# Scans#ScanIssueOccurrences Returns occurrences for a scan specific issue Endpoint: GET /sto/api/v2/scans/{id}/issue/{issueId}/occurrences Version: 1.0 Security: ## Query parameters: - `accountId` (string, required) Harness Account ID Example: "abcdef1234567890ghijkl" - `orgId` (string) Harness Organization ID Example: "example_org" - `projectId` (string) Harness Project ID Example: "example_project" - `page` (integer) Page number to fetch (starting from 0) Example: 4 - `pageSize` (integer) Number of results per page Example: 50 - `search` (string) Example: "CWE-123,5" - `exemptionStatus` (string) Example: "EXEMPTED,REJECTED" - `sort` (string) The field to sort by Example: "Odit cum magni rerum ut." - `order` (string) The order to sort by Enum: "ASC", "DESC" - `exemptionId` (string) ID of Security Test Exemption if the API call is for scan + issue + exemption, needed for exemption issue target occurrences detail Example: "abcdef1234567890ghijkl" ## Path parameters: - `id` (string, required) The ID of the Security Test Scan Example: "Sit laborum cumque." - `issueId` (string, required) The ID of the Security Test Issue Example: "Esse quo ullam nesciunt rem." ## Header parameters: - `X-Api-Key` (string) Harness personal or service access token Example: "Earum quod quae quia nihil praesentium tempore." ## Response 200 fields (application/json): - `baseImageName` (string) base image name of the issue Example: "baseImageName" - `baseImageOrgId` (string) org id of the issue from where the base image is being referred Example: "default" - `baseImageProjectId` (string) project id of the issue from where the base image is being referred Example: "STO" - `baselineVariantId` (string) The Baseline Target Variant related to this Security Issue Example: "abcdef1234567890ghijkl" - `created` (integer, required) Unix timestamp at which the resource was created Example: 1651578240 - `currentStatus` (string) Current status of the Exemption Enum: "Pending", "Approved", "Rejected", "Expired" - `details` (object, required) Issue details common to all occurrences Example: {"package":"json-schema","version":"v0.2.3"} - `exemptionCoverage` (string) Indicates if the Security Issue was found to be Exempted, Partially Exempted. Example: "Partially Exempted" - `exemptionId` (string) ID of the associated Exemption Example: "abcdef1234567890ghijkl" - `exemptionStatusAtScan` (string) Exemption's status at the Security Scan created time Enum: "Pending", "Approved", "Rejected", "Expired" - `gitMetadata` (object) Git Metadata associated with the Scan Example: {"detectedName":"Error distinctio aut blanditiis debitis.","detectedVariant":"Non totam aut sit.","droneCorrelated":false,"provider":"Et expedita vitae adipisci qui maiores est.","pullRequestNumber":11,"repositoryHttp":"https://github.com/harness/drone-cli.git","repositoryPath":["Magni assumenda quibusdam deleniti.","Ut repellat praesentium dicta id quo.","Suscipit voluptatem voluptatem doloribus deleniti quia.","Excepturi animi debitis beatae facere maiores."],"repositorySsh":"git@github.com:harness/drone-cli.git","sourceBranch":"feat/shiny-object","targetBranch":"develop","workspace":"/harness"} - `gitMetadata.detectedName` (string) Detected Name Example: "Error distinctio aut blanditiis debitis." - `gitMetadata.detectedVariant` (string) Detected Variant Example: "Non totam aut sit." - `gitMetadata.droneCorrelated` (boolean) Drone Correlated Example: true - `gitMetadata.provider` (string) Git Provider Example: "Et expedita vitae adipisci qui maiores est." - `gitMetadata.pullRequestNumber` (integer) Git Pull Request Number Example: 11 - `gitMetadata.repositoryHttp` (string) Git HTTP Repository Example: "https://github.com/harness/drone-cli.git" - `gitMetadata.repositoryPath` (array) Git Repository Path Example: ["Magni assumenda quibusdam deleniti.","Ut repellat praesentium dicta id quo.","Suscipit voluptatem voluptatem doloribus deleniti quia.","Excepturi animi debitis beatae facere