebToken:
bearerFormat: string
description: |
Get access to data with your user-specific auth token. Example header:
`Authorization: bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628`
The token can be provisioned in your settings, and requires explicitly enabling API access.
scheme: bearer
type: http
x-bearerInfoFunc: semgrep_app.controllers.auth.connexion_auth
info:
contact:
email: support@semgrep.com
description: |
Welcome to Semgrep's portal for Semgrep web API.
# Introduction
Semgrep is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor,
commit, and CI time. [Get started.](https://semgrep.dev/docs/getting-started/)
Semgrep analyzes code locally on your computer or in your build environment: **code is never uploaded.**
This API is documented in the **OpenAPI format**. The API requires a
[Team tier account](https://semgrep.dev/pricing/), with the subsequent API token provisioned in your settings.
# Authentication
We currently support authentication with your API token, without limited scopes of access.
You can provision an access token [from the Settings page.](https://semgrep.dev/orgs/-/settings/tokens)
license:
name: Apache 2.0
url: http://www.apache.org/licenses/LICENSE-2.0.html
title: Semgrep Web App
version: 1.0.0
x-logo:
altText: Semgrep logo
backgroundColor: '#fafafa'
url: https://semgrep.dev/images/SemgrepLogoWithTextWithMargin.svg
openapi: 3.0.2
paths:
/deployments:
get:
description: |
Request the deployments your auth can access.
Currently available auth scope does not extend over more than 1 deployment. This endpoint
returns that single deployment your token can access. The endpoint additionally returns
links towards related resources available on this web API.
[WIP] This endpoint is being actively worked upon, caveat emptor. We will avoid breaking
the interface in disruptive ways, but you might be contacted to update your implementation
in a relatively short timeline.
operationId: semgrep_app.saas.handlers.deployment.openapi_list_deployments
responses:
'200':
content:
application/json:
schema:
description: Encapsulation object for deployments and any of their
meta information.
properties:
deployments:
items:
additionalProperties: false
description: |
Deployment record, with relevant meta-data and further accesses.
properties:
findings:
additionalProperties: false
description: |
Reference to another endpoint, ready for usage. Integrated to make real-time API exploration easier for clients.
It's an alternative to constructing your own API strings, and can be relied upon to resolve.
properties:
url:
description: URL that the reference is pointing to.
example: https://semgrep.dev/api/v1/deployments/123/findings
type: string
required:
- url
type: object
id:
description: Unique numerical identifier of the policy.
example: 120
type: number
name:
description: Human readable name.
example: Your Deployment
type: string
slug:
description: Sanitized machine-readable name. Used as primary
identifier through the web API.
example: your-deployment
type: string
required:
- slug
- id
- name
type: object
type: array
type: object
description: Return the deployment the supplied auth can access.
security:
- SemgrepWebToken:
- webapi
summary: List deployments
tags:
- Deployment
/deployments/{deploymentId}/dependencies:
post:
operationId: semgrep_app.products.sca.handlers.dependency.list_dependencies_conexxion
parameters:
- description: Deployment id. See /settings page for your deployment id
explode: false
in: path
name: deploymentId
required: true
schema:
format: int64
type: string
style: simple
requestBody:
content:
application/json:
schema:
properties:
cursor:
description: Use cursor in response to get next page of results.
format: uint64
type: string
dependencyFilter:
properties:
ecosystem:
description: Filter by ecosystem (e.g. npm, pypi, etc).
items:
default: no_package_manager
enum:
- no_package_manager
- npm
- pypi
- gomod
- cargo
- maven
- gem
- composer
- nuget
- pub
type: string
type: array
license:
description: Filter by license (e.g. MIT).
items:
type: string
type: array
licensePolicySetting:
default: LICENSE_POLICY_SETTING_UNSPECIFIED
enum:
- LICENSE_POLICY_SETTING_UNSPECIFIED
- LICENSE_POLICY_SETTING_ALLOW
- LICENSE_POLICY_SETTING_COMMENT
- LICENSE_POLICY_SETTING_BLOCK
type: string
lockfilePath:
description: Filter by path to the lockfile (e.g. foo/bar/package-lock.json).
type: string
name:
description: Filter by dependency name (e.g. lodash).
type: string
repositoryId:
description: Filter by repository ids, use Project endpoint
to query by name and get id.
items:
format: int64
type: integer
type: array
transitivity:
description: Filter by transitivity.
items:
default: UNKNOWN_TRANSITIVITY
enum:
- UNKNOWN_TRANSITIVITY
- TRANSITIVE
- DIRECT
type: string
type: array
version:
description: Filter by dependency version (e.g. 1.0.1).
type: string
type: object
pageSize:
description: 'Number of dependencies per page, defaults to 1000
(min: 1, max 10000).'
format: int64
type: integer
type: object
required: true
responses:
'200':
content:
application/json:
schema:
properties:
cursor:
description: Pass to next request to get next page of results.
format: uint64
type: string
dependencies:
items:
properties:
definedAt:
description: Specific location in a file.
properties:
committedAt:
description: Timestamp of when code file was last modified,
if available.
format: date-time
type: string
endCol:
description: Ending column number (1 indexed).
format: uint64
type: string
endLine:
description: Ending line number (1 indexed).
format: uint64
type: string
path:
description: Path to a file.
type: string
startCol:
description: Starting column number (1 indexed).
format: uint64
type: string
startLine:
description: Starting line number (1 indexed).
format: uint64
type: string
url:
description: URL to code location if available, otherwise
empty.
type: string
type: object
ecosystem:
default: no_package_manager
enum:
- no_package_manager
- npm
- pypi
- gomod
- cargo
- maven
- gem
- composer
- nuget
- pub
type: string
licenses:
description: Licenses the dependency is using.
items:
type: string
type: array
package:
description: A specific dependency.
properties:
name:
title: String identifier of dependency
type: string
versionSpecifier:
description: Version specifier of dependency.
type: string
type: object
pathToTransitivity:
description: 'WIP: chain of dependencies that brought in
this transitive dependency.'
items:
description: A specific dependency.
properties:
name:
title: String identifier of dependency
type: string
versionSpecifier:
description: Version specifier of dependency.
type: string
type: object
type: array
repositoryId:
description: ID of repository dependency is found in.
format: uint64
type: string
transitivity:
default: UNKNOWN_TRANSITIVITY
enum:
- UNKNOWN_TRANSITIVITY
- TRANSITIVE
- DIRECT
type: string
type: object
type: array
hasMore:
description: True if there are more pages of dependencies to get.
