Support Snyk Learn API reference Product updates Sign up for free

Issues

This document uses the REST API. For more details, see the Authentication for API page.

Last updated 6 months ago

Was this helpful?

List issues for a package

Query issues for a specific package version identified by Package URL (purl). Snyk returns only direct vulnerabilities. Transitive vulnerabilities (from dependencies) are not returned because they can vary depending on context.

get

/orgs/{org_id}/packages/{purl}/issues

Authorizations

Path parameters

purlstringrequired

A URI-encoded Package URL (purl). Supported purl types are apk, cargo, cocoapods, composer, deb, gem, generic, golang, hex, maven, npm, nuget, pub, pypi, rpm, and swift. A version for the package is also required.

Example: pkg%3Amaven%2Fcom.fasterxml.woodstox%2Fwoodstox-core%405.0.0

org_idstring · uuidrequired

Unique identifier for an organization

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

offsetnumber

Specify the number of results to skip before returning results. Must be greater than or equal to 0. Default is 0.

limitnumber

Specify the number of results to return. Must be greater than 0 and less than 1000. Default is 1000.

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/orgs/{org_id}/packages/{purl}/issues?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

400

401

403

404

409

500

{
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
    "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
    "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
  },
  "meta": {
    "package": {
      "name": "spring-core",
      "namespace": "org.springframework",
      "type": "maven",
      "url": "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0",
      "version": "1.0.0"
    }
  },
  "data": [
    {
      "id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
      "type": "issue",
      "attributes": {
        "created_at": "2022-06-16T13:51:13Z",
        "description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
        "slots": {
          "disclosure_time": "2022-06-16T13:51:13Z",
          "publication_time": "2022-06-16T14:00:24.315507Z",
          "references": [
            {
              "title": "text",
              "url": "text"
            }
          ],
          "exploit_details": {
            "sources": [
              "text"
            ],
            "maturity_levels": [
              {
                "format": "CVSSv4",
                "level": "Attacked",
                "type": "primary"
              }
            ]
          }
        },
        "title": "XML External Entity (XXE) Injection",
        "type": "package_vulnerability",
        "updated_at": "2022-06-16T14:00:24.315507Z",
        "effective_severity_level": "info",
        "problems": [
          {
            "disclosed_at": "2025-02-20T19:12:02.244Z",
            "discovered_at": "2025-02-20T19:12:02.244Z",
            "id": "CWE-61",
            "source": "CVE",
            "updated_at": "2025-02-20T19:12:02.244Z",
            "url": "https://example.com"
          }
        ],
        "severities": [
          {
            "level": "medium",
            "score": 5.3,
            "source": "Snyk",
            "type": "primary",
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "4.0"
          }
        ],
        "coordinates": [
          {
            "remedies": [
              {
                "description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
                "type": "indeterminate",
                "details": {
                  "upgrade_package": "5.4.0,6.4.0"
                }
              }
            ],
            "representations": [
              {
                "resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
              }
            ]
          }
        ]
      }
    }
  ]
}

Returns an array of issues

List issues for a given set of packages (Currently not available to all customers)

This endpoint is currently restricted and is not available to all customers. Query issues for a batch of packages identified by Package URL (purl). Only direct vulnerabilities are returned; transitive vulnerabilities (from dependencies) are not included as they can vary depending on the context.

post

/orgs/{org_id}/packages/issues

Authorizations

Path parameters

org_idstring · uuidrequired

Unique identifier for an organization

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

Body

dataobjectrequired

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url 'https://api.snyk.io/rest/orgs/{org_id}/packages/issues?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/vnd.api+json' \
  --data '{"data":{"type":"resource","attributes":{"purls":[null]}}}'

200

400

401

403

404

409

500

{
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
    "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
    "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
  },
  "data": [
    {
      "id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
      "type": "issue",
      "attributes": {
        "created_at": "2022-06-16T13:51:13Z",
        "description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
        "slots": {
          "disclosure_time": "2022-06-16T13:51:13Z",
          "publication_time": "2022-06-16T14:00:24.315507Z",
          "references": [
            {
              "title": "text",
              "url": "text"
            }
          ],
          "exploit_details": {
            "sources": [
              "text"
            ],
            "maturity_levels": [
              {
                "format": "CVSSv4",
                "level": "Attacked",
                "type": "primary"
              }
            ]
          }
        },
        "title": "XML External Entity (XXE) Injection",
        "type": "package_vulnerability",
        "updated_at": "2022-06-16T14:00:24.315507Z",
        "effective_severity_level": "info",
        "problems": [
          {
            "disclosed_at": "2025-02-20T19:12:02.244Z",
            "discovered_at": "2025-02-20T19:12:02.244Z",
            "id": "CWE-61",
            "source": "CVE",
            "updated_at": "2025-02-20T19:12:02.244Z",
            "url": "https://example.com"
          }
        ],
        "severities": [
          {
            "level": "medium",
            "score": 5.3,
            "source": "Snyk",
            "type": "primary",
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "4.0"
          }
        ],
        "coordinates": [
          {
            "remedies": [
              {
                "description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
                "type": "indeterminate",
                "details": {
                  "upgrade_package": "5.4.0,6.4.0"
                }
              }
            ],
            "representations": [
              {
                "resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
              }
            ]
          }
        ]
      }
    }
  ],
  "meta": {
    "errors": [
      {
        "detail": "Not Found",
        "status": "404"
      }
    ]
  }
}

