> ## Documentation Index > Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt > Use this file to discover all available pages before exploring further. # GetSemgrepRule > Fetches a Semgrep rule identified by the UUID. ## OpenAPI ````yaml /api-reference/openapi.v3.json get /v1/namespaces/{tenant_meta.namespace}/semgrep-rules/{uuid} openapi: 3.0.3 info: description: Integrate your application with Endor Labs using the REST API. title: Endor Labs REST API Reference version: '1.0' servers: - url: https://api.endorlabs.com/ security: [] tags: - name: AISastCustomerContextService - name: APIKeyService - name: APIKeyValidatorService - name: ArtifactSignatureService - name: AuditLogService - name: AuthenticationLogService - name: AuthenticationService - name: AuthorizationPolicyService - name: BatchFileSegmentsService - name: BatchNotificationService - name: CallGraphDataService - name: CodeOwnersService - name: DependencyMetadataService - name: EndorIgnoreEntryService - name: ExporterService - name: FindingLogService - name: FindingService - name: HuggingFaceModelService - name: HuggingFaceOrganizationService - name: IPAddressPolicyService - name: IdentityProviderService - name: InstallationService - name: InvitationService - name: LicenseDependencyService - name: LicenseNoticesReportService - name: LicenseSummaryService - name: LinterResultService - name: MalwareService - name: MetricService - name: NamespaceService - name: NotificationService - name: NotificationTargetService - name: OnPremSchedulerService - name: PRCommentConfigService - name: PackageFirewallLogService - name: PackageLicenseOverrideService - name: PackageLicenseQueryService - name: PackageLicenseService - name: PackageManagerService - name: PackageVersionService - name: PluginBinaryService - name: PolicyService - name: PolicyTemplateService - name: ProjectService - name: ProvisioningResultService - name: QueryMalwareService - name: QueryService - name: QuerySimilarPackagesService - name: QueryVulnerabilityService - name: RegistryIngestionCheckpointService - name: RepositoryService - name: RepositoryVersionService - name: RuleSetImportService - name: SBOMExportService - name: SBOMImportService - name: SCMCredentialService - name: SavedQueryService - name: ScanLogRequestService - name: ScanProfileService - name: ScanResultService - name: ScanWorkflowResultService - name: ScanWorkflowService - name: SecretRuleService - name: SemgrepRuleService - name: SystemConfigService - name: TenantService - name: VEXExportService - name: VectorStoreService - name: VersionUpgradeService - name: VulnerabilityService paths: /v1/namespaces/{tenant_meta.namespace}/semgrep-rules/{uuid}: get: tags: - SemgrepRuleService summary: GetSemgrepRule description: Fetches a Semgrep rule identified by the UUID. operationId: SemgrepRuleService_GetSemgrepRule parameters: - description: >- Namespaces are a way to organize organizational units into virtual groupings of resources. Namespaces must be a fully qualified name, for example, the child namespace of namespace "endor.prod" called "app" is called "endor.prod.app". in: path name: tenant_meta.namespace required: true schema: type: string x-endor-name: Namespace - description: The UUID of the requested resource. in: path name: uuid required: true schema: type: string - description: List of fields to return (all fields are returned by default). in: query name: get_parameters.mask schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/v1SemgrepRule' description: A successful response. default: content: application/json: schema: $ref: '#/components/schemas/googlerpcStatus' description: An unexpected error response. components: schemas: v1SemgrepRule: properties: disabled: type: boolean meta: $ref: '#/components/schemas/v1Meta' propagate: description: >- Propagate indicates that the object should be visible in child namespaces. type: boolean spec: $ref: '#/components/schemas/v1SemgrepRuleSpec' tenant_meta: $ref: '#/components/schemas/v1TenantMeta' uuid: description: The UUID of the Semgrep rule. readOnly: true type: string required: - meta - spec type: object googlerpcStatus: description: >- The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). properties: code: description: |- The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. format: int32 type: integer details: description: >- A list of messages that carry the error details. There is a common set of message types for APIs to use. items: $ref: '#/components/schemas/googleprotobufAny' type: array