type: boolean
type: object
description: A successful response.
default:
content:
application/json:
schema:
properties:
code:
format: int32
type: integer
details:
items:
additionalProperties:
type: object
description: |-
`Any` contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: |-
A URL/resource name that uniquely identifies the type of the serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they
expect it to use in the context of Any. However, for URLs which use the
scheme `http`, `https`, or no scheme, one can optionally set up a type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
type: array
message:
type: string
type: object
description: An unexpected error response.
security:
- SemgrepWebToken:
- webapi
summary: List dependencies
tags:
- SupplyChainService
x-codegen-request-body-name: body
/deployments/{deploymentId}/dependencies/repositories:
post:
operationId: semgrep_app.products.sca.handlers.dependency.list_repositories_for_dependencies_conexxion
parameters:
- description: deployment id. See /settings page for your deployment id
explode: false
in: path
name: deploymentId
required: true
schema:
format: uint64
type: string
style: simple
requestBody:
content:
application/json:
schema:
properties:
cursor:
description: Use cursor in response to get next page of results.
format: int64
type: integer
dependencyFilter:
properties:
ecosystem:
description: Filter by ecosystem (e.g. npm, pypi, etc).
items:
default: no_package_manager
enum:
- no_package_manager
- npm
- pypi
- gomod
- cargo
- maven
- gem
- composer
- nuget
- pub
type: string
type: array
license:
description: Filter by license (e.g. MIT).
items:
type: string
type: array
licensePolicySetting:
default: LICENSE_POLICY_SETTING_UNSPECIFIED
enum:
- LICENSE_POLICY_SETTING_UNSPECIFIED
- LICENSE_POLICY_SETTING_ALLOW
- LICENSE_POLICY_SETTING_COMMENT
- LICENSE_POLICY_SETTING_BLOCK
type: string
lockfilePath:
description: Filter by path to the lockfile (e.g. foo/bar/package-lock.json).
type: string
name:
description: Filter by dependency name (e.g. lodash).
type: string
repositoryId:
description: Filter by repository ids, use Project endpoint
to query by name and get id.
items:
format: int64
type: integer
type: array
transitivity:
description: Filter by transitivity.
items:
default: UNKNOWN_TRANSITIVITY
enum:
- UNKNOWN_TRANSITIVITY
- TRANSITIVE
- DIRECT
type: string
type: array
version:
description: Filter by dependency version (e.g. 1.0.1).
type: string
type: object
pageSize:
description: 'Number of repositories per page, defaults to 5 (min:
1, max 100).'
format: int64
type: integer
type: object
required: true
responses:
'200':
content:
application/json:
schema:
properties:
cursor:
description: Pass to next request to get next page of results.
format: int64
type: integer
hasMore:
description: True if there are more repositories to get.
type: boolean
repositorySummaries:
items:
properties:
id:
description: ID of repository.
format: int64
type: integer
name:
description: Name of repository.
type: string
numDependencies:
description: Total number of dependencies in the repository.
format: int64
type: integer
type: object
type: array
type: object
description: A successful response.
default:
content:
application/json:
schema:
properties:
code:
format: int32
type: integer
details:
items:
additionalProperties:
type: object
description: |-
`Any` contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: |-
A URL/resource name that uniquely identifies the type of the serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they
expect it to use in the context of Any. However, for URLs which use the
scheme `http`, `https`, or no scheme, one can optionally set up a type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
type: array
message:
type: string
type: object
description: An unexpected error response.
security:
- SemgrepWebToken:
- webapi
summary: List repositories with dependencies
tags:
- SupplyChainService
x-codegen-request-body-name: body
/deployments/{deploymentId}/dependencies/repositories/{repositoryId}/lockfiles:
post:
operationId: semgrep_app.products.sca.handlers.dependency.list_lockfiles_for_dependencies_conexxion
parameters:
- description: deployment id. See /settings page for your deployment id.
explode: false
in: path
name: deploymentId
required: true
schema:
format: uint64
type: string
style: simple
- description: Repository ID, use Project endpoint to query by name and get
id.
explode: false
in: path
name: repositoryId
required: true
schema:
format: uint64
type: string
style: simple
requestBody:
content:
application/json:
schema:
properties:
cursor:
description: Use cursor in response to get next page of results.
type: string
dependencyFilter:
properties:
ecosystem:
description: Filter by ecosystem (e.g. npm, pypi, etc).
items:
default: no_package_manager
enum:
- no_package_manager
- npm
- pypi
- gomod
- cargo
- maven
- gem
- composer
- nuget
- pub
type: string
type: array
license:
description: Filter by license (e.g. MIT).
items:
type: string
type: array
licensePolicySetting:
default: LICENSE_POLICY_SETTING_UNSPECIFIED
enum:
- LICENSE_POLICY_SETTING_UNSPECIFIED
- LICENSE_POLICY_SETTING_ALLOW
- LICENSE_POLICY_SETTING_COMMENT
- LICENSE_POLICY_SETTING_BLOCK
type: string
lockfilePath:
description: Filter by path to the lockfile (e.g. foo/bar/package-lock.json).
type: string
name:
description: Filter by dependency name (e.g. lodash).
type: string
repositoryId:
description: Filter by repository ids, use Project endpoint
to query by name and get id.
items:
format: int64
type: integer
type: array
transitivity:
description: Filter by transitivity.
items:
default: UNKNOWN_TRANSITIVITY
enum:
- UNKNOWN_TRANSITIVITY
- TRANSITIVE
- DIRECT
type: string
type: array
version:
description: Filter by dependency version (e.g. 1.0.1).
type: string
type: object
pageSize:
format: int64
title: 'Number of repositories per page, defaults to 5. (min: 1,
max: 100)'
type: integer
type: object
required: true
responses:
'200':
content:
application/json:
schema:
properties:
cursor:
description: Pass to next request to get next page of results.
type: string
hasMore:
description: True if there are more lockfiles to get.
type: boolean
lockfileSummaries:
items:
properties:
lockfilePath:
description: Path to lockfile (e.g. foo/bar/package-lock.json).
type: string
numDependencies:
description: Total number of dependencies in the lockfile.
format: int64
type: integer
type: object
type: array
type: object
description: A successful response.
