Projects (v1)
Note: For a list of Project types, see Project type responses from the API.
Required permissions
View OrganizationView ProjectEdit Project
The organization ID the project belongs to. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID.
463c1ee5-31bc-428c-b451-b79a3270db08The branch that this project should be monitoring
mainPUT /v1/org/{orgId}/project/{projectId} HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 71
{
"owner": {
"id": "1acd4d09-5602-4d04-9640-045fe928aaea"
},
"branch": "main"
}{
"name": "snyk/goof",
"id": "af137b96-6966-46c1-826b-2e79ac49bbd9",
"created": "2018-10-29T09:50:54.014Z",
"origin": "github",
"type": "maven",
"readOnly": false,
"testFrequency": "daily",
"totalDependencies": 42,
"issueCountsBySeverity": {
"low": 13,
"medium": 8,
"high": 1,
"critical": 3
},
"imageId": "sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019",
"imageTag": "latest",
"imageBaseImage": "alpine:3",
"imagePlatform": "linux/arm64",
"imageCluster": "Production",
"hostname": "text",
"remoteRepoUrl": "https://github.com/snyk/goof.git",
"lastTestedDate": "2019-02-05T08:54:07.704Z",
"owner": {},
"browseUrl": "https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9",
"importingUser": {
"id": "e713cf94-bb02-4ea0-89d9-613cce0caed2",
"name": "[email protected]",
"username": "exampleUser",
"email": "[email protected]"
},
"isMonitored": true,
"branch": "text",
"targetReference": "text",
"tags": [
"text"
],
"attributes": "text",
"remediation": {
"upgrade": {},
"patch": {},
"pin": {}
}
}Required permissions
View OrganizationView ProjectView Project Snapshot
The organization ID the project belongs to. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID.
463c1ee5-31bc-428c-b451-b79a3270db08GET /v1/org/{orgId}/project/{projectId} HTTP/1.1
Host: api.snyk.io
Accept: */*
{
"name": "snyk/goof",
"id": "af137b96-6966-46c1-826b-2e79ac49bbd9",
"created": "2018-10-29T09:50:54.014Z",
"origin": "github",
"type": "maven",
"readOnly": false,
"testFrequency": "daily",
"totalDependencies": 42,
"issueCountsBySeverity": {
"low": 13,
"medium": 8,
"high": 1,
"critical": 3
},
"imageId": "sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019",
"imageTag": "latest",
"imageBaseImage": "alpine:3",
"imagePlatform": "linux/arm64",
"imageCluster": "Production",
"hostname": "text",
"remoteRepoUrl": "https://github.com/snyk/goof.git",
"lastTestedDate": "2019-02-05T08:54:07.704Z",
"owner": {},
"browseUrl": "https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9",
"importingUser": {
"id": "e713cf94-bb02-4ea0-89d9-613cce0caed2",
"name": "[email protected]",
"username": "exampleUser",
"email": "[email protected]"
},
"isMonitored": true,
"branch": "text",
"targetReference": "text",
"tags": [
"text"
],
"attributes": "text",
"remediation": {
"upgrade": {},
"patch": {},
"pin": {}
}
}Required permissions
View OrganizationView ProjectRemove Project
The organization ID the project belongs to. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID.
