Projects (v1)

This document uses the v1 API. For more details, see the v1 API.

Update a project

Required permissions

View Organization
View Project
Edit Project

PUThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}

Path parameters

orgId*string

The organization ID the project belongs to. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID.

Example: "463c1ee5-31bc-428c-b451-b79a3270db08"

Body

ownerall of

branchstring

The branch that this project should be monitoring

Example: "main"

any

Response

Body

namestring

Example: "snyk/goof"

idstring

The project identifier

Example: "af137b96-6966-46c1-826b-2e79ac49bbd9"

createdstring

The date that the project was created on

Example: "2018-10-29T09:50:54.014Z"

originstring

The origin the project was added from

Example: "github"

typestring

The package manager of the project

Example: "maven"

readOnlyboolean

Whether the project is read-only

Example: false

testFrequencystring

The frequency of automated Snyk re-test. Can be 'daily', 'weekly or 'never'

Example: "daily"

totalDependenciesnumber

Number of dependencies of the project

Example: 42

issueCountsBySeverityall of

imageIdstring

For docker projects shows the ID of the image

Example: "sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019"

imageTagstring

For docker projects shows the tag of the image

Example: "latest"

imageBaseImagestring

For docker projects shows the base image

Example: "alpine:3"

imagePlatformstring

For docker projects shows the platform of the image

Example: "linux/arm64"

imageClusterstring

For Kubernetes projects shows the origin cluster name

Example: "Production"

hostnamenullable string

The hostname for a CLI project, null if not set

remoteRepoUrlstring

The project remote repository url. Only set for projects imported via the Snyk CLI tool.

Example: "https://github.com/snyk/goof.git"

lastTestedDatestring

The date on which the most recent test was conducted for this project

Example: "2019-02-05T08:54:07.704Z"

ownernullable object

The user who owns the project, null if not set

{ "id": "e713cf94-bb02-4ea0-89d9-613cce0caed2", "name": "example-user@snyk.io", "username": "exampleUser", "email": "example-user@snyk.io" }

browseUrlstring

URL with project overview

Example: "https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9"

importingUserall of

isMonitoredboolean

Describes if a project is currently monitored or it is de-activated

branchnullable string

The monitored branch (if available)

targetReferencenullable string

The identifier for which revision of the resource is scanned by Snyk. For example this may be a branch for SCM project, or a tag for a container image

tagsarray of string

List of applied tags

attributesstring

Applied project attributes

remediationall of

Request

Response

Retrieve a single project

Required permissions

View Organization
View Project
View Project Snapshot

GEThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}

Path parameters

orgId*string

The organization ID the project belongs to. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID.

Example: "463c1ee5-31bc-428c-b451-b79a3270db08"

Header parameters

Response

Body

namestring

Example: "snyk/goof"

idstring

The project identifier

Example: "af137b96-6966-46c1-826b-2e79ac49bbd9"

createdstring

The date that the project was created on

Example: "2018-10-29T09:50:54.014Z"

originstring

The origin the project was added from

Example: "github"

typestring

The package manager of the project

Example: "maven"

readOnlyboolean

Whether the project is read-only

Example: false

testFrequencystring

The frequency of automated Snyk re-test. Can be 'daily', 'weekly or 'never'

Example: "daily"

totalDependenciesnumber

Number of dependencies of the project

Example: 42

issueCountsBySeverityall of

imageIdstring

For docker projects shows the ID of the image

Example: "sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019"

imageTagstring

For docker projects shows the tag of the image

Example: "latest"

imageBaseImagestring

For docker projects shows the base image

Example: "alpine:3"

imagePlatformstring

For docker projects shows the platform of the image

Example: "linux/arm64"

imageClusterstring

For Kubernetes projects shows the origin cluster name

Example: "Production"

hostnamenullable string

The hostname for a CLI project, null if not set

remoteRepoUrlstring

The project remote repository url. Only set for projects imported via the Snyk CLI tool.

