Projects (v1)
Note: For a list of Project types, see Project type responses from the API.
Required permissions
View Organization
View Project
Edit Project
The organization ID the project belongs to. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID.
463c1ee5-31bc-428c-b451-b79a3270db08
The branch that this project should be monitoring
main
PUT /v1/org/{orgId}/project/{projectId} HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 71
{
"owner": {
"id": "1acd4d09-5602-4d04-9640-045fe928aaea"
},
"branch": "main"
}
{
"name": "snyk/goof",
"id": "af137b96-6966-46c1-826b-2e79ac49bbd9",
"created": "2018-10-29T09:50:54.014Z",
"origin": "github",
"type": "maven",
"readOnly": false,
"testFrequency": "daily",
"totalDependencies": 42,
"issueCountsBySeverity": {
"low": 13,
"medium": 8,
"high": 1,
"critical": 3
},
"imageId": "sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019",
"imageTag": "latest",
"imageBaseImage": "alpine:3",
"imagePlatform": "linux/arm64",
"imageCluster": "Production",
"hostname": "text",
"remoteRepoUrl": "https://github.com/snyk/goof.git",
"lastTestedDate": "2019-02-05T08:54:07.704Z",
"owner": {},
"browseUrl": "https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9",
"importingUser": {
"id": "e713cf94-bb02-4ea0-89d9-613cce0caed2",
"name": "[email protected]",
"username": "exampleUser",
"email": "[email protected]"
},
"isMonitored": true,
"branch": "text",
"targetReference": "text",
"tags": [
"text"
],
"attributes": "text",
"remediation": {
"upgrade": {},
"patch": {},
"pin": {}
}
}
Required permissions
View Organization
View Project
View Project Snapshot
The organization ID the project belongs to. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID.
463c1ee5-31bc-428c-b451-b79a3270db08
GET /v1/org/{orgId}/project/{projectId} HTTP/1.1
Host: api.snyk.io
Accept: */*
{
"name": "snyk/goof",
"id": "af137b96-6966-46c1-826b-2e79ac49bbd9",
"created": "2018-10-29T09:50:54.014Z",
"origin": "github",
"type": "maven",
"readOnly": false,
"testFrequency": "daily",
"totalDependencies": 42,
"issueCountsBySeverity": {
"low": 13,
"medium": 8,
"high": 1,
"critical": 3
},
"imageId": "sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019",
"imageTag": "latest",
"imageBaseImage": "alpine:3",
"imagePlatform": "linux/arm64",
"imageCluster": "Production",
"hostname": "text",
"remoteRepoUrl": "https://github.com/snyk/goof.git",
"lastTestedDate": "2019-02-05T08:54:07.704Z",
"owner": {},
"browseUrl": "https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9",
"importingUser": {
"id": "e713cf94-bb02-4ea0-89d9-613cce0caed2",
"name": "[email protected]",
"username": "exampleUser",
"email": "[email protected]"
},
"isMonitored": true,
"branch": "text",
"targetReference": "text",
"tags": [
"text"
],
"attributes": "text",
"remediation": {
"upgrade": {},
"patch": {},
"pin": {}
}
}
Required permissions
View Organization
View Project
Remove Project
The organization ID the project belongs to. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID.
463c1ee5-31bc-428c-b451-b79a3270db08
DELETE /v1/org/{orgId}/project/{projectId} HTTP/1.1
Host: api.snyk.io
Accept: */*
No content
Required permissions
- Group Admin
The organization ID. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID to apply the tag to
6d5813be-7e6d-4ab8-80c2-1e3e2a454545
Alphanumeric including - and _ with a limit of 30 characters
example-tag-key
Alphanumeric including - and _ with a limit of 50 characters
example-tag-value
POST /v1/org/{orgId}/project/{projectId}/tags HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 53
{
"key": "example-tag-key",
"value": "example-tag-value"
}
{
"tags": [
{
"key": "example-tag-key",
"value": "example-tag-value"
}
]
}
Required permissions
- Group Admin
The organization ID. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID to remove a tag from
6d5813be-7e6d-4ab8-80c2-1e3e2a454545
Alphanumeric including - and _ with a limit of 30 characters
example-tag-key
Alphanumeric including - and _ with a limit of 50 characters
example-tag-value
POST /v1/org/{orgId}/project/{projectId}/tags/remove HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 53
{
"key": "example-tag-key",
"value": "example-tag-value"
}
{
"tags": [
{
"key": "example-tag-key",
"value": "example-tag-value"
}
]
}
Required permissions
View Organization
View Project
Edit Project
The organization ID to which the project belongs. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID
463c1ee5-31bc-428c-b451-b79a3270db08
If set to true
, Snyk will raise dependency upgrade PRs automatically.