Returns an array of issues with the purl identifier of the package that caused them

Get issues by org ID

Get a list of an organization's issues.

get

/orgs/{org_id}/issues

Authorizations

Path parameters

org_idstring · uuidrequired

Org ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

starting_afterstring

Return the page of results immediately after this cursor

Example: v1.eyJpZCI6IjEwMDAifQo=

ending_beforestring

Return the page of results immediately before this cursor

Example: v1.eyJpZCI6IjExMDAifQo=

limitinteger · int32 · min: 10 · max: 100 · default: 10

Number of results to return per page

Example: 10

scan_item.idstring · uuid

A scan item id to filter issues through their scan item relationship.

Example: 4a18d42f-0706-4ad0-b127-24078731fbee

scan_item.typestring · enum

A scan item types to filter issues through their scan item relationship.

Example: project

Options: project, environment

typestring · enum

The type of an issue.

Example: cloud

Options: package_vulnerability, license, cloud, code, custom, config

updated_beforestring · date-time

A filter to select issues updated before this date.

updated_afterstring · date-time

A filter to select issues updated after this date.

created_beforestring · date-time

A filter to select issues created before this date.

created_afterstring · date-time

A filter to select issues created after this date.

effective_severity_levelstring · enum[]

One or more effective severity levels to filter issues.

statusstring · enum[]

An issue's status

ignoredboolean

Whether an issue is ignored or not.

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/orgs/{org_id}/issues?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

401

403

404

500

An example of a list issue response for a Cloud issue.

An example of a list issue response for a Code issue.

An example of a list issue response for an Infrastructure as Code issue.

An example of a list issue response for an Open Source issue.