default:
content:
application/json:
schema:
properties:
code:
format: int32
type: integer
details:
items:
additionalProperties:
type: object
description: |-
`Any` contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: |-
A URL/resource name that uniquely identifies the type of the serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they
expect it to use in the context of Any. However, for URLs which use the
scheme `http`, `https`, or no scheme, one can optionally set up a type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
type: array
message:
type: string
type: object
description: An unexpected error response.
security:
- SemgrepWebToken:
- webapi
summary: List lockfiles in a given repository with dependencies
tags:
- SupplyChainService
x-codegen-request-body-name: body
/deployments/{deploymentId}/secrets:
get:
operationId: semgrep_app.products.secrets.handlers.issue.list_issues_conexxion
parameters:
- description: ID of the deployment.
explode: false
in: path
name: deploymentId
required: true
schema:
format: uint64
type: string
style: simple
- description: Cursor to paginate through the results. Initializes as undefined.
explode: true
in: query
name: cursor
required: false
schema:
type: string
style: form
- description: Page size to paginate through the results
explode: true
in: query
name: limit
required: false
schema:
format: int64
type: integer
style: form
- description: Only get secrets created after this time
explode: true
in: query
name: since
required: false
schema:
format: date-time
type: string
style: form
- description: |-
Whether the finding was verified or not.
- VALIDATION_STATE_CONFIRMED_VALID: Secret has been tested and is confirmed valid.
- VALIDATION_STATE_CONFIRMED_INVALID: Secret has been tested and is confirmed invalid.
- VALIDATION_STATE_VALIDATION_ERROR: Secret test was attempted and there was an error.
- VALIDATION_STATE_NO_VALIDATOR: There is no validator for this secret.
explode: true
in: query
name: validationState
required: false
schema:
items:
enum:
- VALIDATION_STATE_UNSPECIFIED
- VALIDATION_STATE_CONFIRMED_VALID
- VALIDATION_STATE_CONFIRMED_INVALID
- VALIDATION_STATE_VALIDATION_ERROR
- VALIDATION_STATE_NO_VALIDATOR
type: string
type: array
style: form
- description: |-
Status of the finding (open, closed, fixed)
- FINDING_STATUS_OPEN: Finding is open and needs to be triaged
- FINDING_STATUS_IGNORED: Finding has been triaged and is being ignored
- FINDING_STATUS_FIXED: Finding has been fixed
- FINDING_STATUS_REMOVED: Finding has been removed
- FINDING_STATUS_UNKNOWN: Finding status is unknown
explode: true
in: query
name: status
required: false
schema:
default: FINDING_STATUS_UNSPECIFIED
enum:
- FINDING_STATUS_UNSPECIFIED
- FINDING_STATUS_OPEN
- FINDING_STATUS_IGNORED
- FINDING_STATUS_FIXED
- FINDING_STATUS_REMOVED
- FINDING_STATUS_UNKNOWN
type: string
style: form
- description: Severity of the finding.
explode: true
in: query
name: severity
required: false
schema:
items:
enum:
- SEVERITY_UNSPECIFIED
- SEVERITY_HIGH
- SEVERITY_MEDIUM
- SEVERITY_LOW
type: string
type: array
style: form
responses:
'200':
content:
application/json:
schema:
properties:
cursor:
description: Cursor to paginate through the results.
type: string
findings:
description: List of findings.
items:
description: A Finding represents a single secret finding.
properties:
confidence:
default: CONFIDENCE_UNSPECIFIED
enum:
- CONFIDENCE_UNSPECIFIED
- CONFIDENCE_HIGH
- CONFIDENCE_MEDIUM
- CONFIDENCE_LOW
type: string
createdAt:
description: Creation timestamp.
format: date-time
type: string
externalTicket:
properties:
externalSlug:
type: string
url:
type: string
type: object
findingPath:
description: File path where the finding was found.
type: string
findingPathUrl:
description: URL to the file where the finding was found.
type: string
id:
description: ID of the finding.
format: uint64
type: string
mode:
default: MODE_UNSPECIFIED
description: |-
- MODE_MONITOR: Monitor mode, silently report findings
- MODE_COMMENT: Comment mode, leaves PR comments but does not block
- MODE_BLOCK: Block mode, leaves PR comments and blocks PR
enum:
- MODE_UNSPECIFIED
- MODE_MONITOR
- MODE_COMMENT
- MODE_BLOCK
title: What reporting mode to use
type: string
ref:
description: Branch where the finding was found.
type: string
refUrl:
description: URL to the branch where the finding was found.
type: string
repository:
description: Repository where the finding was found.
properties:
name:
title: Repository name
type: string
scmType:
default: SCM_TYPE_UNSPECIFIED
description: |-
- SCM_TYPE_GITHUB: Github cloud
- SCM_TYPE_GITLAB: Gitlab cloud
enum:
- SCM_TYPE_UNSPECIFIED
- SCM_TYPE_GITHUB
- SCM_TYPE_GITLAB
- SCM_TYPE_GITHUB_ENTERPRISE
- SCM_TYPE_GITLAB_SELFMANAGED
- SCM_TYPE_BITBUCKET
- SCM_TYPE_AZURE_DEVOPS
- SCM_TYPE_UNKNOWN
title: Source code repository provider
type: string
url:
description: URL to the repository where the finding
was found.
type: string
visibility:
default: REPOSITORY_VISIBILITY_UNSPECIFIED
enum:
- REPOSITORY_VISIBILITY_UNSPECIFIED
- REPOSITORY_VISIBILITY_PUBLIC
- REPOSITORY_VISIBILITY_PRIVATE
- REPOSITORY_VISIBILITY_UNKNOWN
type: string
type: object
ruleHashId:
description: ID of the rule that triggered the finding.
type: string
severity:
default: SEVERITY_UNSPECIFIED
enum:
- SEVERITY_UNSPECIFIED
- SEVERITY_HIGH
- SEVERITY_MEDIUM
- SEVERITY_LOW
title: Severity type, used for Severity and Confidence
type: string
status:
default: FINDING_STATUS_UNSPECIFIED
description: |-
- FINDING_STATUS_OPEN: Finding is open and needs to be triaged
- FINDING_STATUS_IGNORED: Finding has been triaged and is being ignored
- FINDING_STATUS_FIXED: Finding has been fixed
- FINDING_STATUS_REMOVED: Finding has been removed
- FINDING_STATUS_UNKNOWN: Finding status is unknown
enum:
- FINDING_STATUS_UNSPECIFIED
- FINDING_STATUS_OPEN
- FINDING_STATUS_IGNORED
- FINDING_STATUS_FIXED
- FINDING_STATUS_REMOVED
- FINDING_STATUS_UNKNOWN
title: The current status of a finding
type: string
type:
description: Service type for the secrets finding. e.g.