An array of comma-separated strings with names of dependencies you wish Snyk to ignore to upgrade.
The age (in days) that an automatic dependency check is valid for
The limit on auto dependency upgrade PRs.
If set to true
, fail Snyk Test if the repo has any vulnerabilities. Otherwise, fail only when the PR is adding a vulnerable dependency.
If set to true
, fail Snyk Test only for high and critical severity vulnerabilities
If set to true
, Snyk Test checks PRs for vulnerabilities.:cq
assign Snyk pull requests
Defines automatic remediation policies
PUT /v1/org/{orgId}/project/{projectId}/settings HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 439
{
"autoDepUpgradeLimit": 2,
"autoDepUpgradeIgnoredDependencies": [
"tap",
"ava"
],
"autoDepUpgradeEnabled": false,
"autoDepUpgradeMinAge": 21,
"pullRequestFailOnAnyVulns": false,
"pullRequestFailOnlyForHighSeverity": true,
"pullRequestTestEnabled": true,
"pullRequestAssignment": "{\"enabled\":true,\"type\":\"manual\",\"assignees\":[\"username\"]}",
"autoRemediationPrs": "{\"freshPrsEnabled\":true,\"backlogPrsEnabled\":false,\"usePatchRemediation\":false}"
}
The response will contain the attributes and values that have been sent in the request and successfully updated.
{
"autoDepUpgradeLimit": 2,
"autoDepUpgradeIgnoredDependencies": [
"tap",
"ava"
],
"autoDepUpgradeEnabled": false,
"autoDepUpgradeMinAge": 21,
"pullRequestTestEnabled": true,
"pullRequestFailOnAnyVulns": false,
"pullRequestFailOnlyForHighSeverity": true,
"pullRequestAssignment": "{\"enabled\":true,\"type\":\"manual\",\"assignees\":[\"username\"]}",
"autoRemediationPrs": "{\"freshPrsEnabled\":true,\"backlogPrsEnabled\":false,\"usePatchRemediation\":false}"
}
Required permissions
View Organization
View Project
The organization ID to which the project belongs. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID
463c1ee5-31bc-428c-b451-b79a3270db08
GET /v1/org/{orgId}/project/{projectId}/settings HTTP/1.1
Host: api.snyk.io
Accept: */*
The response will contain only attributes that can be updated (see ATTRIBUTES
section in Update project settings
) and that have been previously set.
{
"autoDepUpgradeLimit": 2,
"autoDepUpgradeIgnoredDependencies": [
"tap",
"ava"
],
"autoDepUpgradeEnabled": false,
"autoDepUpgradeMinAge": 21,
"pullRequestFailOnAnyVulns": false,
"pullRequestFailOnlyForHighSeverity": true,
"pullRequestTestEnabled": true,
"pullRequestAssignment": "{\"enabled\":true,\"type\":\"manual\",\"assignees\":[\"username\"]}",
"autoRemediationPrs": "{\"freshPrsEnabled\":true,\"backlogPrsEnabled\":false,\"usePatchRemediation\":true}"
}
Deleting project settings will set the project to inherit default settings from its integration.
Required permissions
View Organization
View Project
Edit Project
The organization ID to which the project belongs. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID
463c1ee5-31bc-428c-b451-b79a3270db08
DELETE /v1/org/{orgId}/project/{projectId}/settings HTTP/1.1
Host: api.snyk.io
Accept: */*
No content
Note: when moving a project to a new organization, the historical data used for reporting does not move with it.
Required permissions
View Organization
View Project
Move Project
The organization ID to which the project belongs. The API_KEY must have group admin permissions. If the project is moved to a new group, a personal level API key is needed.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID.
463c1ee5-31bc-428c-b451-b79a3270db08
The ID of the organization that the project should be moved to. The API_KEY must have group admin permissions. If the project is moved to a new group, a personal level API key is needed.
PUT /v1/org/{orgId}/project/{projectId}/move HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 54
{
"targetOrgId": "4a18d42f-0706-4ad0-b127-24078731fbed"
}
{
"originOrg": "4a18d42f-0706-4ad0-b127-24078731fbed",
"destinationOrg": "4a18d42f-0706-4ad0-b127-24078731fbed",
"movedProject": "463c1ee5-31bc-428c-b451-b79a3270db08"
}
Required permissions
View Project
View Project Snapshot
The organization ID. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID for which to return issue paths.
6d5813be-7e6d-4ab8-80c2-1e3e2a454545
The issue ID for which to return issue paths.
SNYK-JS-LODASH-590103
The project snapshot ID for which to return issue paths. If set to latest
, the most recent snapshot will be used. Use the "List all project snapshots" endpoint to find suitable values for this.