463c1ee5-31bc-428c-b451-b79a3270db08DELETE /v1/org/{orgId}/project/{projectId} HTTP/1.1
Host: api.snyk.io
Accept: */*
No content
Required permissions
- Group Admin
The organization ID. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID to apply the tag to
6d5813be-7e6d-4ab8-80c2-1e3e2a454545Alphanumeric including - and _ with a limit of 30 characters
example-tag-keyAlphanumeric including - and _ with a limit of 50 characters
example-tag-valuePOST /v1/org/{orgId}/project/{projectId}/tags HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 53
{
"key": "example-tag-key",
"value": "example-tag-value"
}{
"tags": [
{
"key": "example-tag-key",
"value": "example-tag-value"
}
]
}Required permissions
- Group Admin
The organization ID. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID to remove a tag from
6d5813be-7e6d-4ab8-80c2-1e3e2a454545Alphanumeric including - and _ with a limit of 30 characters
example-tag-keyAlphanumeric including - and _ with a limit of 50 characters
example-tag-valuePOST /v1/org/{orgId}/project/{projectId}/tags/remove HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 53
{
"key": "example-tag-key",
"value": "example-tag-value"
}{
"tags": [
{
"key": "example-tag-key",
"value": "example-tag-value"
}
]
}Required permissions
View OrganizationView ProjectEdit Project
The organization ID to which the project belongs. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID
463c1ee5-31bc-428c-b451-b79a3270db08If set to true, Snyk will raise dependency upgrade PRs automatically.
An array of comma-separated strings with names of dependencies you wish Snyk to ignore to upgrade.
The age (in days) that an automatic dependency check is valid for
The limit on auto dependency upgrade PRs.
If set to true, fail Snyk Test if the repo has any vulnerabilities. Otherwise, fail only when the PR is adding a vulnerable dependency.
If set to true, fail Snyk Test only for high and critical severity vulnerabilities
If set to true, Snyk Test checks PRs for vulnerabilities.:cq
assign Snyk pull requests
Defines automatic remediation policies
The response will contain the attributes and values that have been sent in the request and successfully updated.
PUT /v1/org/{orgId}/project/{projectId}/settings HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 439
{
"autoDepUpgradeLimit": 2,
"autoDepUpgradeIgnoredDependencies": [
"tap",
"ava"
],
"autoDepUpgradeEnabled": false,
"autoDepUpgradeMinAge": 21,
"pullRequestFailOnAnyVulns": false,
"pullRequestFailOnlyForHighSeverity": true,
"pullRequestTestEnabled": true,
"pullRequestAssignment": "{\"enabled\":true,\"type\":\"manual\",\"assignees\":[\"username\"]}",
"autoRemediationPrs": "{\"freshPrsEnabled\":true,\"backlogPrsEnabled\":false,\"usePatchRemediation\":false}"
}The response will contain the attributes and values that have been sent in the request and successfully updated.
{
"autoDepUpgradeLimit": 2,
"autoDepUpgradeIgnoredDependencies": [
"tap",
"ava"
],
"autoDepUpgradeEnabled": false,
"autoDepUpgradeMinAge": 21,
"pullRequestTestEnabled": true,
"pullRequestFailOnAnyVulns": false,
"pullRequestFailOnlyForHighSeverity": true,
"pullRequestAssignment": "{\"enabled\":true,\"type\":\"manual\",\"assignees\":[\"username\"]}",
"autoRemediationPrs": "{\"freshPrsEnabled\":true,\"backlogPrsEnabled\":false,\"usePatchRemediation\":false}"
}Required permissions
View OrganizationView Project
The organization ID to which the project belongs. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID
463c1ee5-31bc-428c-b451-b79a3270db08The response will contain only attributes that can be updated (see ATTRIBUTES section in Update project settings) and that have been previously set.
GET /v1/org/{orgId}/project/{projectId}/settings HTTP/1.1
Host: api.snyk.io
Accept: */*
The response will contain only attributes that can be updated (see ATTRIBUTES section in Update project settings) and that have been previously set.
{
"autoDepUpgradeLimit": 2,
"autoDepUpgradeIgnoredDependencies": [
"tap",
"ava"
],
"autoDepUpgradeEnabled": false,
"autoDepUpgradeMinAge": 21,
"pullRequestFailOnAnyVulns": false,
"pullRequestFailOnlyForHighSeverity": true,
"pullRequestTestEnabled": true,
"pullRequestAssignment": "{\"enabled\":true,\"type\":\"manual\",\"assignees\":[\"username\"]}",
"autoRemediationPrs": "{\"freshPrsEnabled\":true,\"backlogPrsEnabled\":false,\"usePatchRemediation\":true}"
}Deleting project settings will set the project to inherit default settings from its integration.