{
  "jsonapi": {
    "version": "1.0"
  },
  "data": [
    {
      "id": "d8db944b-d25a-477d-9c26-a63befad8ada",
      "type": "issue",
      "relationships": {
        "organization": {
          "data": {
            "id": "81e93f62-135f-48bc-84d0-47f16822313f",
            "type": "organization"
          }
        },
        "scan_item": {
          "data": {
            "id": "24c8e771-ab3b-4e85-ac4f-f73950ba4acf",
            "type": "environment"
          }
        }
      },
      "attributes": {
        "created_at": "2022-09-27T20:09:05Z",
        "description": "To protect data in transit, an S3 bucket policy should deny all HTTP requests to its objects and allow only HTTPS requests. HTTPS uses Transport Layer Security (TLS) to encrypt data, which preserves integrity and prevents tampering.",
        "effective_severity_level": "medium",
        "ignored": false,
        "key": "b50f2832-a901-565e-9e06-e4e59e8582b6",
        "status": "resolved",
        "title": "S3 bucket policies should only allow requests that use HTTPS",
        "tool": "snyk://cloud",
        "type": "cloud",
        "updated_at": "2022-09-28T20:09:05Z",
        "resolution": {
          "details": "rule_passed",
          "resolved_at": "2022-09-28T20:09:05Z",
          "type": "fixed"
        },
        "classes": [
          {
            "id": "data",
            "source": "snyk-cloud",
            "type": "rule-category"
          },
          {
            "id": "CIS-AWS_v1.3.0_2.1.2",
            "source": "CIS-AWS_v1.3.0",
            "type": "compliance"
          },
          {
            "id": "CIS-AWS_v1.4.0_2.1.2",
            "source": "CIS-AWS_v1.4.0",
            "type": "compliance"
          },
          {
            "id": "HIPAA_§164.306(a)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          },
          {
            "id": "HIPAA_§164.312(a)(2)(iv)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          },
          {
            "id": "HIPAA_v2013_164.312(e)(2)(ii)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          }
        ],
        "problems": [
          {
            "id": "SNYK-CC-00181",
            "source": "snyk-cloud",
            "type": "rule"
          }
        ],
        "coordinates": [
          {
            "remedies": [
              {
                "description": "1. Go to the AWS console\n2. Navigate to the S3 service page\n3. ...",
                "type": "manual",
                "x-gitbook-description-html": "<ol>\n<li>Go to the AWS console</li>\n<li>Navigate to the S3 service page</li>\n<li>...</li>\n</ol>"
              },
              {
                "description": "1. Find the corresponding AWS::S3::Bucket resource\n2. ...",
                "type": "cloudformation",
                "x-gitbook-description-html": "<ol>\n<li>Find the corresponding AWS::S3::Bucket resource</li>\n<li>...</li>\n</ol>"
              },
              {
                "description": "1. Find the corresponding aws_s3_bucket resource\n2. ...",
                "type": "terraform",
                "x-gitbook-description-html": "<ol>\n<li>Find the corresponding aws_s3_bucket resource</li>\n<li>...</li>\n</ol>"
              },
              {
                "description": "Buckets should not ...",
                "type": "rule_result_message",
                "x-gitbook-description-html": "<p>Buckets should not ...</p>"
              }
            ],
            "representations": [
              {
                "cloud_resource": {
                  "environment": {
                    "id": "b50f2832-a901-565e-9e06-e4e59e8582b6",
                    "name": "Staging",
                    "native_id": "721018433921",
                    "type": "aws"
                  },
                  "resource": {
                    "id": "b50f2832-a901-565e-9e06-e4e59e8582b7",
                    "input_type": "cloud_scan",
                    "location": "us-east-1",
                    "name": "policy-test-remediation",
                    "native_id": "arn:aws:s3:::policy-test-remediation",
                    "platform": "aws",
                    "resource_type": "aws_s3_bucket",
                    "type": "cloud",
                    "tags": {
                      "Stage": "Prod"
                    }
                  }
                }
              }
            ]
          }
        ],
        "x-gitbook-description-html": "<p>To protect data in transit, an S3 bucket policy should deny all HTTP requests to its objects and allow only HTTPS requests. HTTPS uses Transport Layer Security (TLS) to encrypt data, which preserves integrity and prevents tampering.</p>"
      }
    }
  ]
}

Returns a collection of issues.

Get an issue

get

/orgs/{org_id}/issues/{issue_id}

Authorizations

Path parameters

org_idstring · uuidrequired

Org ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

issue_idstring · uuidrequired

Issue ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/orgs/{org_id}/issues/{issue_id}?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

400

401

403

404

409

500

{
  "data": {
    "attributes": {
      "created_at": "2025-02-20T19:12:02.244Z",
      "description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
      "exploit_details": {
        "sources": [
          "CISA"
        ],
        "maturity_levels": [
          {
            "format": "CVSS_v4",
            "level": "attacked"
          }
        ]
      },
      "ignored": true,
      "key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
      "resolution": {
        "details": "text",
        "resolved_at": "2025-02-20T19:12:02.244Z",
        "type": "disappeared"
      },
      "risk": {
        "score": {
          "model": "v4",
          "value": 700
        },
        "factors": [
          {
            "name": "deployed",
            "updated_at": "2023-09-07T13:36:37Z",
            "value": true
          }
        ]
      },
      "title": "Insecure hash function used",
      "tool": "snyk://npm-deps",
      "type": "cloud",
      "updated_at": "2025-02-20T19:12:02.244Z",
      "effective_severity_level": "info",
      "status": "open",
      "classes": [
        {
          "id": "CWE-190",
          "source": "CWE",
          "type": "weakness"
        }
      ],
      "coordinates": [
        {
          "is_fixable_manually": true,
          "is_fixable_snyk": true,
          "is_fixable_upstream": true,
          "is_patchable": true,
          "is_pinnable": true,
          "is_upgradeable": true,
          "reachability": "function",
          "remedies": [
            {
              "correlation_id": "text",
              "description": "text",
              "meta": {
                "data": {
                  "ANY_ADDITIONAL_PROPERTY": "anything"
                },
                "schema_version": "text"
              },
              "type": "indeterminate"
            }
          ],
          "representations": [
            {
              "resourcePath": "text"
            }
          ]
        }
      ],
      "problems": [
        {
          "id": "SNYK-DEBIAN8-CURL-358558",
          "source": "snyk",
          "type": "rule"
        }
      ],
      "severities": [
        {
          "level": "medium",
          "modification_time": "2025-02-20T19:12:02.244Z",
          "score": 4.2,
          "source": "snyk",
          "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
          "version": "4.0"
        }
      ]
    },
    "id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
    "relationships": {
      "ignore": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
          "type": "ignore"
        }
      },
      "organization": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
          "type": "organization"
        }
      },
      "scan_item": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
          "type": "project"
        }
      },
      "test_executions": {
        "data": [
          {
            "id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
            "type": "test-workflow-execution"
          }
        ]
      }
    },
    "type": "issue"
  },
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
    "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
    "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
  }
}

