> ## Documentation Index > Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt > Use this file to discover all available pages before exploring further. # ListFindingLogs > Returns a list of finding logs based on the specified list parameters. ## OpenAPI ````yaml /api-reference/openapi.v3.json get /v1/namespaces/{tenant_meta.namespace}/finding-logs openapi: 3.0.3 info: description: Integrate your application with Endor Labs using the REST API. title: Endor Labs REST API Reference version: '1.0' servers: - url: https://api.endorlabs.com/ security: [] tags: - name: AISastCustomerContextService - name: APIKeyService - name: APIKeyValidatorService - name: ArtifactSignatureService - name: AuditLogService - name: AuthenticationLogService - name: AuthenticationService - name: AuthorizationPolicyService - name: BatchFileSegmentsService - name: BatchNotificationService - name: CallGraphDataService - name: CodeOwnersService - name: DependencyMetadataService - name: EndorIgnoreEntryService - name: ExporterService - name: FindingLogService - name: FindingService - name: HuggingFaceModelService - name: HuggingFaceOrganizationService - name: IPAddressPolicyService - name: IdentityProviderService - name: InstallationService - name: InvitationService - name: LicenseDependencyService - name: LicenseNoticesReportService - name: LicenseSummaryService - name: LinterResultService - name: MalwareService - name: MetricService - name: NamespaceService - name: NotificationService - name: NotificationTargetService - name: OnPremSchedulerService - name: PRCommentConfigService - name: PackageFirewallLogService - name: PackageLicenseOverrideService - name: PackageLicenseQueryService - name: PackageLicenseService - name: PackageManagerService - name: PackageVersionService - name: PluginBinaryService - name: PolicyService - name: PolicyTemplateService - name: ProjectService - name: ProvisioningResultService - name: QueryMalwareService - name: QueryService - name: QuerySimilarPackagesService - name: QueryVulnerabilityService - name: RegistryIngestionCheckpointService - name: RepositoryService - name: RepositoryVersionService - name: RuleSetImportService - name: SBOMExportService - name: SBOMImportService - name: SCMCredentialService - name: SavedQueryService - name: ScanLogRequestService - name: ScanProfileService - name: ScanResultService - name: ScanWorkflowResultService - name: ScanWorkflowService - name: SecretRuleService - name: SemgrepRuleService - name: SystemConfigService - name: TenantService - name: VEXExportService - name: VectorStoreService - name: VersionUpgradeService - name: VulnerabilityService paths: /v1/namespaces/{tenant_meta.namespace}/finding-logs: get: tags: - FindingLogService summary: ListFindingLogs description: Returns a list of finding logs based on the specified list parameters. operationId: FindingLogService_ListFindingLogs parameters: - description: >- Namespaces are a way to organize organizational units into virtual groupings of resources. Namespaces must be a fully qualified name, for example, the child namespace of namespace "endor.prod" called "app" is called "endor.prod.app". in: path name: tenant_meta.namespace required: true schema: type: string x-endor-name: Namespace - description: >- String of conditions to filter resources by. Filters may include any attribute along with the following operators: "==", "!