AWS, GitHub, GitLab, etc.
type: string
updatedAt:
description: Update timestamp.
format: date-time
type: string
validationState:
default: VALIDATION_STATE_UNSPECIFIED
description: |2-
- VALIDATION_STATE_CONFIRMED_VALID: Secret has been tested and is confirmed valid.
- VALIDATION_STATE_CONFIRMED_INVALID: Secret has been tested and is confirmed invalid.
- VALIDATION_STATE_VALIDATION_ERROR: Secret test was attempted and there was an error.
- VALIDATION_STATE_NO_VALIDATOR: There is no validator for this secret.
enum:
- VALIDATION_STATE_UNSPECIFIED
- VALIDATION_STATE_CONFIRMED_VALID
- VALIDATION_STATE_CONFIRMED_INVALID
- VALIDATION_STATE_VALIDATION_ERROR
- VALIDATION_STATE_NO_VALIDATOR
type: string
type: object
type: array
previous:
description: Cursor to paginate backwards through the results.
type: string
title: GET response for the Secrets page list view
type: object
description: A successful response.
default:
content:
application/json:
schema:
properties:
code:
format: int32
type: integer
details:
items:
additionalProperties:
type: object
description: |-
`Any` contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: |-
A URL/resource name that uniquely identifies the type of the serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they
expect it to use in the context of Any. However, for URLs which use the
scheme `http`, `https`, or no scheme, one can optionally set up a type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
type: array
message:
type: string
type: object
description: An unexpected error response.
security:
- SemgrepWebToken:
- webapi
summary: List secrets
tags:
- SecretsService
/deployments/{deploymentId}/ssc-vulns:
post:
operationId: semgrep_app.products.sca.handlers.vulns.list_vulns_conexxion
parameters:
- explode: false
in: path
name: deploymentId
required: true
schema:
format: int64
type: string
style: simple
requestBody:
content:
application/json:
schema:
properties:
createdAfter:
description: Only get vulns created after this time.
format: date-time
type: string
cursor:
properties:
issueOffset:
format: uint64
type: string
vulnOffset:
format: uint64
type: string
type: object
exposure:
description: Exposure types to filter by.
items:
default: UNKNOWN_EXPOSURE
enum:
- UNKNOWN_EXPOSURE
- UNREACHABLE
- REACHABLE
type: string
type: array
pageSize:
description: 'Number of Vulnerabilities per page, defaults to 10
(min: 1, max 100).'
format: int64
type: integer
query:
title: Term to filter by
type: string
refs:
description: Only get vulns in these branches.
items:
type: string
type: array
repositoryId:
description: Repository id to filter by. Use Project endpoint to
query by name and get id.
format: uint64
type: string
severities:
description: Severities to filter by.
items:
default: UNKNOWN_SEVERITY
enum:
- UNKNOWN_SEVERITY
- LOW
- MEDIUM
- HIGH
- CRITICAL
type: string
type: array
statuses:
description: Statuses to filter by.
items:
default: UNKNOWN_STATUS
enum:
- UNKNOWN_STATUS
- NEW
- IN_PROGRESS
- IGNORED
- CLOSED
type: string
type: array
transitivities:
description: Transitivities to filter by.
items:
default: UNKNOWN_TRANSITIVITY
enum:
- UNKNOWN_TRANSITIVITY
- TRANSITIVE
- DIRECT
type: string
type: array
type: object
required: true
responses:
'200':
content:
application/json:
schema:
properties:
cursor:
properties:
issueOffset:
format: uint64
type: string
vulnOffset:
format: uint64
type: string
type: object
hasMore:
description: True if there are more vulns to get.
type: boolean
vulns:
items:
description: A vulnerability is an instance of a vulnerable
dependency:version in a lockfile.
properties:
advisory:
properties:
announcedAt:
description: Date the advisory was announced.
format: date-time
type: string
description:
description: Description for the vulnerability.
type: string
ecosystem:
default: no_package_manager
enum:
- no_package_manager
- npm
- pypi
- gomod
- cargo
- maven
- gem
- composer
- nuget
- pub
type: string
reachability:
default: UNKNOWN_RULE_TYPE
enum:
- UNKNOWN_RULE_TYPE
- VERSION_SPECIFIER
- REACHABILITY
- ALWAYS_REACHABLE
- MANUAL_REVIEW_REACHABLE
type: string
reachableIf:
description: |-
Conditions that if true would mean vulnerability applies.
set if reachability == MANUAL_REVIEW_REACHABLE
type: string
references:
properties:
cveIds:
items:
type: string
type: array
cweIds:
items:
type: string
type: array
owaspIds:
items:
type: string
type: array
urls:
items:
type: string
type: array
type: object
ruleId:
description: Unique identifier for the rule.
type: string
ruleText:
description: The text of the rule.
type: string
safeDependencies:
items:
description: A specific dependency.
properties:
name:
title: String identifier of dependency
type: string
versionSpecifier:
description: Version specifier of dependency.
type: string
type: object
title: Version specifiers of safe dependencies
type: array
severity:
default: UNKNOWN_SEVERITY
enum:
- UNKNOWN_SEVERITY
- LOW
- MEDIUM
- HIGH
- CRITICAL
type: string
title:
description: Human readable title for the vulnerability.
type: string
vulnerableDependencies:
description: Version specifiers of vulnerable dependencies.
items:
description: A specific dependency.
properties:
name:
title: String identifier of dependency
type: string
versionSpecifier:
description: Version specifier of dependency.
type: string
type: object
type: array
type: object
closestSafeDependency:
description: A specific dependency.
properties:
name:
title: String identifier of dependency
type: string
versionSpecifier:
description: Version specifier of dependency.
type: string
type: object
dependencyFileLocation:
description: Specific location in a file.
properties:
committedAt:
description: Timestamp of when code file was last modified,
if available.
format: date-time
type: string
endCol:
description: Ending column number (1 indexed).
format: uint64
type: string
endLine:
description: Ending line number (1 indexed).
format: uint64
type: string
path:
description: Path to a file.
