Issues

Access and modify Security Issues

Issues#ListIssues

List a collection of Security Issues

Security
Request
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
page
integer <int64> >= 0
Default: 0

Page number to fetch (starting from 0)

Example: page=4
pageSize
integer <int64> [ 1 .. 100 ]
Default: 30

Number of results per page

Example: pageSize=50
productId
string^[a-zA-Z0-9_-]{22}$

Issue product ID

Example: productId=abcdef1234567890ghijkl
key
string <= 512 characters

Compression/deduplication key

Example: key=json-schema@0.2.3
excludeOccurrences
boolean
Example: excludeOccurrences=false
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Totam et.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/issues
Request samples
Response samples
application/json
{
  • "pagination": {
    },
  • "results": [
    ]
}

Issues#CreateIssue

Create a new Security Issue

Security
Request
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
normalized
boolean

Indicates the Occurrences have already been normalized

Example: normalized=false
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Voluptatem laboriosam non eveniet quae expedita.
Request Body schema: application/json
required
required
object

Issue details common to all occurrences

exemptionId
string^[a-zA-Z0-9_-]{22}$

ID of the associated Exemption

key
required
string <= 512 characters

Compression/deduplication key

keyPattern
required
Array of strings

The pattern of fields used to generate this Security Issue's Key

Array of objects

Array of details unique to each occurrence

productId
required
string^[a-zA-Z0-9_-]{22}$

The scan tool that identified this Security Issue

scanId
required
string^[a-zA-Z0-9_-]{22}$

The Security Scan execution that detected this Security Issue

severity
required
number <float>

Numeric severity, from 0 (lowest) to 10 (highest)

severityCode
required
string

Severity code

Enum: "Critical" "High" "Medium" "Low" "Info" "Unassigned"
subproduct
string

The subproduct that identified this Security Issue

targetVariantName
string^[a-zA-Z0-9_-]{22}$

Name of the associated Target and Variant

title
required
string <= 128 characters

Title of the Security Issue

Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

post/sto/api/v2/issues
Request samples
application/json
{
  • "details": {
    },
  • "exemptionId": "abcdef1234567890ghijkl",
  • "key": "json-schema@0.2.3",
  • "keyPattern": [
    ],
  • "occurrences": [
    ],
  • "productId": "product1234567890abcde",
  • "scanId": "abcdef1234567890ghijkl",
  • "severity": 8.5,
  • "severityCode": "High",
  • "subproduct": "product",
  • "targetVariantName": "nodegoat:master",
  • "title": "json-schema@0.2.3 is vulnerable to Prototype Pollution"
}
Response samples
application/json
{
  • "id": "abcdef1234567890ghijkl"
}

Issues#FindIssueById

Find Security Issue by ID

Security
Request
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$

The ID of the Security Issue to retrieve

Example: abcdef1234567890ghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
orgId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Organization ID

Example: orgId=example_org
projectId
required
string <= 128 characters ^[A-Za-z_][A-Za-z0-9_]*$

Harness Project ID

Example: projectId=example_project
targetId
string^[a-zA-Z0-9_-]{22}$

Associated Target ID

Examples:
targetId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Ipsa consequuntur reiciendis accusamus.
Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

get/sto/api/v2/issues/{id}
Request samples
Response samples
application/json
{
  • "baselineVariantId": "abcdef1234567890ghijkl",
  • "created": 1651578240,
  • "details": {
    },
  • "exemptionId": "abcdef1234567890ghijkl",
  • "harnessAugmentation": {
    },
  • "id": "abcdef1234567890ghijkl",
  • "key": "json-schema@0.2.3",
  • "occurrenceId": 12345,
  • "occurrences": [
    ],
  • "productId": "product1234567890abcde",
  • "severity": 8.5,
  • "severityCode": "High",
  • "status": "Remediated",
  • "subproduct": "product",
  • "targetId": "abcdef1234567890ghijkl",
  • "targetName": "abcdef1234567890ghijkl",
  • "targetType": "repository",
  • "targetVariantId": "abcdef1234567890ghijkl",
  • "targetVariantName": "nodegoat:master",
  • "title": "json-schema@0.2.3 is vulnerable to Prototype Pollution"
}

Issues#UpdateIssue

Update an existing Security Issue

Security
Request
path Parameters
id
required
string

The ID of the Security Issue to update

Example: Voluptatem doloribus quis consectetur et id.
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: Et quia.
Request Body schema: application/json
required
required
Array of objects

Array of details unique to each occurrence

scanId
required
string^[a-zA-Z0-9_-]{22}$

The Security Scan execution that detected this Security Issue

Responses
204

Update succeeded.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

404

NotFound: Not Found response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

put/sto/api/v2/issues/{id}
Request samples
application/json
{
  • "occurrences": [
    ],
  • "scanId": "abcdef1234567890ghijkl"
}
Response samples
application/json
{
  • "message": "Bad Request: accountId parameter is required",
  • "status": 400
}

Issues#IssuesAugmentRemediation

Use AI to augment the remediation steps for this Security Issue

Security
Request
path Parameters
id
required
string^[a-zA-Z0-9_-]{22}$

The ID of the Security Issue to augment

Example: 1234567890abcdefghijkl
query Parameters
accountId
required
string^[a-zA-Z0-9_-]{22}$

Harness Account ID

Example: accountId=abcdef1234567890ghijkl
header Parameters
X-Api-Key
string

Harness personal or service access token

Example: In officia recusandae.
Request Body schema: application/json
required
occurrenceId
required
integer <int64> >= 1
referenceId
string
scanId
required
string^[a-zA-Z0-9_-]{22}$

The Scan ID to use as context for the Security Issue to augment

userSnippet
string [ 1 .. 1024 ] characters

The user-supplied code snippet

Responses
200

OK response.

400

BadRequest: Bad Request response.

401

Unauthorized: Unauthorized response.

403

Forbidden: Forbidden response.

429

TooManyRequests: Too Many Requests response.

500

InternalServerError: Internal Server Error response.

post/sto/api/v2/issues/{id}/augment-remediation
Request samples
application/json
{
  • "occurrenceId": 12345,
  • "referenceId": "CWE-123",
  • "scanId": "abcdefghijkl1234567890",
  • "userSnippet": "func example() int {\n return 0\n}"
}
Response samples
application/json
{
  • "remediationSteps": "Sint qui."
}