6d5813be-7e6d-4ab8-80c2-1e3e2a454553
The number of results to return per page (1 - 1000, inclusive).
3
The page of results to return.
2
GET /v1/org/{orgId}/project/{projectId}/issue/{issueId}/paths HTTP/1.1
Host: api.snyk.io
Accept: */*
{
"snapshotId": "6d5813be-7e6d-4ab8-80c2-1e3e2a454553",
"paths": [
[
{
"name": "tap",
"version": "11.1.5"
},
{
"name": "nyc",
"version": "11.9.0"
},
{
"name": "istanbul-lib-instrument",
"version": "1.10.1"
},
{
"name": "babel-traverse",
"version": "6.26.0"
},
{
"name": "lodash",
"version": "4.17.10"
}
],
[
{
"name": "tap",
"version": "11.1.5",
"fixVersion": "11.1.5"
},
{
"name": "nyc",
"version": "11.9.0"
},
{
"name": "istanbul-lib-instrument",
"version": "1.10.1"
},
{
"name": "babel-template",
"version": "6.26.0"
},
{
"name": "lodash",
"version": "4.17.10"
}
]
],
"total": 10,
"links": {
"prev": "https://api.snyk.io/v1/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/6d5813be-7e6d-4ab8-80c2-1e3e2a454545/issue/SNYK-JS-LODASH-590103?snapshotId=6d5813be-7e6d-4ab8-80c2-1e3e2a454553&page=1&perPage=3",
"next": "https://api.snyk.io/v1/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/6d5813be-7e6d-4ab8-80c2-1e3e2a454545/issue/SNYK-JS-LODASH-590103?snapshotId=6d5813be-7e6d-4ab8-80c2-1e3e2a454553&page=3&perPage=3",
"last": "https://api.snyk.io/v1/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/6d5813be-7e6d-4ab8-80c2-1e3e2a454545/issue/SNYK-JS-LODASH-590103?snapshotId=6d5813be-7e6d-4ab8-80c2-1e3e2a454553&page=4&perPage=3"
}
}
Required permissions
View Organization
View Project
View Project Snapshot
The organization ID. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID to return issues for.
6d5813be-7e6d-4ab8-80c2-1e3e2a454545
GET /v1/org/{orgId}/project/{projectId}/dep-graph HTTP/1.1
Host: api.snyk.io
Accept: */*
- A reference implementation of the graph, as well as conversion functions to/from legacy tree format, can be found at: https://github.com/snyk/dep-graph.
- The object might contain additional fields in the future, in a backward-compatible way (
schemaVersion
will change accordingly).
{
"depGraph": {
"schemaVersion": "1.1.0",
"pkgManager": {
"name": "npm"
},
"pkgs": [
{
"id": "[email protected]",
"info": {
"name": "demo-app-for-test",
"version": "1.1.1"
}
},
{
"id": "[email protected]",
"info": {
"name": "express",
"version": "4.4.0"
}
},
{
"id": "[email protected]",
"info": {
"name": "ws",
"version": "1.0.0"
}
}
],
"graph": {
"rootNodeId": "root-node",
"nodes": [
{
"nodeId": "root-node",
"pkgId": "[email protected]",
"deps": [
{
"nodeId": "[email protected]"
},
{
"nodeId": "[email protected]"
}
]
},
{
"nodeId": "[email protected]",
"pkgId": "[email protected]",
"deps": []
},
{
"nodeId": "[email protected]",
"pkgId": "[email protected]",
"deps": []
}
]
}
}
}
Deactivating a project will:
- Disable pull request tests for new vulnerabilities.
- Disable Fix pull request from being opened for newly disclosed vulnerabilities.
- Disable recurring tests - email alerts about newly disclosed vulnerabilities will be turned off.
- If the repository has no other active projects, then remove any webhooks related to the project.
Required permissions
View Organization
View Project
Project Status
The organization ID the project belongs to. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID.
463c1ee5-31bc-428c-b451-b79a3270db08
POST /v1/org/{orgId}/project/{projectId}/deactivate HTTP/1.1
Host: api.snyk.io
Accept: */*
No content
Attributes are static and non-configurable fields which allow to add additional metadata to a project. Attributes have a pre-defined list of values that a user can select from.
Business criticality | Environment | Lifecycle stage |
---|---|---|
critical | frontend | production |
high | backend | development |
medium | internal | sandbox |
low | external | |
mobile | ||
saas | ||
onprem | ||
hosted | ||
distributed | ||
Applies an attribute to the provided project. | ||
It is possible to assign multiple values to each attribute, but you can only assign values to one of the predefined attribute categories, using the predefined options for this category. | ||
Assigning an attribute requires the caller to be either an Organization Administrator or a Group Administrator. | ||
Assigning an attribute will override any existing values that the specific attribute already has set. | ||
In order to clear out an attribute value, an empty array can be set. |
Note: Organization admins can add an attribute to a Project. However, only Group admins can modify Project attributes in cases where attributes match a policy, because policies can only be managed by Group admins.