type: string
startCol:
description: Starting column number (1 indexed).
format: uint64
type: string
startLine:
description: Starting line number (1 indexed).
format: uint64
type: string
url:
description: URL to code location if available, otherwise
empty.
type: string
type: object
exposureType:
default: UNKNOWN_EXPOSURE
enum:
- UNKNOWN_EXPOSURE
- UNREACHABLE
- REACHABLE
type: string
firstTriagedAt:
description: Date the vulnerability was first triaged.
format: date-time
type: string
groupKey:
title: generated from repository_id, subdirectory, and advisory.rule_id
type: string
matchedDependency:
description: A specific dependency.
properties:
name:
title: String identifier of dependency
type: string
versionSpecifier:
description: Version specifier of dependency.
type: string
type: object
openedAt:
description: Date the vulnerability was first found.
format: date-time
type: string
packageManager:
default: no_package_manager
enum:
- no_package_manager
- npm
- yarn
- pipenv
- poetry
- go
- cargo
- maven
- gem
- bundler
- composer
- nuget
- pub
type: string
repositoryId:
description: The repository_id where the vulnerability was
found.
format: uint64
type: string
repositoryName:
description: |-
Plaintext name of repository this vulnerability belongs to.
makes it easier to filter vulns by repo name
type: string
subdirectory:
description: Subdirectory where the vulnerability was found.
type: string
title:
description: Human readable title for the vulnerability.
type: string
transitivity:
default: UNKNOWN_TRANSITIVITY
enum:
- UNKNOWN_TRANSITIVITY
- TRANSITIVE
- DIRECT
type: string
triage:
properties:
dismissReason:
default: UNKNOWN_REASON
enum:
- UNKNOWN_REASON
- FALSE_POSITIVE
- ACCEPTABLE_RISK
- NO_TIME_TO_FIX
type: string
issueUrl:
type: string
prUrl:
type: string
status:
default: UNKNOWN_STATUS
enum:
- UNKNOWN_STATUS
- NEW
- IN_PROGRESS
- IGNORED
- CLOSED
type: string
type: object
usages:
description: |-
Direct usages of the dependency in code.
only defined if exposure_type == REACHABLE
items:
properties:
externalTicket:
properties:
externalSlug:
type: string
url:
type: string
type: object
findingId:
format: uint64
type: string
location:
description: Specific location in a file.
properties:
committedAt:
description: Timestamp of when code file was last
modified, if available.
format: date-time
type: string
endCol:
description: Ending column number (1 indexed).
format: uint64
type: string
endLine:
description: Ending line number (1 indexed).
format: uint64
type: string
path:
description: Path to a file.
type: string
startCol:
description: Starting column number (1 indexed).
format: uint64
type: string
startLine:
description: Starting line number (1 indexed).
format: uint64
type: string
url:
description: URL to code location if available,
otherwise empty.
type: string
type: object
type: object
type: array
type: object
type: array
type: object
description: A successful response.
default:
content:
application/json:
schema:
properties:
code:
format: int32
type: integer
details:
items:
additionalProperties:
type: object
description: |-
`Any` contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: |-
A URL/resource name that uniquely identifies the type of the serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they
expect it to use in the context of Any. However, for URLs which use the
scheme `http`, `https`, or no scheme, one can optionally set up a type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
type: array
message:
type: string
type: object
description: An unexpected error response.
security:
- SemgrepWebToken:
- webapi
summary: List supply chain vulnerabilities
tags:
- SupplyChainService
x-codegen-request-body-name: body
/deployments/{deployment_slug}/findings:
get:
description: |
Request the list of findings in an organization, paginated in pages of 100 entries and limited
by the `since` timestamp.
operationId: semgrep_app.core_exp.findings.handlers.issue.openapi_list_recent_issues
parameters:
- description: Slug of the deployment name. Can be found at `/deployments`,
or via the web UI.
example: your-deployment
in: path
name: deployment_slug
required: true
schema:
type: string
- description: What timestamp should the results start at? If not specified,
returns results from all timestamps.
example: 1636942398.45
in: query
name: since
required: false
schema:
type: number
- description: Which page of the results do you require? If not specified, returns
first page. Pages are numbered from zero (0).
example: 1
in: query
name: page
required: false
schema:
type: number
- description: Deduplicate findings across the refs/branches if true.
example: true
in: query
name: dedup
required: false
schema:
type: boolean
- description: Maximum number of records per returned page. If not specified,
defaults to 100 records.
example: 100
in: query
name: page_size
required: false
schema:
default: 100
maximum: 3000
minimum: 100
type: integer
- description: Which repositories do you wish to view results for? If not specified,
returns all.
example: myorg/repo1,myorg/repo2
explode: false
in: query
name: repos
required: false
schema:
items:
type: string
type: array
style: form
- description: Which policy modes (block, comment, monitor) do you wish to view
results for? If not specified, returns all.
example: rule-board-block, rule-board-pr-comments, rule-board-audit
explode: false
in: query
name: policies
required: false
schema:
items:
type: string
type: array
style: form
- description: Which rule names do you wish to view results for? If not specified,
returns all.
example: typescript.react.security.audit.react-no-refs.react-no-refs,ajinabraham.njsscan.hardcoded_secrets.node_username
explode: false
in: query
name: rules
required: false
schema:
items:
type: string
type: array
style: form
- description: What severities of issues do you wish to filter for? If not specified,
returns all.
example: low,high
explode: false
in: query
name: severities
required: false
schema:
items:
type: string
type: array
style: form
- description: Which categories of findings do you wish to view the results
for? If not specified, returns all.
example: security,correctness,caching
explode: false
in: query
name: categories
required: false
schema:
items:
type: string
type: array
style: form
responses:
'200':
content:
application/json:
schema:
description: Encapsulation object for findings and meta information.
properties:
findings:
items:
additionalProperties: false
description: |
A finding that Semgrep has found in your organization.
properties:
categories:
description: |
The categories of the finding as classified by the associated rule metdata.
example:
- security
nullable: true
type: array
confidence:
description: |
Confidence of the rule that triggered the finding.
enum:
- low
- medium
- high
example: medium
type: string
first_seen_scan_id:
example: 1234
type: number
id:
description: Unique ID of this finding
example: 1234567
type: number
location:
additionalProperties: false
description: |
Location of the record in a file, as reported by Semgrep.