maiores."] - `gitMetadata.repositorySsh` (string) Git SSH Repository Example: "git@github.com:harness/drone-cli.git" - `gitMetadata.sourceBranch` (string) Git Source Branch Example: "feat/shiny-object" - `gitMetadata.targetBranch` (string) Git Target Branch Example: "develop" - `gitMetadata.workspace` (string) Git Workspace Root Example: "/harness" - `harnessAugmentation` (object) Harness Augmentation details Example: {"Fugiat ut aut.":"Et tenetur qui nihil aspernatur.","Qui voluptatem ea vel.":"Sed architecto autem doloribus accusamus doloremque.","Recusandae quas ipsum sunt aperiam.":"Rerum quis quasi praesentium eum."} - `id` (string, required) Resource identifier Example: "abcdef1234567890ghijkl" - `key` (string, required) Compression/deduplication key Example: "json-schema@0.2.3" - `lastBaseImageScanAt` (integer) last scan timestamp of the base image being referred Example: 1651578240 - `numNonExemptedOccurrences` (integer, required) Indicates the number of Occurrences which dont have an active exemption on the Occurrence Example: 10 - `numOccurrences` (integer, required) Indicates the number of Occurrences on the Issue Example: 10 - `occurrenceId` (integer) Example: 12345 - `occurrences` (array) Array of details unique to each occurrence Example: [{"line":"42"},{"line":"666"}] - `occurrencesPagination` (object, required) Example: {"link":"","page":4,"pageSize":20,"totalItems":230,"totalPages":12} - `occurrencesPagination.link` (string) Link-based paging - `occurrencesPagination.page` (integer, required) Page number (starting from 0) Example: 4 - `occurrencesPagination.pageSize` (integer, required) Requested page size Example: 20 - `occurrencesPagination.totalItems` (integer, required) Total results available Example: 230 - `occurrencesPagination.totalPages` (integer, required) Total pages available Example: 12 - `originStatus` (string) The status of the origin, either 'approved' or 'unapproved' Example: "approved" - `origins` (array) The origins of the issue Example: ["app","base"] - `primaryOccurrenceId` (integer, required) The primary occurrence's ID Example: 12345 - `productId` (string, required) The scan tool that identified this Security Issue Example: "product1234567890abcde" - `severity` (number, required) Numeric severity, from 0 (lowest) to 10 (highest) Example: 8.5 - `severityCode` (string, required) Severity code Enum: "Critical", "High", "Medium", "Low", "Info", "Unassigned" - `status` (string) Indicates if the Security Issue was found to be remediated, ignored, etc. Enum: "Remediated", "Compensating Controls", "Acceptable Use", "Acceptable Risk", "False Positive", "Fix Unavailable", "Exempted" - `subproduct` (string) The subproduct that identified this Security Issue Example: "product" - `targetId` (string) The Target that this Security Issue affects Example: "abcdef1234567890ghijkl" - `targetName` (string) The Name of the Target that this Security Issue affects Example: "abcdef1234567890ghijkl" - `targetType` (string) The type of the Target that this Security Issue affects Enum: "container", "repository", "instance", "configuration" - `targetVariantId` (string) The Target Variant that this Security Issue affects Example: "abcdef1234567890ghijkl" - `targetVariantName` (string) Name of the associated Target and Variant Example: "nodegoat:master" - `title` (string, required) Title of the Security Issue Example: "json-schema@0.2.3 is vulnerable to Prototype Pollution" - `type` (string) The type of vulnerability or quality issue for this Issue Enum: "SAST", "DAST", "SCA", "IAC", "SECRET", "MISCONFIG", "BUG_SMELLS", "CODE_SMELLS", "CODE_COVERAGE", "EXTERNAL_POLICY" ## Response 400 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 401 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 403 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 404 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 429 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 500 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404