Example: "https://github.com/snyk/goof.git"

lastTestedDatestring

The date on which the most recent test was conducted for this project

Example: "2019-02-05T08:54:07.704Z"

ownernullable object

The user who owns the project, null if not set

{ "id": "e713cf94-bb02-4ea0-89d9-613cce0caed2", "name": "example-user@snyk.io", "username": "exampleUser", "email": "example-user@snyk.io" }

browseUrlstring

URL with project overview

Example: "https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9"

importingUserall of

isMonitoredboolean

Describes if a project is currently monitored or it is de-activated

branchnullable string

The monitored branch (if available)

targetReferencenullable string

The identifier for which revision of the resource is scanned by Snyk. For example this may be a branch for SCM project, or a tag for a container image

tagsarray of string

List of applied tags

attributesstring

Applied project attributes

remediationall of

Request

Response

Delete a project

Required permissions

View Organization
View Project
Remove Project

DELETEhttps://api.snyk.io/v1/org/{orgId}/project/{projectId}

Path parameters

orgId*string

The organization ID the project belongs to. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID.

Example: "463c1ee5-31bc-428c-b451-b79a3270db08"

Header parameters

Response

Request

Add a tag to a project

Required permissions

Group Admin

POSThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/tags

Path parameters

orgId*string

The organization ID. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID to apply the tag to

Example: "6d5813be-7e6d-4ab8-80c2-1e3e2a454545"

Body

keystring

Alphanumeric including - and _ with a limit of 30 characters

Example: "example-tag-key"

valuestring

Alphanumeric including - and _ with a limit of 50 characters

Example: "example-tag-value"

any

Response

Body

tagsarray of Tag

Tags now applied to the project

any

Request

Response

Remove a tag from a project

Required permissions

Group Admin

POSThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/tags/remove

Path parameters

orgId*string

The organization ID. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID to remove a tag from

Example: "6d5813be-7e6d-4ab8-80c2-1e3e2a454545"

Body

keystring

Alphanumeric including - and _ with a limit of 30 characters

Example: "example-tag-key"

valuestring

Alphanumeric including - and _ with a limit of 50 characters

Example: "example-tag-value"

any

Response

Body

tagsarray of Tag

Tags now applied to the project

any

Request

Response

Update project settings

Required permissions

View Organization
View Project
Edit Project

PUThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/settings

Path parameters

orgId*string

The organization ID to which the project belongs. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID

Example: "463c1ee5-31bc-428c-b451-b79a3270db08"

Body

autoDepUpgradeEnabledboolean

If set to true, Snyk will raise dependency upgrade PRs automatically.

autoDepUpgradeIgnoredDependenciesarray of string

An array of comma-separated strings with names of dependencies you wish Snyk to ignore to upgrade.

autoDepUpgradeMinAgenumber

The age (in days) that an automatic dependency check is valid for

autoDepUpgradeLimitnumber

The limit on auto dependency upgrade PRs.

pullRequestFailOnAnyVulnsboolean

If set to true, fail Snyk Test if the repo has any vulnerabilities. Otherwise, fail only when the PR is adding a vulnerable dependency.

pullRequestFailOnlyForHighSeverityboolean

If set to true, fail Snyk Test only for high and critical severity vulnerabilities

pullRequestTestEnabledboolean

If set to true, Snyk Test checks PRs for vulnerabilities.:cq

pullRequestAssignmentstring

assign Snyk pull requests

autoRemediationPrsstring

Defines automatic remediation policies

any

Response

The response will contain the attributes and values that have been sent in the request and successfully updated.

Body

autoDepUpgradeEnabledboolean

If set to true, Snyk will raise dependency upgrade PRs automatically.

autoDepUpgradeIgnoredDependenciesarray of string

An array of comma-separated strings with names of dependencies you wish Snyk to ignore to upgrade.

autoDepUpgradeMinAgenumber

The age (in days) that an automatic dependency check is valid for

autoDepUpgradeLimitnumber

The limit on auto dependency upgrade PRs.

pullRequestFailOnAnyVulnsboolean

If set to true, fail Snyk Test if the repo has any vulnerabilities. Otherwise, fail only when the PR is adding a vulnerable dependency.

pullRequestFailOnlyForHighSeverityboolean

If set to true, fail Snyk Test only for high and critical severity vulnerabilities

pullRequestTestEnabledboolean

If set to true, Snyk Test checks PRs for vulnerabilities.:cq

pullRequestAssignmentstring

assign Snyk pull requests

autoRemediationPrsstring

Defines automatic remediation policies

any

The response will contain the attributes and values that have been sent in the request and successfully updated.