If null, then the information does not exist or lacks integrity (older or broken scans).
nullable: true
properties:
column:
description: Column at which the target starts.
example: 8
type: number
end_column:
description: Column at which the target ends.
example: 16
type: number
end_line:
description: Line at which the target ends.
example: 124
type: number
file_path:
description: File path of the relevant line and column
numbers.
example: frontend/src/corpComponents/Code.tsx
type: string
line:
description: Line at which the target starts.
example: 120
type: number
required:
- file_path
- line
- column
- end_line
- end_column
type: object
match_based_id:
description: ID calculated based on a finding's file path,
rule id, and the rule index.
example: 440eeface888e78afceac3dc7d4cc2cf
nullable: true
type: string
ref:
description: External reference to the source of this finding
(e.g. PR)
example: refs/pull/1234/merge
nullable: true
type: string
relevant_since:
example: 2020-11-18 23:28:12.391807
nullable: true
type: string
repository:
additionalProperties: false
description: Which repository is this finding a part of,
defined via name.
properties:
name:
example: semgrep
type: string
url:
description: The source url from which this repository
last scanned
example: https://github.com/returntocorp/semgrep
nullable: true
type: string
required:
- name
type: object
rule_message:
description: |
Rule message on the time of rule triggering. Older findings might have the value missing/removed.
example: |
`ref` usage found. refs give direct DOM access and may create a possibility for XSS, which could cause
sensitive information such as user cookies to be retrieved by an attacker. Instead, avoid direct DOM
manipulation or use DOMPurify to sanitize HTML before writing it into the page.
nullable: true
type: string
rule_name:
example: typescript.react.security.audit.react-no-refs.react-no-refs
type: string
severity:
description: |
Severity of the rule that triggered the finding. Ranges from low, which would correlate to info,
up to high which would correlate to error.
enum:
- low
- medium
- high
example: medium
type: string
sourcing_policy:
additionalProperties: false
description: |
Reference to a policy, with some basic information.
If null, then the information does not exist or lacks integrity (older or broken scans).
nullable: true
properties:
id:
description: Unique numerical identifier of the policy.
example: 120
type: number
name:
description: Human readable name.
example: Default Policy
type: string
slug:
description: Sanitized machine-readable name.
example: default-policy
type: string
required:
- id
- name
- slug
type: object
state:
description: |
Status of the finding's resolution. Read more in
[the documentation](https://semgrep.dev/docs/managing-findings/#finding-states).
enum:
- muted
- fixed
- removed
- unresolved
example: new
type: string
state_updated_at:
description: |
When this issues' state was last updated
example: 2020-11-19 23:28:12.391807
nullable: true
type: string
syntactic_id:
example: 440eeface888e78afceac3dc7d4cc2cf
type: string
triage_comment:
example: This finding is from the test repo
nullable: true
type: string
triage_state:
description: |
Status of the finding's triaging. You will be able to read more about triaging on our documentation soon.
Even so, there are some [existing resources](https://semgrep.dev/docs/semgrep-ci/overview/#ignoring-specific-rules-in-a-ruleset-or-policy).
enum:
- untriaged
- ignored
- reopened
example: untriaged
type: string
triaged_at:
example: 2020-11-19 23:28:12.391807
nullable: true
type: string
required:
- id
- syntactic_id
- match_based_id
- state
- triage_state
- severity
- rule_name
- rule_message
- location
type: object
type: array
type: object
description: Return the list of findings in an organization.
security:
- SemgrepWebToken:
- webapi
summary: List all findings
tags:
- Finding
/deployments/{deployment_slug}/projects:
get:
description: |
Request the list of projects in an organization, paginated in pages of 100 entries.
operationId: semgrep_app.saas.handlers.repository.openapi_list_recent_projects
parameters:
- description: Slug of the deployments name. Can be found at `/deployments`,
or via the web UI.
example: your-deployment
in: path
name: deployment_slug
required: true
schema:
type: string
- description: Which page of the results do you require? If not specified, returns
first page.
example: 0
in: query
name: page
required: false
schema:
type: number
- description: Maximum number of records per returned page. If not specified,
defaults to 100 records.
example: 100
in: query
name: page_size
required: false
schema:
default: 100
maximum: 3000
minimum: 100
type: integer
responses:
'200':
content:
application/json:
schema:
description: Encapsulation object for projects and meta information.
properties:
projects:
items:
additionalProperties: false
description: |
A project in your organization that uses Semgrep.
properties:
id:
description: Unique ID of this project
example: 1234567
type: number
latest_scan_at:
description: Time of latest scan, if there is one.
example: '2023-01-13T20:51:51.449081Z'
nullable: true
type: string
name:
description: Name of the project
example: returntocorp/semgrep
type: string
tags:
description: Tags associated to this project
items:
description: The tag name
example: tag
type: string
type: array
url:
description: URL of the project, if there is one.
example: https://github.com/returntocorp/semgrep
nullable: true
type: string
required:
- id
- name
- tags
type: object
type: array
type: object
description: Return the list of projects in an organization.
security:
- SemgrepWebToken:
- webapi
summary: List all projects
tags:
- Project
/deployments/{deployment_slug}/projects/{project_name}:
get:
description: |
Retrieve details for a single project associated with a deployment that you have
access to.
operationId: semgrep_app.saas.handlers.repository.openapi_get_project
parameters:
- description: Slug of the deployments name. Can be found at `/deployments`,
or via the web UI.
example: your-deployment
in: path
name: deployment_slug
required: true
schema:
type: string
- description: Name of the project, typically the repository formatted as a
path
example: organization/project
in: path
name: project_name
required: true
schema:
format: path
type: string
responses:
'200':
content:
application/json:
schema:
properties:
project:
additionalProperties: false
description: |
A project in your organization that uses Semgrep.
properties:
id:
description: Unique ID of this project
example: 1234567
type: number
latest_scan_at:
description: Time of latest scan, if there is one.
example: '2023-01-13T20:51:51.449081Z'
nullable: true
type: string
name:
description: Name of the project
example: returntocorp/semgrep
type: string
tags:
description: Tags associated to this project
items:
description: The tag name
example: tag
type: string
type: array
url:
description: URL of the project, if there is one.
example: https://github.com/returntocorp/semgrep
nullable: true
type: string
required:
- id
- name
- tags
type: object
type: object
description: Successfully retrieved details for the project.
security:
- SemgrepWebToken:
- webapi
summary: Get project details
tags:
- Project
patch:
description: |
Update attributes for the project using the value passed in to the request body.