Required permissions
View OrganizationView ProjectEdit Project
The organization ID to which the project belongs. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID
463c1ee5-31bc-428c-b451-b79a3270db08DELETE /v1/org/{orgId}/project/{projectId}/settings HTTP/1.1
Host: api.snyk.io
Accept: */*
No content
Note: when moving a project to a new organization, the historical data used for reporting does not move with it.
Required permissions
View OrganizationView ProjectMove Project
The organization ID to which the project belongs. The API_KEY must have group admin permissions. If the project is moved to a new group, a personal level API key is needed.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID.
463c1ee5-31bc-428c-b451-b79a3270db08The ID of the organization that the project should be moved to. The API_KEY must have group admin permissions. If the project is moved to a new group, a personal level API key is needed.
PUT /v1/org/{orgId}/project/{projectId}/move HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 54
{
"targetOrgId": "4a18d42f-0706-4ad0-b127-24078731fbed"
}{
"originOrg": "4a18d42f-0706-4ad0-b127-24078731fbed",
"destinationOrg": "4a18d42f-0706-4ad0-b127-24078731fbed",
"movedProject": "463c1ee5-31bc-428c-b451-b79a3270db08"
}Required permissions
View ProjectView Project Snapshot
The organization ID. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID for which to return issue paths.
6d5813be-7e6d-4ab8-80c2-1e3e2a454545The issue ID for which to return issue paths.
SNYK-JS-LODASH-590103The project snapshot ID for which to return issue paths. If set to latest, the most recent snapshot will be used. Use the "List all project snapshots" endpoint to find suitable values for this.
6d5813be-7e6d-4ab8-80c2-1e3e2a454553The number of results to return per page (1 - 1000, inclusive).
3The page of results to return.
2GET /v1/org/{orgId}/project/{projectId}/issue/{issueId}/paths HTTP/1.1
Host: api.snyk.io
Accept: */*
{
"snapshotId": "6d5813be-7e6d-4ab8-80c2-1e3e2a454553",
"paths": [
[
{
"name": "tap",
"version": "11.1.5"
},
{
"name": "nyc",
"version": "11.9.0"
},
{
"name": "istanbul-lib-instrument",
"version": "1.10.1"
},
{
"name": "babel-traverse",
"version": "6.26.0"
},
{
"name": "lodash",
"version": "4.17.10"
}
],
[
{
"name": "tap",
"version": "11.1.5",
"fixVersion": "11.1.5"
},
{
"name": "nyc",
"version": "11.9.0"
},
{
"name": "istanbul-lib-instrument",
"version": "1.10.1"
},
{
"name": "babel-template",
"version": "6.26.0"
},
{
"name": "lodash",
"version": "4.17.10"
}
]
],
"total": 10,
"links": {
"prev": "https://api.snyk.io/v1/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/6d5813be-7e6d-4ab8-80c2-1e3e2a454545/issue/SNYK-JS-LODASH-590103?snapshotId=6d5813be-7e6d-4ab8-80c2-1e3e2a454553&page=1&perPage=3",
"next": "https://api.snyk.io/v1/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/6d5813be-7e6d-4ab8-80c2-1e3e2a454545/issue/SNYK-JS-LODASH-590103?snapshotId=6d5813be-7e6d-4ab8-80c2-1e3e2a454553&page=3&perPage=3",
"last": "https://api.snyk.io/v1/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/6d5813be-7e6d-4ab8-80c2-1e3e2a454545/issue/SNYK-JS-LODASH-590103?snapshotId=6d5813be-7e6d-4ab8-80c2-1e3e2a454553&page=4&perPage=3"
}
}Required permissions
View OrganizationView ProjectView Project Snapshot
The organization ID. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID to return issues for.