=", ">", ">=", "<", "<=", "Contains", "In", "Matches", and "Exists". The logical operators "And" and "Or" are also supported. Expressions may be combined and grouped with parentheses. Examples: "spec.value == 5", "spec.value in ["a", "b", "c"]", "(meta.name == "xyz" and "spec.value in ["a","b"]) or (spec.value == "c")". in: query name: list_parameters.filter schema: type: string - description: |- Set the page token to start from. Use page tokens to page through list results or list specific pages. in: query name: list_parameters.page_token schema: format: int32 type: integer - description: |- Set the page size to limit the number of results returned. Default: 100. Max: 500. in: query name: list_parameters.page_size schema: format: int32 type: integer - description: >- Action to be executed with a request. Not supported for all endpoints. in: query name: list_parameters.action schema: type: string - description: List of fields to return (all fields are returned by default). in: query name: list_parameters.mask schema: type: string - description: Get data from any child namespaces as well. in: query name: list_parameters.traverse schema: type: boolean - description: Field to sort objects by, for example, meta.name. in: query name: list_parameters.sort.path schema: type: string - description: 'Sort order. Default: ASC.' in: query name: list_parameters.sort.order schema: default: SORT_ENTRY_ORDER_UNSPECIFIED enum: - SORT_ENTRY_ORDER_UNSPECIFIED - SORT_ENTRY_ORDER_ASC - SORT_ENTRY_ORDER_DESC type: string - description: |- Return the number of objects matching the given list parameters. If count is set to true, the response is a CountResponse. Can be used together with filter and traverse. in: query name: list_parameters.count schema: type: boolean - description: |- Group the objects based on this field. If there are multiple fields then the objects are grouped based on the uniqueness of all fields. Supports composite paths. Supports arrays and maps. in: query name: list_parameters.group.aggregation_paths schema: type: string - description: |- Return the UUID of each object in each group as specified by aggregation_paths. in: query name: list_parameters.group.show_aggregation_uuids schema: type: boolean - description: |- List of fields for which we want the unique count. Supports arrays and maps. in: query name: list_parameters.group.unique_count_paths schema: type: string - description: |- List of fields for which we want the unique values. Supports arrays and maps. in: query name: list_parameters.group.unique_value_paths schema: type: string - description: Only return objects from PR scans that match this context id. in: query name: list_parameters.ci_run_uuid schema: type: string - description: Page ID to retrieve. in: query name: list_parameters.page_id schema: type: string - description: |- Group the objects based on this time field, for example, meta.create_time. in: query name: list_parameters.group_by_time.aggregation_paths schema: type: string - description: Return the UUIDs of the objects in each group. in: query name: list_parameters.group_by_time.show_aggregation_uuids schema: type: boolean - description: Interval unit by which the objects should be grouped. in: query name: list_parameters.group_by_time.interval schema: default: GROUP_BY_TIME_INTERVAL_UNSPECIFIED enum: - GROUP_BY_TIME_INTERVAL_UNSPECIFIED - GROUP_BY_TIME_INTERVAL_YEAR - GROUP_BY_TIME_INTERVAL_QUARTER - GROUP_BY_TIME_INTERVAL_MONTH - GROUP_BY_TIME_INTERVAL_WEEK - GROUP_BY_TIME_INTERVAL_DAY - GROUP_BY_TIME_INTERVAL_HOUR - GROUP_BY_TIME_INTERVAL_MINUTE - GROUP_BY_TIME_INTERVAL_SECOND type: string - description: |- Size of the time interval to group the objects by, for example, to group objects by 2-week intervals, set interval to GROUP_BY_TIME_INTERVAL_WEEK and group_size to 2. in: query name: list_parameters.group_by_time.group_size schema: format: int32 type: integer - description: |- Beginning of the time period to group objects. Defaults to the beginning of time. in: query name: list_parameters.group_by_time.start_time schema: format: date-time type: string - description: |- End of the time period to group objects. Defaults to the current time. in: query name: list_parameters.group_by_time.end_time schema: format: date-time type: string - description: >- The mode determines how the matching objects are counted in the produced time-series. Values allowed are: count (default) : is the number of