Request

Response

List project settings

Required permissions

View Organization
View Project

GEThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/settings

Path parameters

orgId*string

The organization ID to which the project belongs. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID

Example: "463c1ee5-31bc-428c-b451-b79a3270db08"

Header parameters

Response

The response will contain only attributes that can be updated (see ATTRIBUTES section in Update project settings) and that have been previously set.

Body

autoDepUpgradeEnabledboolean

If set to true, Snyk will raise dependency upgrade PRs automatically.

autoDepUpgradeIgnoredDependenciesarray of string

An array of comma-separated strings with names of dependencies you wish Snyk to ignore to upgrade.

autoDepUpgradeMinAgenumber

The age (in days) that an automatic dependency check is valid for

autoDepUpgradeLimitnumber

The limit on auto dependency upgrade PRs.

pullRequestFailOnAnyVulnsboolean

If set to true, fail Snyk Test if the repo has any vulnerabilities. Otherwise, fail only when the PR is adding a vulnerable dependency.

pullRequestFailOnlyForHighSeverityboolean

If set to true, fail Snyk Test only for high and critical severity vulnerabilities

pullRequestTestEnabledboolean

If set to true, Snyk Test checks PRs for vulnerabilities.:cq

pullRequestAssignmentstring

assign Snyk pull requests

autoRemediationPrsstring

Defines automatic remediation policies

any

The response will contain only attributes that can be updated (see ATTRIBUTES section in Update project settings) and that have been previously set.

Request

Response

Delete project settings

Deleting project settings will set the project to inherit default settings from its integration.

Required permissions

View Organization
View Project
Edit Project

DELETEhttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/settings

Path parameters

orgId*string

The organization ID to which the project belongs. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID

Example: "463c1ee5-31bc-428c-b451-b79a3270db08"

Header parameters

Response

Request

Move project to a different organization

Note: when moving a project to a new organization, the historical data used for reporting does not move with it.

Required permissions

View Organization
View Project
Move Project

PUThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/move

Path parameters

orgId*string

The organization ID to which the project belongs. The API_KEY must have group admin permissions. If the project is moved to a new group, a personal level API key is needed.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID.

Example: "463c1ee5-31bc-428c-b451-b79a3270db08"

Body

targetOrgIdstring

The ID of the organization that the project should be moved to. The API_KEY must have group admin permissions. If the project is moved to a new group, a personal level API key is needed.

any

Response

Body

originOrg*string

destinationOrg*string

movedProject*string

any

Request

Response

List all project issue paths

Required permissions

View Project
View Project Snapshot

GEThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/issue/{issueId}/paths

Path parameters

orgId*string

The organization ID. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID for which to return issue paths.

Example: "6d5813be-7e6d-4ab8-80c2-1e3e2a454545"

issueId*string

The issue ID for which to return issue paths.

Example: "SNYK-JS-LODASH-590103"

Query parameters

Header parameters

Response

Headers

Body

snapshotIdstring

The identifier of the snapshot for which the paths have been found

pathsarray of array of any

A list of the dependency paths that introduce the issue

totalnumber

The total number of results

linksall of

any

Request

Response

Get Project dependency graph

Required permissions

View Organization
View Project
View Project Snapshot

GEThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/dep-graph

Path parameters

orgId*string

The organization ID. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID to return issues for.

Example: "6d5813be-7e6d-4ab8-80c2-1e3e2a454545"

Header parameters

Response

A reference implementation of the graph, as well as conversion functions to/from legacy tree format, can be found at: https://github.com/snyk/dep-graph.
The object might contain additional fields in the future, in a backward-compatible way (schemaVersion will change accordingly).