message: description: >- A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. type: string type: object v1Meta: description: Common fields for all Endor Labs resources. properties: annotations: additionalProperties: type: string description: >- Annotations can be used to attach metadata to a resource message. Annotation values can be small or large, structured or unstructured, and may include characters not permitted by labels. The keys may contain alphanumerics, underscores (_), dots (.) and dashes (-). The values of an annotation must be 16384 bytes or smaller. type: object create_time: description: |- Time the resource was created. Format: 2017-01-15T01:30:15.01Z RFC 3339: https://www.ietf.org/rfc/rfc3339.txt. format: date-time readOnly: true type: string created_by: description: |- Name and authentication source of the user who created the object, for example, ewok@endor.ai@google@api-key. readOnly: true type: string description: description: Resource description. Must be less than 1024 bytes. type: string index_data: $ref: '#/components/schemas/v1IndexData' kind: description: >- Resource kind, for example, HelloResponse. Auto-generated using the protobuf message proto.MessageName().Name(). readOnly: true type: string name: description: Resource name. Must be 63 characters or less. type: string parent_kind: description: Parent object resource kind, for example, Project. type: string parent_uuid: description: Parent object UUID. type: string references: additionalProperties: $ref: '#/components/schemas/googleprotobufAny' description: Map of objects referenced in a query API. readOnly: true type: object tags: description: >- List of tags attached to the resource. Tags can be used to select objects and to find collections of objects that satisfy certain conditions. A tag must be 255 characters or less. items: type: string type: array update_time: description: |- Time the resource was last updated. Note: Updated on all create/patch/delete operations. Format: 2017-01-15T01:30:15.01Z RFC 3339: https://www.ietf.org/rfc/rfc3339.txt. format: date-time readOnly: true type: string updated_by: description: >- Name and authentication source of the last user who updated the object, for example, vulnerabilityingestor@endor.ai@x509. readOnly: true type: string upsert_time: description: |- Time the resource was last upserted. Note: create_time is only set the first time the resource is created. upsert_time is set every time the resource is upseted. Format: 2017-01-15T01:30:15.01Z RFC 3339: https://www.ietf.org/rfc/rfc3339.txt. format: date-time readOnly: true type: string version: description: Message version. readOnly: true type: string required: - name type: object v1SemgrepRuleSpec: properties: defined_by: description: Endor Labs or the name of the tenant creating the rule. readOnly: true type: string disabled: description: Rule is disabled. type: boolean rule: $ref: '#/components/schemas/v1SemgrepNativeRule' severity_level: $ref: '#/components/schemas/v1SemgrepRuleSpecSeverityLevel' yaml: description: Yaml is the rule in its original yaml format. type: string type: object v1TenantMeta: description: Tenant related data for the tenant containing the resource. properties: namespace: description: >- Namespaces are a way to organize organizational units into virtual groupings of resources. Namespaces must be a fully qualified name, for example, the child namespace of namespace "endor.prod" called "app" is called "endor.prod.app". type: string required: - namespace type: object googleprotobufAny: additionalProperties: {} description: >- `Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } // or ... if (any.isSameTypeAs(Foo.getDefaultInstance())) { foo = any.unpack(Foo.getDefaultInstance()); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... Example 4: Pack and unpack a message in Go foo := &pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := &pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... } The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { "@type": "type.googleapis.com/google.profile.Person", "firstName": , "lastName": } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]): { "@type": "type.googleapis.com/google.protobuf.Duration", "value": "1.212s" } properties: '@type': description: >- A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one "/" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading "." is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics. type: string type: object v1IndexData: description: |- IndexData is used to index the resource for search. It's an internal object. properties: data: items: type: string readOnly: true type: array search_score: description: >- search_score is the score of the resource for search. Internal use only. format: float readOnly: true type: number tenant: readOnly: true type: string will_be_deleted_at: description: Time that the resource will be deleted. format: date-time readOnly: true type: string type: object v1SemgrepNativeRule: description: SemgrepNativeRule reflects the Semgrep rules as per the specification. properties: fix: type: string fix_regex: $ref: '#/components/schemas/v1SemgrepFixRegex' focus_metavariable: items: type: string type: array id: type: string languages: items: type: string type: array message: type: string metadata: $ref: '#/components/schemas/v1SemgrepRuleMeta' metavariable_pattern: $ref: '#/components/schemas/v1SemgrepMetavariablePattern' metavariable_regex: $ref: '#/components/schemas/v1SemgrepMetavariableRegex' min_version: type: string mode: type: string options: $ref: '#/components/schemas/v1SemgrepOptions' paths: $ref: '#/components/schemas/v1SemgrepPaths' pattern: type: string pattern_either: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array pattern_inside: type: string pattern_inside_either: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array pattern_not: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array pattern_propagators: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array pattern_regex: type: string pattern_sanitizers: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array pattern_sinks: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array pattern_sources: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array patterns: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array references: items: type: string type: array severity: type: string type: object v1SemgrepRuleSpecSeverityLevel: default: SEVERITY_LEVEL_UNSPECIFIED description: |- The severity level of the rule. This is computed using the values of the confidence and the impact from the rule itself. If those values are not defined, the severity level is set to LOW. enum: - SEVERITY_LEVEL_UNSPECIFIED - SEVERITY_LEVEL_LOW - SEVERITY_LEVEL_MEDIUM - SEVERITY_LEVEL_HIGH - SEVERITY_LEVEL_CRITICAL type: string v1SemgrepFixRegex: properties: count: format: int32 type: integer regex: type: string replacement: type: string type: object v1SemgrepRuleMeta: properties: ai_provider: type: string asvs: $ref: '#/components/schemas/v1SemgrepMetaAsvs' author: type: string bandit_code: type: string category: type: string confidence: type: string confidence_level: $ref: '#/components/schemas/endorv1ConfidenceLevel' cwe: items: type: string type: array cwe2020_top25: type: boolean cwe2021_top25: type: boolean cwe2022_top25: type: boolean cwe2023_top25: type: boolean deprecated: type: boolean description: description: A description of the rule. type: string display_name: type: string endor_attack_examples: description: |- References to the description of an attack (if any) that used the respective code. items: type: string type: array endor_category: description: |- Determines what a rule is used for (possible values: vulnerability, malware-detection, critical-api, or llm). type: string endor_rule_origin: $ref: '#/components/schemas/v1EndorRuleOrigin' endor_tags: description: |- ENDOR_TAG_SEMGREP_IGNORE ENDOR_TAG_ANALYTICS_INFO ENDOR_TAG_ANALYTICS_IMPACT items: type: string title: >- Container for generic tags that control later processing of rule results. Certain ENDOR specific tags exist and are reserved for internal use, like: type: array endor_targets: description: >- Determines whether a rule is run against the repository and/or package (possible values: package, repository). items: $ref: '#/components/schemas/v1EndorTarget' type: array explanation: type: string functional_categories: items: type: string type: array help: type: string impact: type: string interfile: type: boolean license: type: string likelihood: type: string masvs: items: type: string type: array owasp: items: type: string type: array owaspapi: type: string precision: type: string references: items: type: string type: array remediation: type: string resources: items: type: string type: array rule_origin_note: type: string security_severity: type: string severity: type: string short_description: type: string source_rule_url: type: string source_url_open: type: string subcategory: items: type: string type: array