items matching in every interval. sum: is the total number of items matching since the beginning of the aggregation time. in: query name: list_parameters.group_by_time.mode schema: type: string - description: >- The aggregation_field is a field on the matched objects that we want to perform some operation in each interval (example : min, max, avg) in: query name: list_parameters.group_by_time.aggregation_value_field schema: type: string - description: |- The aggreation_operator is the operator that we should use for the aggregation. Allowed values are: min, max, sum, avg in: query name: list_parameters.group_by_time.aggregation_operator schema: type: string - description: |- If true, the results will not be paginated and only the first page will be returned. The order of the results is not guaranteed. in: query name: list_parameters.disable_pagination schema: type: boolean responses: '200': content: application/json: schema: $ref: '#/components/schemas/v1ListFindingLogsResponse' description: A successful response. default: content: application/json: schema: $ref: '#/components/schemas/googlerpcStatus' description: An unexpected error response. components: schemas: v1ListFindingLogsResponse: description: Response returned for requests to list finding logs. properties: count_response: $ref: '#/components/schemas/v1CountResponse' group_response: $ref: '#/components/schemas/v1GroupResponse' list: $ref: '#/components/schemas/v1ListFindingLogsResponseList' type: object googlerpcStatus: description: >- The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). properties: code: description: |- The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. format: int32 type: integer details: description: >- A list of messages that carry the error details. There is a common set of message types for APIs to use. items: $ref: '#/components/schemas/googleprotobufAny' type: array message: description: >- A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. type: string type: object v1CountResponse: description: Response to a list count request. properties: count: description: Number of objects matching the given list parameters. format: int32 type: integer type: object v1GroupResponse: description: Response to a list group request. properties: groups: additionalProperties: $ref: '#/components/schemas/GroupResponseGroupData' description: |- Map indexed by values of the fields specified in aggregation_paths, for example, {"[{"key":"meta.kind","value":"Project"}]": { "aggregation_count": { "count": 1649 } } }. type: object type: object v1ListFindingLogsResponseList: properties: objects: items: $ref: '#/components/schemas/v1FindingLog' type: array response: $ref: '#/components/schemas/v1ListResponse' type: object googleprotobufAny: additionalProperties: {} description: >- `Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } // or ... if (any.isSameTypeAs(Foo.getDefaultInstance())) { foo = any.unpack(Foo.getDefaultInstance()); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := &pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := &pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { "@type": "type.googleapis.com/google.profile.Person", "firstName": , "lastName": } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { "@type": "type.googleapis.com/google.protobuf.Duration", "value": "1.212s" } properties: '@type': description: >- A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one "/" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading "." is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics. type: string type: object GroupResponseGroupData: description: Information about objects matching the given key. properties: aggregation_count: $ref: '#/components/schemas/v1CountResponse' aggregation_uuids: description: |- List of UUIDs of the objects in the group. Only populated if show_aggregation_uuids is set. items: type: string type: array aggregation_value: $ref: '#/components/schemas/v1GroupAggregationValueResponse' unique_counts: additionalProperties: $ref: '#/components/schemas/v1CountResponse' description: |- Map of counts for the given unique_count_paths fields. Only populated if unique_count_paths is set. type: object unique_values: additionalProperties: items: type: object type: array description: |- Map of values for the given unique_value_paths fields. Only populated if unique_value_paths is set. type: object type: object v1FindingLog: description: >- A finding log contains details of the state of a finding at the time it was created, updated or deleted. properties: context: $ref: '#/components/schemas/v1Context' meta: $ref: '#/components/schemas/v1Meta' spec: $ref: '#/components/schemas/v1FindingLogSpec' tenant_meta: $ref: '#/components/schemas/v1TenantMeta' uuid: description: The UUID of the finding log. readOnly: true type: string required: - meta - spec - context type: object v1ListResponse: description: Response to a list request. properties: next_page_id: description: The UUID of last message retrieved. type: string next_page_token: description: >- Pagination token that can be used to retrieve the next page of results. format: int32 type: integer type: object v1GroupAggregationValueResponse: description: |- GroupAggregationValueResponse returns the value of the aggregation if requested. properties: value: format: float type: number type: object v1Context: description: Contexts keep objects from different scans separated. properties: id: description: The context ID, such as a pull request ID or branch reference. type: string tags: description: |- A list of tags applied to a context. Used primarily for CI and SBOM contexts. items: type: string type: array type: $ref: '#/components/schemas/ContextContextType' will_be_deleted_at: description: |- Time that all objects in this context will be deleted. This field is deprecated and will be removed in the future. Please use the meta.will_be_deleted_at field instead. format: date-time readOnly: true type: string required: - type - id type: object v1Meta: description: Common fields for all Endor Labs resources. properties: annotations: additionalProperties: type: string description: >- Annotations can be used to attach metadata to a resource message. Annotation values can be small or large, structured or unstructured, and may include characters not permitted by labels. The keys may contain alphanumerics, underscores (_), dots (.) and dashes (-). The values of an annotation must be 16384 bytes or smaller. type: object create_time: description: |- Time the resource was created. Format: 2017-01-15T01:30:15.01Z RFC 3339: https://www.ietf.org/rfc/rfc3339.txt. format: date-time readOnly: true type: string created_by: description: |- Name and authentication source of the user who created the object, for example, ewok@endor.ai@google@api-key. readOnly: true type: string description: description: Resource description. Must be less than 1024 bytes. type: string index_data: $ref: '#/components/schemas/v1IndexData' kind: description: >- Resource kind, for example, HelloResponse. Auto-generated using the protobuf message proto.MessageName().Name(). readOnly: true type: string name: description: Resource name. Must be 63 characters or less. type: string parent_kind: description: Parent object resource kind, for example, Project. type: string parent_uuid: description: Parent object UUID. type: string references: additionalProperties: $ref: '#/components/schemas/googleprotobufAny' description: Map of objects referenced in a query API. readOnly: true type: object tags: description: >- List of tags attached to the resource. Tags can be used to select objects and to find collections of objects that satisfy certain conditions. A tag must be 255 characters or less. items: type: string type: array update_time: description: |- Time the