Required permissions
View Organization
View Project
Edit Project Attributes
The organization ID. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID to remove a tag from
6d5813be-7e6d-4ab8-80c2-1e3e2a454545
POST /v1/org/{orgId}/project/{projectId}/attributes HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 78
{
"criticality": [
"high"
],
"environment": [
"backend"
],
"lifecycle": [
"development"
]
}
{
"attributes": {
"criticality": [
"high"
],
"environment": [
"backend"
],
"lifecycle": [
"development"
]
}
}
Required permissions
View Project
View Project Snapshot
The organization ID. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID to return issues for.
6d5813be-7e6d-4ab8-80c2-1e3e2a454545
If set to true
, Include issue's description, if set to false
(by default), it won't (Non-IaC projects only)
If set to true
, include the dockerfile instruction that the issue is introducedThrough. If set to false (default), it won’t. This only applies to Container projects with an associated Dockerfile (CLI or Container Registry source)
POST /v1/org/{orgId}/project/{projectId}/aggregated-issues HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 61
{
"includeDescription": false,
"includeIntroducedThrough": false
}
{
"issues": [
{
"id": "npm:ms:20170412",
"issueType": "vuln",
"pkgName": "ms",
"pkgVersions": [
"text"
],
"issueData": {
"id": "npm:ms:20170412",
"title": "Regular Expression Denial of Service (ReDoS)",
"severity": "low",
"originalSeverity": "high",
"url": "https://snyk.io/vuln/npm:ms:20170412",
"description": "`## Overview\\r\\n[`ms`](https://www.npmjs.com/package/ms) is a tiny millisecond conversion utility.\\r\\n\\r\\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to an incomplete fix for previously reported vulnerability [npm:ms:20151024](https://snyk.io/vuln/npm:ms:20151024). The fix limited the length of accepted input string to 10,000 characters, and turned to be insufficient making it possible to block the event loop for 0.3 seconds (on a typical laptop) with a specially crafted string passed to `ms",
"identifiers": {
"CVE": [
"text"
],
"CWE": [
"text"
],
"OSVDB": [
"text"
]
},
"credit": [
"text"
],
"exploitMaturity": "no-known-exploit",
"semver": {
"vulnerable": [
"text"
],
"unaffected": "text"
},
"publicationTime": "2017-05-15T06:02:45Z",
"disclosureTime": "2017-04-11T21:00:00Z",
"CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cvssScore": 3.7,
"severities": [
{
"assigner": "NVD",
"severity": "medium",
"baseScore": 4.8,
"vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
"cvssVersion": "4.0",
"modificationTime": "2024-03-07T07:47:26.644482Z"
}
],
"exploitDetails": {
"sources": [
"CISA"
],
"maturityLevels": [
{
"format": "CVSS_v3",
"level": "no-known-exploit"
}
]
},
"language": "js",
"patches": [
{
"id": "patch:npm:ms:20170412:0",
"urls": [
"text"
],
"version": "=1.0.0",
"comments": [
"text"
],
"modificationTime": "2019-12-03T11:40:45.863964Z"
}
],
"nearestFixedInVersion": "2.0.0",
"path": "[DocId: 1].input.spec.template.spec.containers[snyk2].securityContext.privileged",
"violatedPolicyPublicId": "SNYK-CC-K8S-1",
"isMaliciousPackage": true
},
"introducedThrough": [
{
"kind": "imageLayer",
"data": {}
}
],
"isPatched": true,
"isIgnored": true,
"ignoreReasons": [
{
"reason": "text",
"expires": "text",
"source": null
}
],
"fixInfo": {
"isUpgradable": true,
"isPinnable": true,
"isPatchable": true,
"isFixable": true,
"isPartiallyFixable": true,
"nearestFixedInVersion": "2.0.0",
"fixedIn": [
"text"
]
},
"priority": {
"score": 399,
"factors": [
{}
]
},
"links": {
"paths": "text"
}
}
]
}
Activating a project will:
- Add a repository webhook for supported integrations.
- Enable pull request tests for new vulnerabilities.
- Open Fix pull request for newly disclosed vulnerabilities.
- Enable recurring tests, sending email alerts about newly disclosed vulnerabilities.
Required permissions
View Organization
View Project
Project Status
The organization ID the project belongs to. The API_KEY
must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbed
The project ID.
463c1ee5-31bc-428c-b451-b79a3270db08
POST /v1/org/{orgId}/project/{projectId}/activate HTTP/1.1
Host: api.snyk.io
Accept: */*
No content
Last updated
Was this helpful?