Body

depGraph*all of

any

A reference implementation of the graph, as well as conversion functions to/from legacy tree format, can be found at: https://github.com/snyk/dep-graph.
The object might contain additional fields in the future, in a backward-compatible way (schemaVersion will change accordingly).

Request

Response

Deactivate

Deactivating a project will:

Disable pull request tests for new vulnerabilities.
Disable Fix pull request from being opened for newly disclosed vulnerabilities.
Disable recurring tests - email alerts about newly disclosed vulnerabilities will be turned off.
If the repository has no other active projects, then remove any webhooks related to the project.

Required permissions

View Organization
View Project
Project Status

POSThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/deactivate

Path parameters

orgId*string

The organization ID the project belongs to. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID.

Example: "463c1ee5-31bc-428c-b451-b79a3270db08"

Header parameters

Response

Request

Applying attributes

Attributes are static and non-configurable fields which allow to add additional metadata to a project. Attributes have a pre-defined list of values that a user can select from.

Business criticality	Environment	Lifecycle stage
critical	frontend	production
high	backend	development
medium	internal	sandbox
low	external
	mobile
	saas
	onprem
	hosted
	distributed
It is possible to assign multiple values to each attribute, but you can only assign values to one of the predefined attribute categories, using the predefined options for this category.
Assigning an attribute requires the caller to be either an Organization Administrator or a Group Administrator.
Assigning an attribute will override any existing values that the specific attribute already has set.
In order to clear out an attribute value, an empty array can be set.

Note: Organization admins can add an attribute to a Project. However, only Group admins can modify Project attributes in cases where attributes match a policy, because policies can only be managed by Group admins.

Required permissions

View Organization
View Project
Edit Project Attributes

POSThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/attributes

Path parameters

orgId*string

The organization ID. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID to remove a tag from

Example: "6d5813be-7e6d-4ab8-80c2-1e3e2a454545"

Body

criticalityarray of criticality

environmentarray of environment

lifecyclearray of lifecycle

any

Response

Body

attributesProjectattributes

any

Request

Response

List all Aggregated issues

Required permissions

View Project
View Project Snapshot

POSThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/aggregated-issues

Path parameters

orgId*string

The organization ID. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID to return issues for.

Example: "6d5813be-7e6d-4ab8-80c2-1e3e2a454545"

Body

includeDescriptionboolean

If set to true, Include issue's description, if set to false (by default), it won't (Non-IaC projects only)

includeIntroducedThroughboolean

If set to true, include the dockerfile instruction that the issue is introducedThrough. If set to false (default), it won’t. This only applies to Container projects with an associated Dockerfile (CLI or Container Registry source)

filtersaggregatedProjectIssuesFilter

any

Response

Body

issuesarray of aggregatedProjectIssue

An array of identified issues

Request

Response

Activate

Activating a project will:

Add a repository webhook for supported integrations.
Enable pull request tests for new vulnerabilities.
Open Fix pull request for newly disclosed vulnerabilities.
Enable recurring tests, sending email alerts about newly disclosed vulnerabilities.

Required permissions

View Organization
View Project
Project Status

POSThttps://api.snyk.io/v1/org/{orgId}/project/{projectId}/activate

Path parameters

orgId*string

The organization ID the project belongs to. The API_KEY must have access to this organization.

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

projectId*string

The project ID.

Example: "463c1ee5-31bc-428c-b451-b79a3270db08"