6d5813be-7e6d-4ab8-80c2-1e3e2a454545- A reference implementation of the graph, as well as conversion functions to/from legacy tree format, can be found at: https://github.com/snyk/dep-graph.
- The object might contain additional fields in the future, in a backward-compatible way (
schemaVersionwill change accordingly).
GET /v1/org/{orgId}/project/{projectId}/dep-graph HTTP/1.1
Host: api.snyk.io
Accept: */*
- A reference implementation of the graph, as well as conversion functions to/from legacy tree format, can be found at: https://github.com/snyk/dep-graph.
- The object might contain additional fields in the future, in a backward-compatible way (
schemaVersionwill change accordingly).
{
"depGraph": {
"schemaVersion": "1.1.0",
"pkgManager": {
"name": "npm"
},
"pkgs": [
{
"id": "[email protected]",
"info": {
"name": "demo-app-for-test",
"version": "1.1.1"
}
},
{
"id": "[email protected]",
"info": {
"name": "express",
"version": "4.4.0"
}
},
{
"id": "[email protected]",
"info": {
"name": "ws",
"version": "1.0.0"
}
}
],
"graph": {
"rootNodeId": "root-node",
"nodes": [
{
"nodeId": "root-node",
"pkgId": "[email protected]",
"deps": [
{
"nodeId": "[email protected]"
},
{
"nodeId": "[email protected]"
}
]
},
{
"nodeId": "[email protected]",
"pkgId": "[email protected]",
"deps": []
},
{
"nodeId": "[email protected]",
"pkgId": "[email protected]",
"deps": []
}
]
}
}
}Deactivating a project will:
- Disable pull request tests for new vulnerabilities.
- Disable Fix pull request from being opened for newly disclosed vulnerabilities.
- Disable recurring tests - email alerts about newly disclosed vulnerabilities will be turned off.
- If the repository has no other active projects, then remove any webhooks related to the project.
Required permissions
View OrganizationView ProjectProject Status
The organization ID the project belongs to. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID.
463c1ee5-31bc-428c-b451-b79a3270db08POST /v1/org/{orgId}/project/{projectId}/deactivate HTTP/1.1
Host: api.snyk.io
Accept: */*
No content
Attributes are static and non-configurable fields which allow to add additional metadata to a project. Attributes have a pre-defined list of values that a user can select from.
| Business criticality | Environment | Lifecycle stage |
|---|---|---|
| critical | frontend | production |
| high | backend | development |
| medium | internal | sandbox |
| low | external | |
| mobile | ||
| saas | ||
| onprem | ||
| hosted | ||
| distributed | ||
| Applies an attribute to the provided project. | ||
| It is possible to assign multiple values to each attribute, but you can only assign values to one of the predefined attribute categories, using the predefined options for this category. | ||
| Assigning an attribute requires the caller to be either an Organization Administrator or a Group Administrator. | ||
| Assigning an attribute will override any existing values that the specific attribute already has set. | ||
| In order to clear out an attribute value, an empty array can be set. |
Note: Organization admins can add an attribute to a Project. However, only Group admins can modify Project attributes in cases where attributes match a policy, because policies can only be managed by Group admins.
Required permissions
View OrganizationView ProjectEdit Project Attributes
The organization ID. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID to remove a tag from
6d5813be-7e6d-4ab8-80c2-1e3e2a454545POST /v1/org/{orgId}/project/{projectId}/attributes HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 78
{
"criticality": [
"high"
],
"environment": [
"backend"
],
"lifecycle": [
"development"
]
}{
"attributes": {
"criticality": [
"high"
],
"environment": [
"backend"
],
"lifecycle": [
"development"
]
}
}Required permissions
View ProjectView Project Snapshot
The organization ID. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID to return issues for.
