Alerts - List
Get alerts for a repository
GET https://advsec.dev.azure.com/{organization}/{project}/_apis/alert/repositories/{repository}/alerts?api-version=7.2-preview.1GET https://advsec.dev.azure.com/{organization}/{project}/_apis/alert/repositories/{repository}/alerts?top={top}&orderBy={orderBy}&criteria.alertIds={criteria.alertIds}&criteria.alertType={criteria.alertType}&criteria.confidenceLevels={criteria.confidenceLevels}&criteria.dependencyName={criteria.dependencyName}&criteria.fromDate={criteria.fromDate}&criteria.keywords={criteria.keywords}&criteria.modifiedSince={criteria.modifiedSince}&criteria.onlyDefaultBranchAlerts={criteria.onlyDefaultBranchAlerts}&criteria.phaseId={criteria.phaseId}&criteria.phaseName={criteria.phaseName}&criteria.pipelineName={criteria.pipelineName}&criteria.ref={criteria.ref}&criteria.ruleId={criteria.ruleId}&criteria.ruleName={criteria.ruleName}&criteria.severities={criteria.severities}&criteria.states={criteria.states}&criteria.toDate={criteria.toDate}&criteria.toolName={criteria.toolName}&continuationToken={continuationToken}&api-version=7.2-preview.1URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
organization
|
path | True |
string |
The name of the Azure DevOps organization. |
|
project
|
path | True |
string |
Project ID or project name |
|
repository
|
path | True |
string |
The name or ID of the repository |
|
api-version
|
query | True |
string |
Version of the API to use. This should be set to '7.2-preview.1' to use this version of the api. |
|
continuation
|
query |
string |
If there are more alerts than can be returned, a continuation token is placed in the "x-ms-continuationtoken" header. Use that token here to get the next page of alerts |
|
|
criteria.
|
query |
integer[] |
If provided, only return alerts with the ids specified. |
|
|
criteria.
|
query |
If provided, only return alerts of this type. Otherwise, return alerts of all types. |
||
|
criteria.
|
query |
string[] |
If provided, only return alerts at these confidence levels. |
|
|
criteria.
|
query |
string |
If provided, only alerts for this dependency are returned. |
|
|
criteria.
|
query |
string date-time |
If provided, only return alerts last seen after this date. |
|
|
criteria.
|
query |
string |
If provided, only return alerts whose titles match this pattern. |
|
|
criteria.
|
query |
string date-time |
If provided, only return alerts that were modified since this date. |
|
|
criteria.
|
query |
boolean |
If true, only return alerts found on the default branch of the repository. |
|
|
criteria.
|
query |
string uuid |
If provided with pipelineName, only return alerts detected in this pipeline phase |
|
|
criteria.
|
query |
string |
If provided with pipelineName, only return alerts detected in this pipeline phase |
|
|
criteria.
|
query |
string |
If provided, only return alerts detected in this pipeline. |
|
|
criteria.
|
query |
string |
If provided, only include alerts for this ref. |
|
|
criteria.
|
query |
string |
If provided, only return alerts for this rule. |
|
|
criteria.
|
query |
string |
If provided, only return alerts for this rule. |
|
|
criteria.
|
query |
string[] |
If provided, only return alerts at these severities. |
|
|
criteria.
|
query |
string[] |
If provided, only return alerts in these states. |
|
|
criteria.
|
query |
string date-time |
If provided, only return alerts last seen before this date. |
|
|
criteria.