resource was last updated. Note: Updated on all create/patch/delete operations. Format: 2017-01-15T01:30:15.01Z RFC 3339: https://www.ietf.org/rfc/rfc3339.txt. format: date-time readOnly: true type: string updated_by: description: >- Name and authentication source of the last user who updated the object, for example, vulnerabilityingestor@endor.ai@x509. readOnly: true type: string upsert_time: description: |- Time the resource was last upserted. Note: create_time is only set the first time the resource is created. upsert_time is set every time the resource is upseted. Format: 2017-01-15T01:30:15.01Z RFC 3339: https://www.ietf.org/rfc/rfc3339.txt. format: date-time readOnly: true type: string version: description: Message version. readOnly: true type: string required: - name type: object v1FindingLogSpec: properties: approximation: description: |- True if this finding is for an approximate dependency based on the unresolved package dependencies. type: boolean days_unresolved: description: Number of days that this finding remained unresolved. format: int64 type: string ecosystem: $ref: '#/components/schemas/v1Ecosystem' finding_categories: description: >- List of categories that capture the use case to which the finding fits. items: $ref: '#/components/schemas/v1FindingCategory' type: array finding_parent_kind: description: Finding parent object resource kind. For example, PackageVersion. type: string finding_parent_name: description: finding_parent_name is the name of the parent object. type: string finding_parent_uuid: description: Finding parent object UUID. type: string finding_tags: description: |- List of tags, or attributes, that describe the scope of the finding and can be used to filter findings. items: $ref: '#/components/schemas/v1FindingTags' type: array finding_uuid: description: The UUID of the finding. type: string introduced_at: description: Time the finding was introduced. format: date-time type: string level: $ref: '#/components/schemas/SpecFindingLevel' location: description: File paths or URLs where the finding was detected. items: type: string type: array method: $ref: '#/components/schemas/v1SystemEvaluationMethodDefinition' operation: $ref: '#/components/schemas/v1FindingLogSpecOperation' resolved_at: description: Time the finding was resolved. format: date-time type: string snooze: $ref: '#/components/schemas/v1DismissParams' target_dependency_package_name: description: |- Fully qualified name of the dependency. For example, eco://package@version. type: string target_uuid: description: The UUID of the DependencyMetadata object for the dependency. type: string required: - finding_uuid - finding_parent_kind - finding_parent_uuid - operation - introduced_at - method - level - finding_tags - finding_categories type: object v1TenantMeta: description: Tenant related data for the tenant containing the resource. properties: namespace: description: >- Namespaces are a way to organize organizational units into virtual groupings of resources. Namespaces must be a fully qualified name, for example, the child namespace of namespace "endor.prod" called "app" is called "endor.prod.app". type: string required: - namespace type: object ContextContextType: default: CONTEXT_TYPE_UNSPECIFIED description: |2- - CONTEXT_TYPE_MAIN: Objects from a scan of the default branch. All objects in the oss namespace are in the main context. The context id is always "default". - CONTEXT_TYPE_EXTERNAL: Indicates that this object is a copy/temporary value of an object in another project. Used for same-tenant dependencies. In source code reference this is equivalent to "vendor" folders. Package versions in the external context are only scanned for call graphs. No other operations are performed on them. - CONTEXT_TYPE_CI_RUN: Objects from a PR scan. The context id is the PR UUID. Objects in this context are deleted after 30 days. - CONTEXT_TYPE_SBOM: Objects