Returns an instance of an issue

Get issues by group ID

Get a list of a group's issues.

get

/groups/{group_id}/issues

Authorizations

Path parameters

group_idstring · uuidrequired

Group ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

starting_afterstring

Return the page of results immediately after this cursor

Example: v1.eyJpZCI6IjEwMDAifQo=

ending_beforestring

Return the page of results immediately before this cursor

Example: v1.eyJpZCI6IjExMDAifQo=

limitinteger · int32 · min: 10 · max: 100 · default: 10

Number of results to return per page

Example: 10

scan_item.idstring · uuid

A scan item id to filter issues through their scan item relationship.

Example: 4a18d42f-0706-4ad0-b127-24078731fbee

scan_item.typestring · enum

A scan item types to filter issues through their scan item relationship.

Example: project

Options: project, environment

typestring · enum

The type of an issue.

Example: cloud

Options: package_vulnerability, license, cloud, code, custom, config

updated_beforestring · date-time

A filter to select issues updated before this date.

updated_afterstring · date-time

A filter to select issues updated after this date.

created_beforestring · date-time

A filter to select issues created before this date.

created_afterstring · date-time

A filter to select issues created after this date.

effective_severity_levelstring · enum[]

One or more effective severity levels to filter issues.

statusstring · enum[]

An issue's status

ignoredboolean

Whether an issue is ignored or not.

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/groups/{group_id}/issues?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

401

403

404

500

An example of a list issue response for a Cloud issue.

An example of a list issue response for a Code issue.

An example of a list issue response for an Infrastructure as Code issue.

An example of a list issue response for an Open Source issue.

{
  "jsonapi": {
    "version": "1.0"
  },
  "data": [
    {
      "id": "d8db944b-d25a-477d-9c26-a63befad8ada",
      "type": "issue",
      "relationships": {
        "organization": {
          "data": {
            "id": "81e93f62-135f-48bc-84d0-47f16822313f",
            "type": "organization"
          }
        },
        "scan_item": {
          "data": {
            "id": "24c8e771-ab3b-4e85-ac4f-f73950ba4acf",
            "type": "environment"
          }
        }
      },
      "attributes": {
        "created_at": "2022-09-27T20:09:05Z",
        "description": "To protect data in transit, an S3 bucket policy should deny all HTTP requests to its objects and allow only HTTPS requests. HTTPS uses Transport Layer Security (TLS) to encrypt data, which preserves integrity and prevents tampering.",
        "effective_severity_level": "medium",
        "ignored": false,
        "key": "b50f2832-a901-565e-9e06-e4e59e8582b6",
        "status": "resolved",
        "title": "S3 bucket policies should only allow requests that use HTTPS",
        "tool": "snyk://cloud",
        "type": "cloud",
        "updated_at": "2022-09-28T20:09:05Z",
        "resolution": {
          "details": "rule_passed",
          "resolved_at": "2022-09-28T20:09:05Z",
          "type": "fixed"
        },
        "classes": [
          {
            "id": "data",
            "source": "snyk-cloud",
            "type": "rule-category"
          },
          {
            "id": "CIS-AWS_v1.3.0_2.1.2",
            "source": "CIS-AWS_v1.3.0",
            "type": "compliance"
          },
          {
            "id": "CIS-AWS_v1.4.0_2.1.2",
            "source": "CIS-AWS_v1.4.0",
            "type": "compliance"
          },
          {
            "id": "HIPAA_§164.306(a)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          },
          {
            "id": "HIPAA_§164.312(a)(2)(iv)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          },
          {
            "id": "HIPAA_v2013_164.312(e)(2)(ii)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          }
        ],
        "problems": [
          {
            "id": "SNYK-CC-00181",
            "source": "snyk-cloud",
            "type": "rule"
          }
        ],
        "coordinates": [
          {
            "remedies": [
              {
                "description": "1. Go to the AWS console\n2. Navigate to the S3 service page\n3. ...",
                "type": "manual",
                "x-gitbook-description-html": "<ol>\n<li>Go to the AWS console</li>\n<li>Navigate to the S3 service page</li>\n<li>...</li>\n</ol>"
              },
              {
                "description": "1. Find the corresponding AWS::S3::Bucket resource\n2. ...",
                "type": "cloudformation",
                "x-gitbook-description-html": "<ol>\n<li>Find the corresponding AWS::S3::Bucket resource</li>\n<li>...</li>\n</ol>"
              },
              {
                "description": "1. Find the corresponding aws_s3_bucket resource\n2. ...",
                "type": "terraform",
                "x-gitbook-description-html": "<ol>\n<li>Find the corresponding aws_s3_bucket resource</li>\n<li>...</li>\n</ol>"
              },
              {
                "description": "Buckets should not ...",
                "type": "rule_result_message",
                "x-gitbook-description-html": "<p>Buckets should not ...</p>"
              }
            ],
            "representations": [
              {
                "cloud_resource": {
                  "environment": {
                    "id": "b50f2832-a901-565e-9e06-e4e59e8582b6",
                    "name": "Staging",
                    "native_id": "721018433921",
                    "type": "aws"
                  },
                  "resource": {
                    "id": "b50f2832-a901-565e-9e06-e4e59e8582b7",
                    "input_type": "cloud_scan",
                    "location": "us-east-1",
                    "name": "policy-test-remediation",
                    "native_id": "arn:aws:s3:::policy-test-remediation",
                    "platform": "aws",
                    "resource_type": "aws_s3_bucket",
                    "type": "cloud",
                    "tags": {
                      "Stage": "Prod"
                    }
                  }
                }
              }
            ]
          }
        ],
        "x-gitbook-description-html": "<p>To protect data in transit, an S3 bucket policy should deny all HTTP requests to its objects and allow only HTTPS requests. HTTPS uses Transport Layer Security (TLS) to encrypt data, which preserves integrity and prevents tampering.</p>"
      }
    }
  ]
}