|
query |
string |
If provided with toolName, only return alerts detected by this tool. |
|
|
order
|
query |
string |
Must be "id" "firstSeen" "lastSeen" "fixedOn" or "severity" Defaults to "id" |
|
|
top
|
query |
integer int32 |
The maximum number of alerts to return |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Alert[] |
successful operation |
Security
oauth2
Type:
oauth2
Flow:
accessCode
Authorization URL:
https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion
Token URL:
https://app.vssps.visualstudio.com/oauth2/token?client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
Scopes
| Name | Description |
|---|---|
| vso.advsec | Grants the ability to read alerts, result instances, analysis result instances |
Definitions
| Name | Description |
|---|---|
| Alert | |
|
Alert |
Type of the alert. E.g. secret, code, etc. |
| Confidence |
Confidence level of the alert. |
| Dismissal |
Information about an alert dismissal |
|
Dismissal |
Reason for the dismissal |
|
Identity |
|
|
Logical |
|
|
Physical |
Location in the source control system where the issue was found |
|
Reference |
The class to represent a collection of REST reference links. |
| Region | |
|
Relation |
The metadata to be associated with the alert. |
| Rule |
The analysis rule that caused the alert. |
| Severity |
Severity of the alert. |
| State |
This value is computed and returned by the service. It is a value based on the results from all analysis configurations. |
| Tool |
An Analysis tool that can generate security alerts |
|
Validation |
|
|
Version |
Information for locating files in a source control system |
Alert
| Name | Type | Description |
|---|---|---|
| alertId |
integer |
Identifier for the alert. It is unqiue within Azure DevOps organization. |
| alertType |
Type of the alert. E.g. secret, code, etc. |
|
| confidence |
Confidence level of the alert. |
|
| dismissal |
Contains information for the dismissal of the alert if the alert has been dismissed. |
|
| firstSeenDate |
string |
This value is computed and returned by the service. This value represents the first time the service has seen this issue reported in an analysis instance. |
| fixedDate |
string |
This value is computed and returned by the service. If the issue is fixed, this value represents the time the service has seen this issue fixed in an analysis instance. |
| gitRef |
string |
Reference to a git object, e.g. branch ref. |
| introducedDate |
string |
This value is computed and returned by the service. This value represents the first time the vulnerability was introduced. |
| lastSeenDate |
string |
This value is computed and returned by the service. This value represents the last time the service has seen this issue reported in an analysis instance. |
| logicalLocations |
Logical locations for the alert. This value is computed and returned by the service. It is a value based on the results from all analysis configurations. An example of a logical location is a component. |
|
| physicalLocations |
This value is computed and returned by the service. It is a value based on the results from all analysis configurations. An example of a physical location is a file location. |
|
| relations |
Relations between alerts and other artifacts. |
|
| repositoryUrl |
string |
Repository URL where the alert was detected. |
| severity |
Severity of the alert. |
|
| state |
This value is computed and returned by the service. It is a value based on the results from all analysis configurations. |
|
| title |
string |
Title will only be rendered as text and does not support markdown formatting. There is a maximum character limit of 256. |
| tools |
Tool[] |
Tools that have detected this issue. |
| truncatedSecret |
string |
A truncated/obfuscated version of the secret pertaining to the alert (if applicable). |
| validationFingerprints |
ValidationFingerprints for the secret liveness check. Only returned on demand in Get API with Expand parameter set to be ValidationFingerprint (not returned in List API) |
AlertType
Type of the alert. E.g. secret, code, etc.
| Name | Type | Description |
|---|---|---|
| code |
string |
The code contains a weakness determined by static analysis. |
| dependency |
string |
The code uses a dependency with a known vulnerability. |
| secret |
string |
The code contains a secret that has now been compromised and must be revoked. |
| unknown |
string |
The code has an unspecified vulnerability type |
Confidence
Confidence level of the alert.