Note: The only attribute that is supported as of January 2023 is `tags`.
operationId: semgrep_app.saas.handlers.repository.openapi_patch_project
parameters:
- description: Slug of the deployments name. Can be found at `/deployments`,
or via the web UI.
example: your-deployment
in: path
name: deployment_slug
required: true
schema:
type: string
- description: Name of the project, typically the repository formatted as a
path
example: organization/project
in: path
name: project_name
required: true
schema:
format: path
type: string
requestBody:
content:
application/json:
schema:
properties:
tags:
items:
description: The tag name
example: tag
type: string
type: array
type: object
responses:
'200':
content:
application/json:
schema:
properties:
project:
additionalProperties: false
description: |
A project in your organization that uses Semgrep.
properties:
id:
description: Unique ID of this project
example: 1234567
type: number
latest_scan_at:
description: Time of latest scan, if there is one.
example: '2023-01-13T20:51:51.449081Z'
nullable: true
type: string
name:
description: Name of the project
example: returntocorp/semgrep
type: string
tags:
description: Tags associated to this project
items:
description: The tag name
example: tag
type: string
type: array
url:
description: URL of the project, if there is one.
example: https://github.com/returntocorp/semgrep
nullable: true
type: string
required:
- id
- name
- tags
type: object
type: object
description: Successfully updated details for the project.
security:
- SemgrepWebToken:
- webapi
summary: Update project details
tags:
- Project
/deployments/{deployment_slug}/projects/{project_name}/tags:
delete:
description: |
Remove tags from to a project for a deployment you have access to.
This request will not delete project tags from the deployment and will only remove
them from the requested project. Any other projects associated with the requested
tag will remain unaffected.
operationId: semgrep_app.saas.handlers.tagging.openapi_remove_tags_from_project
parameters:
- description: Slug of the deployments name. Can be found at `/deployments`,
or via the web UI.
example: your-deployment
in: path
name: deployment_slug
required: true
schema:
type: string
- description: Name of the project, typically the repository formatted as a
path
example: organization/project
in: path
name: project_name
required: true
schema:
format: path
type: string
requestBody:
content:
application/json:
schema:
properties:
tags:
items:
description: The tag name
example: tag
type: string
type: array
type: object
responses:
'200':
content:
application/json:
schema:
properties:
project:
additionalProperties: false
description: |
A project in your organization that uses Semgrep.
properties:
id:
description: Unique ID of this project
example: 1234567
type: number
latest_scan_at:
description: Time of latest scan, if there is one.
example: '2023-01-13T20:51:51.449081Z'
nullable: true
type: string
name:
description: Name of the project
example: returntocorp/semgrep
type: string
tags:
description: Tags associated to this project
items:
description: The tag name
example: tag
type: string
type: array
url:
description: URL of the project, if there is one.
example: https://github.com/returntocorp/semgrep
nullable: true
type: string
required:
- id
- name
- tags
type: object
type: object
description: Successfully removed tags from project.
security:
- SemgrepWebToken:
- webapi
summary: Remove tags from project
tags:
- Project
put:
description: |
Add tags to a project for a deployment you have access to.
Any project tags that do not already existing for the deployment will be created
automatically and associated with the project.
operationId: semgrep_app.saas.handlers.tagging.openapi_add_tags_to_project
parameters:
- description: Slug of the deployments name. Can be found at `/deployments`,
or via the web UI.
example: your-deployment
in: path
name: deployment_slug
required: true
schema:
type: string
- description: Name of the project, typically the repository formatted as a
path
example: organization/project
in: path
name: project_name
required: true
schema:
format: path
type: string
requestBody:
content:
application/json:
schema:
properties:
tags:
items:
description: The tag name
example: tag
type: string
type: array
type: object
responses:
'200':
content:
application/json:
schema:
properties:
project:
additionalProperties: false
description: |
A project in your organization that uses Semgrep.
properties:
id:
description: Unique ID of this project
example: 1234567
type: number
latest_scan_at:
description: Time of latest scan, if there is one.
example: '2023-01-13T20:51:51.449081Z'
nullable: true
type: string
name:
description: Name of the project
example: returntocorp/semgrep
type: string
tags:
description: Tags associated to this project
items:
description: The tag name
example: tag
type: string
type: array
url:
description: URL of the project, if there is one.
example: https://github.com/returntocorp/semgrep
nullable: true
type: string
required:
- id
- name
- tags
type: object
type: object
description: Successfully added tags to project.
security:
- SemgrepWebToken:
- webapi
summary: Add tags to project
tags:
- Project
/ping:
get:
description: Use to ping the server and assert liveness.
operationId: semgrep_app.util.unsorted.ping
responses:
'200':
description: OK
summary: Ping
tags:
- Other
servers:
- url: /api/v1
tags:
- description: |
Deployments encapsulate your organization's security organization, with multiple
projects, policies, and integrations. As the root object of the organization, they're
similarly the root object of the API.
name: Deployment
x-displayName: Deployment
- description: |
List the projects attached to your Semgrep organization.
name: Project
x-displayName: Projects
- description: |
Manage the Semgrep findings of your organization.
name: Finding
x-displayName: Findings
- description: |
List the supply chain findings and dependencies of your organization.
name: SupplyChainService
x-displayName: Supply Chain
- description: |
List the secrets findings of your organization.
name: SecretsService
x-displayName: Secrets
- description: |
Utility endpoints.
name: Other
x-displayName: Other
Discover other plugins from the programming category
0 VotesAppy Pie Text to App Generator
AI-powered Text-to-App Generator turns your app idea into Android and iOS apps- just provide text input.
0 Comments
![GitHub [UNOFFICIAL]](/_next/image?w=96&q=75&url=https%3A%2F%2Fapi.getit.ai%2Fimage%2F%3Furl%3Dhttps%3A%2F%2Fgh-plugin.teammait.com%2Flogo.png){kind=small}
2 VotesGitHub [UNOFFICIAL]
Plugin for interacting with GitHub repositories, accessing file structures, and modifying code. @albfresco for support.
0 Comments
0 VotesTelnyx Storage
Manage your buckets and objects through simple, intuitive textual commands.
0 Comments
0 VotesCreatiCode Scratch
Display Scratch programs as images and write 2D/3D programs using CreatiCode Scratch extensions.
0 Comments
0 VotesDEV Community
Plugin for recommending articles or users from DEV Community.