Header parameters

Response

Request

PreviousOrgs NextProjects

Last updated 3 months ago

{ "snapshotId": "6d5813be-7e6d-4ab8-80c2-1e3e2a454553", "paths": [ [ { "name": "tap", "version": "11.1.5" }, { "name": "nyc", "version": "11.9.0" }, { "name": "istanbul-lib-instrument", "version": "1.10.1" }, { "name": "babel-traverse", "version": "6.26.0" }, { "name": "lodash", "version": "4.17.10" } ], [ { "name": "tap", "version": "11.1.5", "fixVersion": "11.1.5" }, { "name": "nyc", "version": "11.9.0" }, { "name": "istanbul-lib-instrument", "version": "1.10.1" }, { "name": "babel-template", "version": "6.26.0" }, { "name": "lodash", "version": "4.17.10" } ], [ { "name": "tap", "version": "11.1.5", "fixVersion": "11.1.6" }, { "name": "nyc", "version": "11.9.0" }, { "name": "istanbul-lib-instrument", "version": "1.10.1" }, { "name": "babel-generator", "version": "6.26.1" }, { "name": "babel-types", "version": "6.26.0" }, { "name": "lodash", "version": "4.17.10" } ] ], "total": 10, "links": { "prev": "https://api.snyk.io/v1/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/6d5813be-7e6d-4ab8-80c2-1e3e2a454545/issue/SNYK-JS-LODASH-590103?snapshotId=6d5813be-7e6d-4ab8-80c2-1e3e2a454553&page=1&perPage=3", "next": "https://api.snyk.io/v1/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/6d5813be-7e6d-4ab8-80c2-1e3e2a454545/issue/SNYK-JS-LODASH-590103?snapshotId=6d5813be-7e6d-4ab8-80c2-1e3e2a454553&page=3&perPage=3", "last": "https://api.snyk.io/v1/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/6d5813be-7e6d-4ab8-80c2-1e3e2a454545/issue/SNYK-JS-LODASH-590103?snapshotId=6d5813be-7e6d-4ab8-80c2-1e3e2a454553&page=4&perPage=3" } }

{ "issues": [ { "id": "npm:ms:20170412", "issueType": "vuln", "pkgName": "ms", "pkgVersions": [ "text" ], "issueData": { "id": "npm:ms:20170412", "title": "Regular Expression Denial of Service (ReDoS)", "severity": "low", "originalSeverity": "high", "url": "https://snyk.io/vuln/npm:ms:20170412", "description": "`## Overview\\r\\n[`ms`](https://www.npmjs.com/package/ms) is a tiny millisecond conversion utility.\\r\\n\\r\\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to an incomplete fix for previously reported vulnerability [npm:ms:20151024](https://snyk.io/vuln/npm:ms:20151024). The fix limited the length of accepted input string to 10,000 characters, and turned to be insufficient making it possible to block the event loop for 0.3 seconds (on a typical laptop) with a specially crafted string passed to `ms", "identifiers": { "CVE": [ "text" ], "CWE": [ "text" ], "OSVDB": [ "text" ] }, "credit": [ "text" ], "exploitMaturity": "no-known-exploit", "semver": { "vulnerable": [ "text" ], "unaffected": "text" }, "publicationTime": "2017-05-15T06:02:45Z", "disclosureTime": "2017-04-11T21:00:00Z", "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvssScore": 3.7, "severities": [ { "assigner": "NVD", "severity": "medium", "baseScore": 4.8, "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A", "cvssVersion": "4.0", "modificationTime": "2024-03-07T07:47:26.644482Z" } ], "exploitDetails": { "sources": [ "CISA" ], "maturityLevels": [ { "format": "CVSS_v3", "level": "no-known-exploit" } ] }, "language": "js", "patches": [ { "id": "patch:npm:ms:20170412:0", "urls": [ "text" ], "version": "=1.0.0", "comments": [ "text" ], "modificationTime": "2019-12-03T11:40:45.863964Z" } ], "nearestFixedInVersion": "2.0.0", "path": "[DocId: 1].input.spec.template.spec.containers[snyk2].securityContext.privileged", "violatedPolicyPublicId": "SNYK-CC-K8S-1", "isMaliciousPackage": true }, "introducedThrough": [ { "kind": "imageLayer" } ], "isPatched": false, "isIgnored": false, "ignoreReasons": [ { "reason": "text", "expires": "text", "source": {} } ], "fixInfo": { "isUpgradable": false, "isPinnable": false, "isPatchable": false, "isFixable": false, "isPartiallyFixable": false, "nearestFixedInVersion": "2.0.0", "fixedIn": [ "text" ] }, "priority": { "score": 399, "factors": [] }, "links": { "paths": "text" } } ] }