# Scans#ScanIssues List Issues by Scan ID Endpoint: GET /sto/api/v2/scans/{id}/issues Version: 1.0 Security: ## Query parameters: - `accountId` (string, required) Harness Account ID Example: "abcdef1234567890ghijkl" - `exempted` (string) Chooses whether to show exempted issues ("only"), or non-exempted issues ("0" or "false") Enum: "false", "only", "0" ## Path parameters: - `id` (string, required) The Scan ID Example: "abcdefghijkl1234567890" ## Header parameters: - `X-Api-Key` (string) Harness personal or service access token Example: "Dicta magnam vel fuga." ## Response 200 fields (application/json): - `issues` (array, required) List of Issues Example: [{"baseImageName":"baseImageName","baselineVariantId":"abcdef1234567890ghijkl","created":1651578240,"currentStatus":"Expired","details":{"package":"json-schema","version":"v0.2.3"},"exemptionCoverage":"Partially Exempted","exemptionId":"abcdef1234567890ghijkl","exemptionStatusAtScan":"Approved","harnessAugmentation":{"Est maxime maiores vero ipsa.":"Consequatur nesciunt voluptates velit expedita.","Molestiae aut voluptates.":"Ut ab illum rerum."},"id":"abcdef1234567890ghijkl","key":"json-schema@0.2.3","numOccurrences":10,"occurrenceId":12345,"occurrences":[{"line":"42"},{"line":"666"}],"originStatus":"approved","origins":["app","base"],"productId":"product1234567890abcde","severity":8.5,"severityCode":"High","status":"Remediated","subproduct":"product","targetId":"abcdef1234567890ghijkl","targetName":"abcdef1234567890ghijkl","targetType":"repository","targetVariantId":"abcdef1234567890ghijkl","targetVariantName":"nodegoat:master","title":"json-schema@0.2.3 is vulnerable to Prototype Pollution","type":"SAST"},{"baseImageName":"baseImageName","baselineVariantId":"abcdef1234567890ghijkl","created":1651578240,"currentStatus":"Expired","details":{"package":"json-schema","version":"v0.2.3"},"exemptionCoverage":"Partially Exempted","exemptionId":"abcdef1234567890ghijkl","exemptionStatusAtScan":"Approved","harnessAugmentation":{"Est maxime maiores vero ipsa.":"Consequatur nesciunt voluptates velit expedita.","Molestiae aut voluptates.":"Ut ab illum rerum."},"id":"abcdef1234567890ghijkl","key":"json-schema@0.2.3","numOccurrences":10,"occurrenceId":12345,"occurrences":[{"line":"42"},{"line":"666"}],"originStatus":"approved","origins":["app","base"],"productId":"product1234567890abcde","severity":8.5,"severityCode":"High","status":"Remediated","subproduct":"product","targetId":"abcdef1234567890ghijkl","targetName":"abcdef1234567890ghijkl","targetType":"repository","targetVariantId":"abcdef1234567890ghijkl","targetVariantName":"nodegoat:master","title":"json-schema@0.2.3 is vulnerable to Prototype Pollution","type":"SAST"},{"baseImageName":"baseImageName","baselineVariantId":"abcdef1234567890ghijkl","created":1651578240,"currentStatus":"Expired","details":{"package":"json-schema","version":"v0.2.3"},"exemptionCoverage":"Partially Exempted","exemptionId":"abcdef1234567890ghijkl","exemptionStatusAtScan":"Approved","harnessAugmentation":{"Est maxime maiores vero ipsa.":"Consequatur nesciunt voluptates velit expedita.","Molestiae aut voluptates.":"Ut ab illum rerum."},"id":"abcdef1234567890ghijkl","key":"json-schema@0.2.3","numOccurrences":10,"occurrenceId":12345,"occurrences":[{"line":"42"},{"line":"666"}],"originStatus":"approved","origins":["app","base"],"productId":"product1234567890abcde","severity":8.5,"severityCode":"High","status":"Remediated","subproduct":"product","targetId":"abcdef1234567890ghijkl","targetName":"abcdef1234567890ghijkl","targetType":"repository","targetVariantId":"abcdef1234567890ghijkl","targetVariantName":"nodegoat:master","title":"json-schema@0.2.3 is vulnerable to Prototype Pollution","type":"SAST"},{"baseImageName":"baseImageName","baselineVariantId":"abcdef1234567890ghijkl","created":1651578240,"currentStatus":"Expired","details":{"package":"json-schema","version":"v0.2.3"},"exemptionCoverage":"Partially Exempted","exemptionId":"abcdef1234567890ghijkl","exemptionStatusAtScan":"Approved","harnessAugmentation":{"Est maxime maiores vero ipsa.":"Consequatur nesciunt voluptates velit expedita.","Molestiae aut voluptates.":"Ut ab illum rerum."