Harness

Issues

Access and modify Security Issues

Issues#ListIssues

List a collection of Security Issues

Request
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
page
integer <int64> >= 0
Default: 0

Page number to fetch (starting from 0)

Example: page=4
pageSize
integer <int64> [ 1 .. 100 ]
Default: 30

Number of results per page

Example: pageSize=50
productId
string^[a-zA-Z0-9_-]{22}$

Issue product ID

Example: productId=abcdef1234567890ghijkl
key
string <= 512 characters

Compression/deduplication key

Example: key=json-schema@0.2.3
excludeOccurrences
boolean
Example: excludeOccurrences=false
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Accusantium est dolores est quos veniam eius.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/issues
Request samples 
Response samples 
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}
Issues#CreateIssue
Create a new Security Issue


Request 
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
normalized
boolean
Indicates the Occurrences have already been normalized


 
 Example:  normalized=false
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Possimus neque consequatur odit et.
Request Body schema: application/json
required
required
object
Issue details common to all occurrences


 
exemptionId
string^[a-zA-Z0-9_-]{22}$
ID of the associated Exemption


 
key
required
string  <= 512 characters 
Compression/deduplication key


 
keyPattern
required
Array of strings
The pattern of fields used to generate this Security Issue's Key


 
numOccurrences
integer <int32> 
Indicates the number of Occurrences on the Issue


 
Array of objects
Array of details unique to each occurrence


 
productId
required
string^[a-zA-Z0-9_-]{22}$
The scan tool that identified this Security Issue


 
scanId
required
string^[a-zA-Z0-9_-]{22}$
The Security Scan execution that detected this Security Issue


 
severity
required
number <float> 
Numeric severity, from 0 (lowest) to 10 (highest)


 
severityCode
required
string
Severity code


 Enum: "Critical" "High" "Medium" "Low" "Info" "Unassigned"  
subproduct
string
The subproduct that identified this Security Issue


 
targetVariantName
string^[a-zA-Z0-9_-]{22}$
Name of the associated Target and Variant


 
title
required
string  <= 128 characters 
Title of the Security Issue


 
type
string
The type of vulnerability or quality issue for this Issue


 Enum: "SAST" "DAST" "SCA" "IAC" "SECRET" "MISCONFIG" "BUG_SMELLS" "CODE_SMELLS" "CODE_COVERAGE" "EXTERNAL_POLICY"  
Responses 
200
OK response.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


post/sto/api/v2/issues
Request samples 
application/json
{
  • "details": {
    },
  • "exemptionId": "abcdef1234567890ghijkl",
  • "key": "json-schema@0.2.3",
  • "keyPattern": [
    ],
  • "numOccurrences": 10,
  • "occurrences": [
    ],
  • "productId": "product1234567890abcde",
  • "scanId": "abcdef1234567890ghijkl",
  • "severity": 8.5,
  • "severityCode": "High",
  • "subproduct": "product",
  • "targetVariantName": "nodegoat:master",
  • "title": "json-schema@0.2.3 is vulnerable to Prototype Pollution",
  • "type": "SAST"
}
Response samples 
application/json
{
  • "id": "abcdef1234567890ghijkl"
}
Issues#FindIssueById
Find Security Issue by ID


Request 
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$
The ID of the Security Issue to retrieve


 
 Example:  abcdef1234567890ghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
orgId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Organization ID


 
 Example:  orgId=example_org
projectId
required
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Project ID


 
 Example:  projectId=example_project
targetId
string^[a-zA-Z0-9_-]{22}$
Associated Target ID


  Examples: 
targetId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Ipsum voluptatem.
Responses 
200
OK response.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