tags: items: type: string type: array technology: items: type: string type: array version: description: The semantic version of this rule. type: string vulnerability: type: string vulnerability_class: items: type: string type: array title: Semgrep rule specifications type: object v1SemgrepMetavariablePattern: properties: language: type: string metavariable: type: string pattern: type: string pattern_either: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array pattern_regex: type: string patterns: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array type: object v1SemgrepMetavariableRegex: properties: metavariable: type: string regex: type: string x: type: string type: object v1SemgrepOptions: properties: constant_propagation: description: Enables constant propagation analysis. type: boolean generic_ellipsis_max_span: description: Maximum span for generic ellipsis patterns. format: int32 type: integer generic_engine: description: Specifies the generic engine to use for analysis. type: string implicit_deep_exprstmt: description: Enables implicit deep expression statement analysis. type: boolean interfile: description: Enables interfile analysis for cross-file taint tracking. type: boolean symbolic_propagation: description: Enables symbolic propagation analysis for taint tracking. type: boolean taint_assume_safe_booleans: description: Assumes boolean values are safe in taint analysis. type: boolean taint_assume_safe_functions: description: Assumes function calls are safe in taint analysis. type: boolean taint_assume_safe_numbers: description: Assumes numeric values are safe in taint analysis. type: boolean taint_unify_mvars: description: Enables unification of metavariables in taint analysis. type: boolean type: object v1SemgrepPaths: properties: exclude: items: type: string type: array include: items: type: string type: array type: object v1SemgrepRulePatternType: properties: by_side_effect: type: boolean exact: type: boolean focus_metavariable: items: type: string type: array from: type: string label: type: string management: $ref: '#/components/schemas/v1SemgrepManagement' metavariable_analysis: $ref: '#/components/schemas/v1SemgrepMetavariableAnalysis' metavariable_comparison: $ref: '#/components/schemas/v1SemgrepMetavariableComparison' metavariable_pattern: $ref: '#/components/schemas/v1SemgrepMetavariablePattern' metavariable_regex: $ref: '#/components/schemas/v1SemgrepMetavariableRegex' metavariable_type: $ref: '#/components/schemas/v1SemgrepMetavariableType' not_conflicting: type: boolean pattern: type: string pattern_either_new: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array pattern_inside: type: string pattern_inside_either: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array pattern_not: type: string pattern_not_inside: type: string pattern_not_regex: type: string pattern_regex: type: string patterns: items: $ref: '#/components/schemas/v1SemgrepRulePatternType' type: array requires: type: string to: type: string type: object v1SemgrepMetaAsvs: properties: control_id: type: string control_url: type: string section: type: string version: type: string type: object endorv1ConfidenceLevel: default: CONFIDENCE_LEVEL_UNSPECIFIED description: Protobuf definition for ConfidenceLevel. enum: - CONFIDENCE_LEVEL_UNSPECIFIED - CONFIDENCE_LEVEL_UNKNOWN - CONFIDENCE_LEVEL_HIGH - CONFIDENCE_LEVEL_MEDIUM - CONFIDENCE_LEVEL_LOW type: string v1EndorRuleOrigin: properties: license: type: string url: type: string type: object v1EndorTarget: default: ENDOR_TARGET_UNSPECIFIED description: >- EndorTarget determines the origin of the files that will be analyzed by a rule. enum: - ENDOR_TARGET_UNSPECIFIED - ENDOR_TARGET_PACKAGE - ENDOR_TARGET_REPOSITORY type: string v1SemgrepManagement: properties: endpoints: $ref: '#/components/schemas/v1SemgrepEndpoints' type: object v1SemgrepMetavariableAnalysis: properties: analyzer: type: string metavariable: type: string type: object v1SemgrepMetavariableComparison: properties: base: type: boolean comparison: type: string metavariable: type: string strip: type: boolean type: object v1SemgrepMetavariableType: properties: metavariable: type: string type: type: string type: object v1SemgrepEndpoints: properties: web: $ref: '#/components/schemas/v1SemgrepWeb' type: object v1SemgrepWeb: properties: exposure: $ref: '#/components/schemas/v1SemgrepExposure' type: object v1SemgrepExposure: properties: exclude: items: type: string type: array include: items: type: string type: array type: object ````