from an SBOM scan. The context id is the SBOM serial number or some other unique identifier. - CONTEXT_TYPE_REF: Objects from a scan of a specific branch. The context id is the branch reference name. enum: - CONTEXT_TYPE_UNSPECIFIED - CONTEXT_TYPE_MAIN - CONTEXT_TYPE_EXTERNAL - CONTEXT_TYPE_CI_RUN - CONTEXT_TYPE_SBOM - CONTEXT_TYPE_REF type: string v1IndexData: description: |- IndexData is used to index the resource for search. It's an internal object. properties: data: items: type: string readOnly: true type: array search_score: description: >- search_score is the score of the resource for search. Internal use only. format: float readOnly: true type: number tenant: readOnly: true type: string will_be_deleted_at: description: Time that the resource will be deleted. format: date-time readOnly: true type: string type: object v1Ecosystem: default: ECOSYSTEM_UNSPECIFIED description: >2- - ECOSYSTEM_GO: GoLang. - ECOSYSTEM_MAVEN: Maven. - ECOSYSTEM_PYPI: Python. - ECOSYSTEM_CARGO: Rust. - ECOSYSTEM_NPM: Javascript. - ECOSYSTEM_GEM: Ruby. - ECOSYSTEM_NUGET: Dotnet. - ECOSYSTEM_PACKAGIST: PHP. - ECOSYSTEM_SBOM: SBOMs. - ECOSYSTEM_RPM: RPM. - ECOSYSTEM_DEBIAN: Debian. - ECOSYSTEM_GITHUB_ACTION: GitHub Actions. - ECOSYSTEM_COCOAPOD: Cocoapods. - ECOSYSTEM_APK: APK (alpine et.al). - ECOSYSTEM_CONTAINER: Containers. - ECOSYSTEM_HUGGING_FACE: Hugging Face. - ECOSYSTEM_C: C/C++. - ECOSYSTEM_GIT: ecosystem GIT for GIT repository dependencies. This can be used for package name of the resolved dependencies when a given repository has dependencies to other GIT repositories. Currently we use this to represent vulnerabilities for the given GIT repository. ex: git submodules, C/C++ dependencies. - ECOSYSTEM_AI_MODEL: AI models. - ECOSYSTEM_SWIFT: Ecosystem Swift consists of native Swift packages, which are defined using the Package.swift manifest file and managed by the Swift Package Manager. There is a separate ecosystem for Cocoapod packages called ECOSYSTEM_COCOAPOD, which is an alternative package manager for Swift packages. - ECOSYSTEM_CONAN: Ecosystem Conan for C/C++ packages managed by the Conan 2.x package manager. enum: - ECOSYSTEM_UNSPECIFIED - ECOSYSTEM_GO - ECOSYSTEM_MAVEN - ECOSYSTEM_PYPI - ECOSYSTEM_CARGO - ECOSYSTEM_NPM - ECOSYSTEM_GEM - ECOSYSTEM_NUGET - ECOSYSTEM_PACKAGIST - ECOSYSTEM_SBOM - ECOSYSTEM_RPM - ECOSYSTEM_DEBIAN - ECOSYSTEM_GITHUB_ACTION - ECOSYSTEM_COCOAPOD - ECOSYSTEM_APK - ECOSYSTEM_CONTAINER - ECOSYSTEM_HUGGING_FACE - ECOSYSTEM_C - ECOSYSTEM_GIT - ECOSYSTEM_AI_MODEL - ECOSYSTEM_SWIFT - ECOSYSTEM_CONAN type: string v1FindingCategory: default: FINDING_CATEGORY_UNSPECIFIED description: |- Finding categories loosely correspond to use cases. - FINDING_CATEGORY_VULNERABILITY: Vulnerability. - FINDING_CATEGORY_SUPPLY_CHAIN: Supply chain specific problem (malicious packages, typosquats). - FINDING_CATEGORY_LICENSE_RISK: License issue. - FINDING_CATEGORY_SCPM: Security posture management. - FINDING_CATEGORY_SECURITY: Generic security issue. - FINDING_CATEGORY_OPERATIONAL: Generic operational issue. - FINDING_CATEGORY_SECRETS: Exposed secret. - FINDING_CATEGORY_MALWARE: Malware. - FINDING_CATEGORY_CICD: CI/CD pipeline issue. - FINDING_CATEGORY_TOOLS: Tooling issue. - FINDING_CATEGORY_GHACTIONS: Finding applies to a GitHub action dependency. - FINDING_CATEGORY_CONTAINER: Finding applies to a container image. - FINDING_CATEGORY_SAST: SAST. - FINDING_CATEGORY_AI_MODELS: AI Models. - FINDING_CATEGORY_SECURITY_REVIEW: Security review. - FINDING_CATEGORY_SCA: Software Composition Analysis issue. enum: - FINDING_CATEGORY_UNSPECIFIED - FINDING_CATEGORY_VULNERABILITY - FINDING_CATEGORY_SUPPLY_CHAIN - FINDING_CATEGORY_LICENSE_RISK - FINDING_CATEGORY_SCPM - FINDING_CATEGORY_SECURITY - FINDING_CATEGORY_OPERATIONAL - FINDING_CATEGORY_SECRETS - FINDING_CATEGORY_MALWARE - FINDING_CATEGORY_CICD - FINDING_CATEGORY_TOOLS - FINDING_CATEGORY_GHACTIONS - FINDING_CATEGORY_CONTAINER - FINDING_CATEGORY_SAST - FINDING_CATEGORY_AI_MODELS - FINDING_CATEGORY_SECURITY_REVIEW - FINDING_CATEGORY_SCA type: string v1FindingTags: default: FINDING_TAGS_UNSPECIFIED description: |- Finding attributes. - FINDING_TAGS_DIRECT: Finding applies to a direct dependency. - FINDING_TAGS_TRANSITIVE: Finding applies to a transitive (indirect) dependency. - FINDING_TAGS_PROJECT_INTERNAL: Finding applies to a dependency that belongs to the same project. - FINDING_TAGS_NAMESPACE_INTERNAL: Finding applies to a dependency that belongs to the same namespace. - FINDING_TAGS_REACHABLE_DEPENDENCY: Finding applies to a reachable dependency. - FINDING_TAGS_UNREACHABLE_DEPENDENCY: Finding applies to an unreachable dependency. - FINDING_TAGS_POTENTIALLY_REACHABLE_DEPENDENCY: Finding applies to a potentially reachable dependency. - FINDING_TAGS_REACHABLE_FUNCTION: Finding applies to a reachable function. - FINDING_TAGS_UNREACHABLE_FUNCTION: Finding applies to an unreachable function. - FINDING_TAGS_POTENTIALLY_REACHABLE_FUNCTION: Finding applies to a potentially reachable function. - FINDING_TAGS_FIXABLE: Deprecated. - FINDING_TAGS_UNFIXABLE: Finding is unfixable. - FINDING_TAGS_PRODUCTION: Deprecated. - FINDING_TAGS_TEST: Finding applies to a dependency not in production code. - FINDING_TAGS_NORMAL: Finding applies to a normal, non-test, dependency. - FINDING_TAGS_FIX_AVAILABLE: There is a fix available for the CVE reported in this finding. - FINDING_TAGS_SELF: Finding applies only to the analyzed package version, there is no dependency involved. - FINDING_TAGS_POLICY: Deprecated. - FINDING_TAGS_CI_BLOCKER: Finding caused a CI failure. - FINDING_TAGS_VALID_SECRET: Finding applies to a valid secret. - FINDING_TAGS_INVALID_SECRET: Finding applies to an invalid secret. - FINDING_TAGS_PATH_EXTERNAL: Finding applies to a transitive dependency that can only be reached via external, non-OSS, project paths. - FINDING_TAGS_MALWARE: Finding applies to malicious package. - FINDING_TAGS_UNDER_REVIEW: Finding applies to suspicious package under review. - FINDING_TAGS_PHANTOM: Finding applies to a phantom dependency. - FINDING_TAGS_EXCEPTION: Finding is exempt from action policies. - FINDING_TAGS_CI_WARNING: Finding caused a CI warning. - FINDING_TAGS_NOTIFICATION: Finding triggered a notification. - FINDING_TAGS_EXPLOITED: This vulnerability is known to be exploited. - FINDING_TAGS_DISPUTED: This vulnerability has been marked as 'disputed'. - FINDING_TAGS_WITHDRAWN: This vulnerability has been marked as 'withdrawn'. - FINDING_TAGS_FALSE_POSITIVE: This finding has been analyzed to be a false positive. - FINDING_TAGS_TRUE_POSITIVE: This finding has been analyzed to be a true positive. - FINDING_TAGS_SNOOZED: Finding has been snoozed. - FINDING_TAGS_AI: This finding was generated using AI. - FINDING_TAGS_IGNORED: Finding has been ignored via the ignore file. - FINDING_TAGS_SEGMENT_MATCH: Finding applies to a dependency discovered via segment-matching. enum: - FINDING_TAGS_UNSPECIFIED - FINDING_TAGS_DIRECT - FINDING_TAGS_TRANSITIVE - FINDING_TAGS_PROJECT_INTERNAL - FINDING_TAGS_NAMESPACE_INTERNAL - FINDING_TAGS_REACHABLE_DEPENDENCY - FINDING_TAGS_UNREACHABLE_DEPENDENCY - FINDING_TAGS_POTENTIALLY_REACHABLE_DEPENDENCY - FINDING_TAGS_REACHABLE_FUNCTION - FINDING_TAGS_UNREACHABLE_FUNCTION - FINDING_TAGS_POTENTIALLY_REACHABLE_FUNCTION - FINDING_TAGS_FIXABLE - FINDING_TAGS_UNFIXABLE - FINDING_TAGS_PRODUCTION - FINDING_TAGS_TEST - FINDING_TAGS_NORMAL - FINDING_TAGS_FIX_AVAILABLE - FINDING_TAGS_SELF - FINDING_TAGS_POLICY - FINDING_TAGS_CI_BLOCKER - FINDING_TAGS_VALID_SECRET - FINDING_TAGS_INVALID_SECRET - FINDING_TAGS_PATH_EXTERNAL - FINDING_TAGS_MALWARE - FINDING_TAGS_UNDER_REVIEW - FINDING_TAGS_PHANTOM - FINDING_TAGS_EXCEPTION - FINDING_TAGS_CI_WARNING - FINDING_TAGS_NOTIFICATION - FINDING_TAGS_EXPLOITED - FINDING_TAGS_DISPUTED - FINDING_TAGS_WITHDRAWN - FINDING_TAGS_FALSE_POSITIVE - FINDING_TAGS_TRUE_POSITIVE - FINDING_TAGS_SNOOZED - FINDING_TAGS_AI - FINDING_TAGS_IGNORED - FINDING_TAGS_SEGMENT_MATCH type: string SpecFindingLevel: default: FINDING_LEVEL_UNSPECIFIED description: |- Finding severity level. - FINDING_LEVEL_CRITICAL: Critical finding. - FINDING_LEVEL_HIGH: Very important findings. - FINDING_LEVEL_MEDIUM: Important findings. - FINDING_LEVEL_LOW: Low priority finding. enum: - FINDING_LEVEL_UNSPECIFIED - FINDING_LEVEL_CRITICAL - FINDING_LEVEL_HIGH - FINDING_LEVEL_MEDIUM - FINDING_LEVEL_LOW type: string v1SystemEvaluationMethodDefinition: default: SYSTEM_EVALUATION_METHOD_DEFINITION_UNSPECIFIED description: >- SystemEvaluationMethodDefinition is the type of evaluation method implemented by the system. - SYSTEM_EVALUATION_METHOD_DEFINITION_VULNERABILITIES: VULNERABILITIES calculates vulnerability related findings. - SYSTEM_EVALUATION_METHOD_DEFINITION_SCORES: SCORES calculates score related findings. - SYSTEM_EVALUATION_METHOD_DEFINITION_CONDITIONS: CONDITIONS calculates findings related to specific conditions. - SYSTEM_EVALUATION_METHOD_DEFINITION_POLICIES: POLICIES evaluates methods based on user defined policies. - SYSTEM_EVALUATION_METHOD_DEFINITION_TYPOSQUATTING: TYPOSQUATTING calculates the findings related to typosquatted packages. - SYSTEM_EVALUATION_METHOD_DEFINITION_CIS: CIS calculates the findings related to CIS benchmark requirements. - SYSTEM_EVALUATION_METHOD_DEFINITION_MALWARE: MALWARE calculates the findings related to malware. - SYSTEM_EVALUATION_METHOD_DEFINITION_SECURITY_REVIEW: SECURITY REVIEW calculates security review related findings. - SYSTEM_EVALUATION_METHOD_DEFINITION_AI_SAST: AI_SAST calculates AI SAST related findings. enum: - SYSTEM_EVALUATION_METHOD_DEFINITION_UNSPECIFIED - SYSTEM_EVALUATION_METHOD_DEFINITION_VULNERABILITIES - SYSTEM_EVALUATION_METHOD_DEFINITION_SCORES - SYSTEM_EVALUATION_METHOD_DEFINITION_CONDITIONS - SYSTEM_EVALUATION_METHOD_DEFINITION_POLICIES - SYSTEM_EVALUATION_METHOD_DEFINITION_TYPOSQUATTING - SYSTEM_EVALUATION_METHOD_DEFINITION_CIS - SYSTEM_EVALUATION_METHOD_DEFINITION_MALWARE - SYSTEM_EVALUATION_METHOD_DEFINITION_SECURITY_REVIEW - SYSTEM_EVALUATION_METHOD_DEFINITION_AI_SAST type: string v1FindingLogSpecOperation: default: OPERATION_UNSPECIFIED enum: - OPERATION_UNSPECIFIED - OPERATION_CREATE - OPERATION_UPDATE - OPERATION_DELETE type: string v1DismissParams: description: Metadata associated with a snooze or ignore request. properties: comments: description: Comments for the snooze or ignore. type: string entry_id: description: The ignore file entry id. type: string expiration_time: description: Expiration time of the snooze or ignore. format: date-time type: string expire_if_fix_available: description: >- Set to true if the snooze or ignore should expire if a fix is available. type: boolean file_name: description: Name of the file that was used to ignore the finding. type: string reason: $ref: '#/components/schemas/v1ExceptionReason' update_time: description: Timestamp of the last update. format: date-time type: string updated_by: description: Username of the user who last updated the snooze or ignore. type: string type: object v1ExceptionReason: default: EXCEPTION_REASON_UNSPECIFIED description: |- Reasons for dismissing a finding. - EXCEPTION_REASON_FALSE_POSITIVE: Tool is incorrect. This is not a real issue. - EXCEPTION_REASON_RISK_ACCEPTED: Risk acknowledged and accepted. - EXCEPTION_REASON_IN_TRIAGE: Issue is actively being triaged. - EXCEPTION_REASON_OTHER: Other reason. Use policy description or dismiss comments to elaborate. - EXCEPTION_REASON_RESOLVED: Issue has been resolved. For example, a secret is no longer valid. enum: - EXCEPTION_REASON_UNSPECIFIED - EXCEPTION_REASON_FALSE_POSITIVE - EXCEPTION_REASON_RISK_ACCEPTED - EXCEPTION_REASON_IN_TRIAGE - EXCEPTION_REASON_OTHER - EXCEPTION_REASON_RESOLVED type: string ````