0 Comments
1 VotesProgressier
Create powerful PWAs, design screenshots, send push notifications
0 Comments
0 VotesDatabricks
A plugin that allows the user to interact with Databricks.
0 Comments
0 VotesBundlejs API
Plugin for bundling, treeshaking, transpiling, compressing and minification of JavaScript and TypeScript code
0 Comments
0 VotesWordPress.com
Plugin for managing WordPress.com websites, blogging, and ecommerce
0 Comments
0 VotesGitSearch
Search code on GitHub repositories based on a query.
0 Comments
0 VotesPage whisperer plugin
Plugin for creating and publishing a web page.
0 Comments
0 VotesAI2sql
Converts a natural language text into an SQL query.
0 Comments
0 VotesHTTP Webhooks
Allows you to write, deploy, and manage HTTP Webhooks in JavaScript, right from the chat.
0 Comments
1 VotesDeployScript
DeployScript effortlessly launches web apps, handling the tech for you. Watch your ideas come to life!
0 Comments
0 VotesWebsite Performance
Measure key metrics about your website - performance, accessibility, best practices, SEO, PWA.
0 Comments
0 VotesNetlify Drop
Describe a simple website you want to make, and deploy it to Netlify to share it with others and claim it as your own.
0 Comments
0 Votes60sec site
Generate a beautiful website in 60 seconds using AI.
0 Comments
0 VotesWordpress Publisher
Publish content directly to a Wordpress blog.
0 Comments
0 VotesRepo Inspector
Inspect Git Repositories. Submit a GitHub, Gitlab, etc., HTTPS link. The repo will be reviewed by Repo Inspector.
0 Comments
0 VotesRepo Radar
Your one-stop shop for up to date Github repo information. Find repos by topic, language, or name.
0 Comments
0 VotesShuto.IO
Shuto.IO is a multi-tool for creators and developers with SMS, Email, Wordpress and SSH Command Execution capabilities.
0 Comments
0 VotesCoderPad
Run code in more than 30 different programming languages, and let us worry about setting up the environment!
1 Comments
4 VotesCode Runner
Run and Save your code while creating visualizations (charts and graphs) supports upto 70 programming languages.
2 Comments
0 VotesAskTheCode
Provide a GitHub repository URL with the C# project and ask about any aspect of the code.
0 Comments
0 VotesScraper
Scrape content from webpages by providing a URL.
0 Comments
0 VotesAppy Pie App Builder
AI-powered Text-to-App Generator turns your app idea into Android and iOS apps- just provide text input.
0 Comments
0 VotesDatabricks (dev-azure-westus)
A plugin that allows the user to interact with Databricks.
0 Comments
0 VotesWP Interact
Fetch or search posts from self-hosted WordPress websites, opening new possibilities for smart interaction with content.
0 Comments
0 VotesQyrusTestPilot
You can test your webapp without writing a single line of code by just giving the URL
0 Comments
0 VotesGit OSS Stats
Dynamically generate and analyze stats and history for OSS repos and developers.
0 Comments
0 VotesLGTM
Search for LGTM Markdown.
0 Comments
0 VotesChat Stack Search
Use the Stack Exchange API to search sites such as Stack Overflow and return questions, answers, and other information.
0 Comments
0 VotesShor in QASM
Generate quantum circuits for Shor's algorithm in QASM format.
0 Comments
0 VotesWebDev
Build a live website within seconds directly from the chat and preview and test HTML code with JavaScript and CSS.
0 Comments
0 VotesCloud Diagram Gen
Generate cloud architecture diagrams. Unofficial AWS plugin.
0 Comments
0 VotesGitAIOps
Unofficial tool for GitLab CI/CD workflows. Streamlines merge request reviews, pipeline debugging, and more.
0 Comments
ad4mat
API to monetize outgoing traffic via tracking links.
0 Comments
0 VotesWeb5 assistant
Assistant for developers building a web5 application by providing examples, documentation and writing web5 code.
0 Comments
0 VotesAI with Jira®
Unofficial plugin for Jira®. Create issues such as tasks, user stories and bugs directly on your Jira® project.
0 Comments
0 VotesText to SQL Plugin
Plugin that converts a natural language text into an SQL query.
0 Comments
Devhunt
Find your next favorite tool.
0 Comments
0 VotesTalk With Docs
Ask any questions to your docs.
0 Comments
0 VotesRecombinant AI™
Input a Github repo URL. Get a holistic,deep, relational understanding of the codebase.
0 Comments
0 VotesCodeCast Wandbox
Instantly compile your code online with Wandbox. Improve your coding learning experience.
1 Comments
StackOverflow Plus
Expand your knowledge beyond 2021/09/01. Get recent questions and answers from Stack Overflow.
0 Comments
0 VotesA/B JUDGE
Judge whether the A/B test results are superior or not.
0 Comments
0 Votesne.tools
Network diagnostic tool for DNS record lookup (A, AA, MX, NS and more) and WHOIS queries for domains and IP addresses.
0 Comments
0 VotesCode Library Search
Answer any questions about Python libraries (Currently Langchain and Openai). Can answer version specific questions.
0 Comments
0 VotesService Check
Check if services are running and how fast they are responding. You can check Website, Email, Domain Lookup and Ping.
0 Comments
0 VotesAI Extensions
Craft your extensions with ease! Step-by-step guidance at your fingertips.
0 Comments
0 VotesPassive DNS Pivots
Global pDNS 800 Billion records searchable. Unearth nefarious domains within minutes of creation.
0 Comments
0 VotesWPressGenie
Manages a WordPress site. You can get, view and analyze details of WordPress posts and content.
0 Comments
API Bot
This is a conversational bot that lets you ask questions about a variety of common APIs.
0 Comments
0 VotesSPARQL Query
Returns Query Solution Page for Query Text.
0 Comments
0 VotesCodeulator
Collaborate with AI directly inside your favorite code editor.
0 Comments
1 VotesCalculator Tools
Create any app, calculator, tool, tracker, or game instantly with AI.
0 Comments
0 VotesSite Analysis and Moderation
This plugin provides data analysis, content moderation and automatic report generation functionalities for your website.
0 Comments
0 VotesCheck Website Down
Insert your website URL to check the availability. Pulsetic tests the uptime, availability & performance of a website.
0 Comments
0 VotesTake Code Captures
Capture, beautify, and share your code snippets easily.
0 Comments