},"id":"abcdef1234567890ghijkl","key":"json-schema@0.2.3","numOccurrences":10,"occurrenceId":12345,"occurrences":[{"line":"42"},{"line":"666"}],"originStatus":"approved","origins":["app","base"],"productId":"product1234567890abcde","severity":8.5,"severityCode":"High","status":"Remediated","subproduct":"product","targetId":"abcdef1234567890ghijkl","targetName":"abcdef1234567890ghijkl","targetType":"repository","targetVariantId":"abcdef1234567890ghijkl","targetVariantName":"nodegoat:master","title":"json-schema@0.2.3 is vulnerable to Prototype Pollution","type":"SAST"}] - `issues.baseImageName` (string) base image name of the issue Example: "baseImageName" - `issues.baselineVariantId` (string) The Baseline Target Variant related to this Security Issue Example: "abcdef1234567890ghijkl" - `issues.created` (integer, required) Unix timestamp at which the resource was created Example: 1651578240 - `issues.currentStatus` (string) Current status of the Exemption Enum: "Pending", "Approved", "Rejected", "Expired" - `issues.details` (object, required) Issue details common to all occurrences Example: {"package":"json-schema","version":"v0.2.3"} - `issues.exemptionCoverage` (string) Indicates if the Security Issue was found to be Exempted, Partially Exempted. Example: "Partially Exempted" - `issues.exemptionId` (string) ID of the associated Exemption Example: "abcdef1234567890ghijkl" - `issues.exemptionStatusAtScan` (string) Exemption's status at the Security Scan created time Enum: "Pending", "Approved", "Rejected", "Expired" - `issues.harnessAugmentation` (object) Harness Augmentation details Example: {"Est modi quis nam ipsam at.":"Provident dolores molestiae eos magnam."} - `issues.id` (string, required) Resource identifier Example: "abcdef1234567890ghijkl" - `issues.key` (string, required) Compression/deduplication key Example: "json-schema@0.2.3" - `issues.numOccurrences` (integer) Indicates the number of Occurrences on the Issue Example: 10 - `issues.occurrenceId` (integer) Example: 12345 - `issues.occurrences` (array) Array of details unique to each occurrence Example: [{"line":"42"},{"line":"666"}] - `issues.originStatus` (string) The status of the origin, either 'approved' or 'unapproved' Example: "approved" - `issues.origins` (array) The origins of the issue Example: ["app","base"] - `issues.productId` (string, required) The scan tool that identified this Security Issue Example: "product1234567890abcde" - `issues.severity` (number, required) Numeric severity, from 0 (lowest) to 10 (highest) Example: 8.5 - `issues.severityCode` (string, required) Severity code Enum: "Critical", "High", "Medium", "Low", "Info", "Unassigned" - `issues.status` (string) Indicates if the Security Issue was found to be remediated, ignored, etc. Enum: "Remediated", "Compensating Controls", "Acceptable Use", "Acceptable Risk", "False Positive", "Fix Unavailable", "Exempted" - `issues.subproduct` (string) The subproduct that identified this Security Issue Example: "product" - `issues.targetId` (string) The Target that this Security Issue affects Example: "abcdef1234567890ghijkl" - `issues.targetName` (string) The Name of the Target that this Security Issue affects Example: "abcdef1234567890ghijkl" - `issues.targetType` (string) The type of the Target that this Security Issue affects Enum: "container", "repository", "instance", "configuration" - `issues.targetVariantId` (string) The Target Variant that this Security Issue affects Example: "abcdef1234567890ghijkl" - `issues.targetVariantName` (string) Name of the associated Target and Variant Example: "nodegoat:master" - `issues.title` (string, required) Title of the Security Issue Example: "json-schema@0.2.3 is vulnerable to Prototype Pollution" - `issues.type` (string) The type of vulnerability or quality issue for this Issue Enum: "SAST", "DAST", "SCA", "IAC", "SECRET", "MISCONFIG", "BUG_SMELLS", "CODE_SMELLS", "CODE_COVERAGE", "EXTERNAL_POLICY" ## Response 400 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 401 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 403 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 429 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404 ## Response 500 fields (application/json): - `message` (string, required) Example: "Not Found" - `status` (integer) Example: 404