6d5813be-7e6d-4ab8-80c2-1e3e2a454545If set to true, Include issue's description, if set to false (by default), it won't (Non-IaC projects only)
If set to true, include the dockerfile instruction that the issue is introducedThrough. If set to false (default), it won’t. This only applies to Container projects with an associated Dockerfile (CLI or Container Registry source)
POST /v1/org/{orgId}/project/{projectId}/aggregated-issues HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 61
{
"includeDescription": false,
"includeIntroducedThrough": false
}{
"issues": [
{
"id": "npm:ms:20170412",
"issueType": "vuln",
"pkgName": "ms",
"pkgVersions": [
"text"
],
"issueData": {
"id": "npm:ms:20170412",
"title": "Regular Expression Denial of Service (ReDoS)",
"severity": "low",
"originalSeverity": "high",
"url": "https://snyk.io/vuln/npm:ms:20170412",
"description": "`## Overview\\r\\n[`ms`](https://www.npmjs.com/package/ms) is a tiny millisecond conversion utility.\\r\\n\\r\\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to an incomplete fix for previously reported vulnerability [npm:ms:20151024](https://snyk.io/vuln/npm:ms:20151024). The fix limited the length of accepted input string to 10,000 characters, and turned to be insufficient making it possible to block the event loop for 0.3 seconds (on a typical laptop) with a specially crafted string passed to `ms",
"identifiers": {
"CVE": [
"text"
],
"CWE": [
"text"
],
"OSVDB": [
"text"
]
},
"credit": [
"text"
],
"exploitMaturity": "no-known-exploit",
"semver": {
"vulnerable": [
"text"
],
"unaffected": "text"
},
"publicationTime": "2017-05-15T06:02:45Z",
"disclosureTime": "2017-04-11T21:00:00Z",
"CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cvssScore": 3.7,
"severities": [
{
"assigner": "NVD",
"severity": "medium",
"baseScore": 4.8,
"vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
"cvssVersion": "4.0",
"modificationTime": "2024-03-07T07:47:26.644482Z"
}
],
"exploitDetails": {
"sources": [
"CISA"
],
"maturityLevels": [
{
"format": "CVSS_v3",
"level": "no-known-exploit"
}
]
},
"language": "js",
"patches": [
{
"id": "patch:npm:ms:20170412:0",
"urls": [
"text"
],
"version": "=1.0.0",
"comments": [
"text"
],
"modificationTime": "2019-12-03T11:40:45.863964Z"
}
],
"nearestFixedInVersion": "2.0.0",
"path": "[DocId: 1].input.spec.template.spec.containers[snyk2].securityContext.privileged",
"violatedPolicyPublicId": "SNYK-CC-K8S-1",
"isMaliciousPackage": true
},
"introducedThrough": [
{
"kind": "imageLayer",
"data": {}
}
],
"isPatched": true,
"isIgnored": true,
"ignoreReasons": [
{
"reason": "text",
"expires": "text",
"source": null
}
],
"fixInfo": {
"isUpgradable": true,
"isPinnable": true,
"isPatchable": true,
"isFixable": true,
"isPartiallyFixable": true,
"nearestFixedInVersion": "2.0.0",
"fixedIn": [
"text"
]
},
"priority": {
"score": 399,
"factors": [
{}
]
},
"links": {
"paths": "text"
}
}
]
}Activating a project will:
- Add a repository webhook for supported integrations.
- Enable pull request tests for new vulnerabilities.
- Open Fix pull request for newly disclosed vulnerabilities.
- Enable recurring tests, sending email alerts about newly disclosed vulnerabilities.
Required permissions
View OrganizationView ProjectProject Status
The organization ID the project belongs to. The API_KEY must have access to this organization.
4a18d42f-0706-4ad0-b127-24078731fbedThe project ID.
463c1ee5-31bc-428c-b451-b79a3270db08POST /v1/org/{orgId}/project/{projectId}/activate HTTP/1.1
Host: api.snyk.io
Accept: */*
No content
Last updated
Was this helpful?