Returns a collection of issues.

Get an issue

get

/groups/{group_id}/issues/{issue_id}

Authorizations

Path parameters

group_idstring · uuidrequired

Group ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

issue_idstring · uuidrequired

Issue ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/groups/{group_id}/issues/{issue_id}?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

400

401

403

404

409

500

{
  "data": {
    "attributes": {
      "created_at": "2025-02-20T19:12:02.244Z",
      "description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
      "exploit_details": {
        "sources": [
          "CISA"
        ],
        "maturity_levels": [
          {
            "format": "CVSS_v4",
            "level": "attacked"
          }
        ]
      },
      "ignored": true,
      "key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
      "resolution": {
        "details": "text",
        "resolved_at": "2025-02-20T19:12:02.244Z",
        "type": "disappeared"
      },
      "risk": {
        "score": {
          "model": "v4",
          "value": 700
        },
        "factors": [
          {
            "name": "deployed",
            "updated_at": "2023-09-07T13:36:37Z",
            "value": true
          }
        ]
      },
      "title": "Insecure hash function used",
      "tool": "snyk://npm-deps",
      "type": "cloud",
      "updated_at": "2025-02-20T19:12:02.244Z",
      "effective_severity_level": "info",
      "status": "open",
      "classes": [
        {
          "id": "CWE-190",
          "source": "CWE",
          "type": "weakness"
        }
      ],
      "coordinates": [
        {
          "is_fixable_manually": true,
          "is_fixable_snyk": true,
          "is_fixable_upstream": true,
          "is_patchable": true,
          "is_pinnable": true,
          "is_upgradeable": true,
          "reachability": "function",
          "remedies": [
            {
              "correlation_id": "text",
              "description": "text",
              "meta": {
                "data": {
                  "ANY_ADDITIONAL_PROPERTY": "anything"
                },
                "schema_version": "text"
              },
              "type": "indeterminate"
            }
          ],
          "representations": [
            {
              "resourcePath": "text"
            }
          ]
        }
      ],
      "problems": [
        {
          "id": "SNYK-DEBIAN8-CURL-358558",
          "source": "snyk",
          "type": "rule"
        }
      ],
      "severities": [
        {
          "level": "medium",
          "modification_time": "2025-02-20T19:12:02.244Z",
          "score": 4.2,
          "source": "snyk",
          "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
          "version": "4.0"
        }
      ]
    },
    "id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
    "relationships": {
      "ignore": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
          "type": "ignore"
        }
      },
      "organization": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
          "type": "organization"
        }
      },
      "scan_item": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
          "type": "project"
        }
      },
      "test_executions": {
        "data": [
          {
            "id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
            "type": "test-workflow-execution"
          }
        ]
      }
    },
    "type": "issue"
  },
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
    "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
    "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
  }
}

Returns an instance of an issue