404
NotFound: Not Found response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


get/sto/api/v2/issues/{id}
Request samples 
Response samples 
application/json
{
  • "baseImageName": "baseImageName",
  • "baselineVariantId": "abcdef1234567890ghijkl",
  • "created": 1651578240,
  • "currentStatus": "Approved",
  • "details": {
    },
  • "exemptionCoverage": "Partially Exempted",
  • "exemptionId": "abcdef1234567890ghijkl",
  • "exemptionStatusAtScan": "Rejected",
  • "harnessAugmentation": {
    },
  • "id": "abcdef1234567890ghijkl",
  • "key": "json-schema@0.2.3",
  • "numOccurrences": 10,
  • "occurrenceId": 12345,
  • "occurrences": [
    ],
  • "originStatus": "approved",
  • "origins": [
    ],
  • "productId": "product1234567890abcde",
  • "severity": 8.5,
  • "severityCode": "High",
  • "status": "Remediated",
  • "subproduct": "product",
  • "targetId": "abcdef1234567890ghijkl",
  • "targetName": "abcdef1234567890ghijkl",
  • "targetType": "repository",
  • "targetVariantId": "abcdef1234567890ghijkl",
  • "targetVariantName": "nodegoat:master",
  • "title": "json-schema@0.2.3 is vulnerable to Prototype Pollution",
  • "type": "SAST"
}
Issues#UpdateIssue
Update an existing Security Issue


Request 
path Parameters
id
required
string
The ID of the Security Issue to update


 
 Example:  Reiciendis dolores.
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Cupiditate velit ipsum.
Request Body schema: application/json
required
numOccurrences
integer <int32> 
Indicates the number of Occurrences on the Issue


 
required
Array of objects
Array of details unique to each occurrence


 
scanId
required
string^[a-zA-Z0-9_-]{22}$
The Security Scan execution that detected this Security Issue


 
type
string
The type of vulnerability or quality issue for this Issue


 Enum: "SAST" "DAST" "SCA" "IAC" "SECRET" "MISCONFIG" "BUG_SMELLS" "CODE_SMELLS" "CODE_COVERAGE" "EXTERNAL_POLICY"  
Responses 
204
Update succeeded.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


404
NotFound: Not Found response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


put/sto/api/v2/issues/{id}
Request samples 
application/json
{
  • "numOccurrences": 10,
  • "occurrences": [
    ],
  • "scanId": "abcdef1234567890ghijkl",
  • "type": "SAST"
}
Response samples 
application/json
{
  • "message": "Bad Request: accountId parameter is required",
  • "status": 400
}
Issues#IssuesAugmentRemediation
Use AI to augment the remediation steps for this Security Issue


Request 
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$
The ID of the Security Issue to augment


 
 Example:  1234567890abcdefghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$
Harness Account ID


 
 Example:  accountId=abcdef1234567890ghijkl
orgId
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Organization ID


 
 Example:  orgId=example_org
projectId
string  <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$
Harness Project ID


 
 Example:  projectId=example_project
header Parameters
X-Api-Key
string
Harness personal or service access token


 
 Example:  Dolor aut quia illo repellendus ducimus.
Request Body schema: application/json
required
connectorId
string
 
occurrenceId
required
integer <int64>   >= 1 
 
referenceId
string
 
scanId
required
string^[a-zA-Z0-9_-]{22}$
The Scan ID to use as context for the Security Issue to augment


 
userSnippet
string  [ 1 .. 1024 ] characters 
The user-supplied code snippet


 
Responses 
200
OK response.


400
BadRequest: Bad Request response.


401
Unauthorized: Unauthorized response.


403
Forbidden: Forbidden response.


429
TooManyRequests: Too Many Requests response.


500
InternalServerError: Internal Server Error response.


post/sto/api/v2/issues/{id}/augment-remediation
Request samples 
application/json
{
  • "connectorId": "Quos laudantium est reprehenderit consequuntur.",
  • "occurrenceId": 12345,
  • "referenceId": "CWE-123",
  • "scanId": "abcdefghijkl1234567890",
  • "userSnippet": "func example() int {\n  return 0\n}"
}
Response samples 
application/json
{
  • "metadata": {
    },
  • "remediationCode": "Laboriosam ad dolore.",
  • "remediationContext": "Deserunt aliquid.",
  • "repoContent": "Exercitationem odit cumque."
}
➔ Next to Scans