| Name | Type | Description |
|---|---|---|
| high |
string |
High confidence level for alert |
| other |
string |
Other confidence level for alert |
Dismissal
Information about an alert dismissal
| Name | Type | Description |
|---|---|---|
| dismissalId |
integer |
Unique ID for this dismissal |
| dismissalType |
Reason for the dismissal |
|
| message |
string |
Informational message attached to the dismissal |
| stateChangedBy |
string |
Identity that dismissed the alert |
| stateChangedByIdentity |
Identity that dismissed the alert |
DismissalType
Reason for the dismissal
| Name | Type | Description |
|---|---|---|
| acceptedRisk |
string |
Dismissal indicating user is accepting a risk for the alert |
| falsePositive |
string |
Dismissal indicating alert is a false positive and will likely not be fixed. |
| fixed |
string |
Dismissal indicating alert has been fixed |
| unknown |
string |
Dismissal type unknown |
IdentityRef
| Name | Type | Description |
|---|---|---|
| _links |
This field contains zero or more interesting links about the graph subject. These links may be invoked to obtain additional relationships or more detailed information about this graph subject. |
|
| descriptor |
string |
The descriptor is the primary way to reference the graph subject while the system is running. This field will uniquely identify the same graph subject across both Accounts and Organizations. |
| directoryAlias |
string |
Deprecated - Can be retrieved by querying the Graph user referenced in the "self" entry of the IdentityRef "_links" dictionary |
| displayName |
string |
This is the non-unique display name of the graph subject. To change this field, you must alter its value in the source provider. |
| id |
string |
|
| imageUrl |
string |
Deprecated - Available in the "avatar" entry of the IdentityRef "_links" dictionary |
| inactive |
boolean |
Deprecated - Can be retrieved by querying the Graph membership state referenced in the "membershipState" entry of the GraphUser "_links" dictionary |
| isAadIdentity |
boolean |
Deprecated - Can be inferred from the subject type of the descriptor (Descriptor.IsAadUserType/Descriptor.IsAadGroupType) |
| isContainer |
boolean |
Deprecated - Can be inferred from the subject type of the descriptor (Descriptor.IsGroupType) |
| isDeletedInOrigin |
boolean |
|
| profileUrl |
string |
Deprecated - not in use in most preexisting implementations of ToIdentityRef |
| uniqueName |
string |
Deprecated - use Domain+PrincipalName instead |
| url |
string |
This url is the full route to the source resource of this graph subject. |
LogicalLocation
| Name | Type | Description |
|---|---|---|
| fullyQualifiedName |
string |
|
| kind |
string |
Possible values: "unknown" "rootDependency" and "vulnerableDependency" |
PhysicalLocation
Location in the source control system where the issue was found
| Name | Type | Description |
|---|---|---|
| filePath |
string |
Path of the file where the issue was found |
| region |
Details about the location where the issue was found including a snippet |
|
| versionControl |
Source control system-specific information about the location |
ReferenceLinks
The class to represent a collection of REST reference links.
| Name | Type | Description |
|---|---|---|
| links |
object |
The readonly view of the links. Because Reference links are readonly, we only want to expose them as read only. |
Region
| Name | Type | Description |
|---|---|---|
| columnEnd |
integer |
The column where the code snippet ends |
| columnStart |
integer |
The column where the code snippet starts |
| lineEnd |
integer |
The line number where the code snippet ends |
| lineStart |
integer |
The line number where the code snippet starts |
RelationMetadata
The metadata to be associated with the alert.
| Name | Type | Description |
|---|---|---|
| attributes |
object |
Any additional attributes of the metadata. |
| rel |
string |
The type of the metadata. |
| url |
string |
The URL of the metadata. |
Rule
The analysis rule that caused the alert.
| Name | Type | Description |
|---|---|---|
| additionalProperties |
object |
Additional properties of this rule dependent on the rule type. For example, dependency rules may include the CVE ID if it is available. |
| description |
string |
Description of what this rule detects |
| friendlyName |
string |
Plain-text rule identifier |
| helpMessage |
string |
Additional information about this rule |
| opaqueId |
string |
Tool-specific rule identifier |
| resources |
string |
Markdown-formatted list of resources to learn more about the Rule. In some cases, RuleInfo.AdditionalProperties.advisoryUrls is used instead. |
| tags |
string[] |
Classification tags for this rule |
Severity
Severity of the alert.
| Name | Type | Description |
|---|---|---|
| critical |
string |
|
| error |
string |
|
| high |
string |
|
| low |
string |
|
| medium |
string |
|
| note |
string |
|
| warning |
string |
State
This value is computed and returned by the service. It is a value based on the results from all analysis configurations.
| Name | Type | Description |
|---|---|---|
| active |
string |
Alert has been detected in the code |
| autoDismissed |
string |
The tool has determined that the issue is no longer a risk |
| dismissed |
string |
Alert was dismissed by a user |
| fixed |
string |
The issue is no longer detected in the code |
| unknown |
string |
Alert is in an indeterminate state |
Tool
An Analysis tool that can generate security alerts
| Name | Type | Description |
|---|---|---|
| name |
string |
Name of the tool |
| rules |
Rule[] |
The rules that the tool defines |
ValidationFingerprint
| Name | Type | Description |
|---|---|---|
| validationFingerprintHash |
string |
|
| validationFingerprintJson |
string |
VersionControlDetails
Information for locating files in a source control system
| Name | Type | Description |
|---|---|---|
| commitHash |
string |
|
| itemUrl |
string |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for