# Issues#CreateIssue

Create a new Security Issue

Endpoint: POST /sto/api/v2/issues
Version: 1.0
Security: 

## Query parameters:

  - `accountId` (string, required)
    Harness Account ID
    Example: "abcdef1234567890ghijkl"

  - `normalized` (boolean)
    Indicates the Occurrences have already been normalized

## Header parameters:

  - `X-Api-Key` (string)
    Harness personal or service access token
    Example: "Inventore et ex atque accusamus."

## Request fields (application/json):

  - `details` (object, required)
    Issue details common to all occurrences
    Example: {"package":"json-schema","version":"v0.2.3"}

  - `epssLastModified` (string)
    Last date the issue EPSS data was last modified
    Example: "2025-05-01"

  - `epssPercentile` (number)
    EPSS percentile of the issue CVE identifier
    Example: 0.15

  - `epssScore` (number)
    EPSS score of the issue CVE identifier
    Example: 0.035

  - `exemptionId` (string)
    ID of Security Test Exemption
    Example: "abcdef1234567890ghijkl"

  - `key` (string, required)
    Compression/deduplication key
    Example: "json-schema@0.2.3"

  - `keyPattern` (array, required)
    The pattern of fields used to generate this Security Issue's Key
    Example: ["library_name","library_version"]

  - `numOccurrences` (integer)
    Indicates the number of Occurrences on the Issue
    Example: 10

  - `occurrences` (array)
    Array of details unique to each occurrence
    Example: [{"line":"42"},{"line":"666"}]

  - `productId` (string, required)
    The scan tool that identified this Security Issue
    Example: "product1234567890abcde"

  - `scanId` (string, required)
    The Security Scan execution that detected this Security Issue
    Example: "abcdef1234567890ghijkl"

  - `severity` (number, required)
    Numeric severity, from 0 (lowest) to 10 (highest)
    Example: 8.5

  - `severityCode` (string, required)
    Severity code
    Enum: "Critical", "High", "Medium", "Low", "Info", "Unassigned"

  - `subproduct` (string)
    The subproduct that identified this Security Issue
    Example: "product"

  - `targetVariantName` (string)
    Name of the associated Target and Variant
    Example: "nodegoat:master"

  - `title` (string, required)
    Title of the Security Issue
    Example: "Semgrep Finding: generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash"

  - `type` (string)
    The type of vulnerability or quality issue for this Issue
    Enum: "SAST", "DAST", "SCA", "IAC", "SECRET", "MISCONFIG", "BUG_SMELLS", "CODE_SMELLS", "CODE_COVERAGE", "EXTERNAL_POLICY"

## Response 200 fields (application/json):

  - `id` (string, required)
    Resource identifier
    Example: "abcdef1234567890ghijkl"

## Response 400 fields (application/json):

  - `message` (string, required)
    Example: "Not Found"

  - `status` (integer)
    Example: 404


