You can query for a report associated with an Account or a Repository. You can do so by querying for the reports field in the Account or Repository objects. Account.reports contains all the reports available for an Account. Repository.reports contains all the reports available for a Repository.
Fetching the OWASP Top 10 report for a repository
Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with a Repository.
Sample Request
query (
$name: String!
$login: String!
$vcsProvider: VCSProvider!
$startDate: Date!
$endDate: Date!
) {
repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
reports {
owaspTop10 {
key
title
currentValue
status
values(startDate: $startDate, endDate: $endDate) {
date
values {
key
value
}
}
trends {
label
value
changePercentage
}
securityIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
}
}
}
Sample Response
{
"data": {
"repository": {
"reports": {
"owaspTop10": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 12,
"status": "FAILING",
"values": [
{
"date": "2022-12-09",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-10",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-11",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-12",
"values": [
{
"key": "count",
"value": 12
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": 13,
"changePercentage": -7.0
},
{
"label": "3 Months Ago",
"value": 14,
"changePercentage": -14.0
},
{
"label": "6 Months Ago",
"value": 14,
"changePercentage": -14.0
},
{
"label": "12 Months Ago",
"value": null,
"changePercentage": null
}
],
"securityIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 1,
"minor": 0,
"total": 1
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
}
Fetching the OWASP Top 10 report for an account
Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with an Account.
Sample Request
query (
$login: String!
$vcsProvider: VCSProvider!
$startDate: Date!
$endDate: Date!
) {
account(login: $login, vcsProvider: $vcsProvider) {
reports {
owaspTop10 {
key
title
currentValue
status
values(startDate: $startDate, endDate: $endDate) {
date
values {
key
value
}
}
trends {
label
value
changePercentage
}
securityIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
}
}
}
Sample Response
{
"data": {
"account": {
"reports": {
"owaspTop10": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 144,
"status": "FAILING",
"values": [
{
"date": "2022-12-09",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-10",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-11",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-12",
"values": [
{
"key": "count",
"value": 144
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": 35,
"changePercentage": 311.0
},
{
"label": "3 Months Ago",
"value": 35,
"changePercentage": 311.0
},
{
"label": "6 Months Ago",
"value": 22,
"changePercentage": 554.0
},
{
"label": "12 Months Ago",
"value": null,
"changePercentage": null
}
],
"securityIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 2,
"major": 28,
"minor": 2,
"total": 32
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 3,
"major": 8,
"minor": 8,
"total": 19
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 1,
"major": 37,
"minor": 1,
"total": 39
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 9,
"minor": 0,
"total": 9
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 1,
"major": 11,
"minor": 8,
"total": 20
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 63,
"major": 0,
"minor": 0,
"total": 63
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
}
Fetching a report for a repository [Deprecated]
Query:repository:report field is deprecated in favor of Query:repository:reports field.
Query:repository:report Query for fetching a report associated with a Repository.
Sample Request
query($name: String!, $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
report(key: $reportKey) {
key
title
currentValue
status
historicalValues(startDate:$startDate, endDate:$endDate) {
date
values {
key
value
}
}
trends {
label
value
rate
}
... on ComplianceReport {
complianceIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
... on IssueDistributionReport {
issueDistributionByAnalyzer {
key
value
}
issueDistributionByCategory {
key
value
}
}
}
}
}
Sample Response
{
"data": {
"repository": {
"report": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 15,
"status": "FAILING",
"historicalValues": [
{
"date": "2022-07-01",
"values": [
{
"key": "count",
"value": 15
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": null,
"rate": null
},
{
"label": "3 Months Ago",
"value": null,
"rate": null
},
{
"label": "6 Months Ago",
"value": null,
"rate": null
},
{
"label": "12 Months Ago",
"value": null,
"rate": null
}
],
"complianceIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 8,
"minor": 0,
"total": 8
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 1,
"minor": 0,
"total": 1
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
Fetching a report for an account [Deprecated]
Query:account:report field is deprecated in favor of Query:account:reports field.
Query:account:report Query for fetching a report associated with an Account.
Sample Request
query( $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
account( login: $login, vcsProvider: $vcsProvider) {
report(key: $reportKey) {
key
title
currentValue
status
historicalValues(startDate:$startDate, endDate:$endDate) {
date
values {
key
value
}
}
trends {
label
value
rate
}
... on ComplianceReport {
complianceIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
... on IssueDistributionReport {
issueDistributionByAnalyzer {
key
value
}
issueDistributionByCategory {
key
value
}
}
}
}
}
Sample Response
{
"data": {
"account": {
"report": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 138,
"status": "FAILING",
"historicalValues": [
{
"date": "2022-07-01",
"values": [
{
"key": "count",
"value": 138
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": null,
"rate": null
},
{
"label": "3 Months Ago",
"value": null,
"rate": null
},
{
"label": "6 Months Ago",
"value": null,
"rate": null
},
{
"label": "12 Months Ago",
"value": null,
"rate": null
}
],
"complianceIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 1,
"major": 16,
"minor": 2,
"total": 19
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 2,
"major": 7,
"minor": 8,
"total": 17
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 2,
"major": 25,
"minor": 2,
"total": 29
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 13,
"minor": 0,
"total": 13
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 2,
"major": 11,
"minor": 8,
"total": 21
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 63,
"major": 0,
"minor": 0,
"total": 63
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
Objects
AccountReportsNamespace
A namespace containing all the reports available in an Account.
RepositoryReportsNamespace
A namespace containing all the reports available in a Repository.
OwaspTop10Report
Represents the OWASP Top 10 report.
| Field |
Type |
Description |
| key |
ReportKey! |
An enum that uniquely identifies a report. |
| title |
String! |
The title of the report. |
| currentValue |
Int |
The current value of the reported statistic. |
| values |
[ReportValueItem]! |
The values of the report between the given start and end dates. |
| startDate |
Date! |
The start date for the values. |
| endDate |
Date! |
The end date for the values. |
| trends |
[Trend]! |
The trends across 1 month, 3 month, 6 month and 12 months. |
| status |
ReportStatus! |
The status of the report. |
| securityIssueStats |
[SecurityIssueStat]! |
This contains all data regarding the occurrences of the compliance issues.
|
SansTop25Report
Represents the SANS Top 25 report.
| Field |
Type |
Description |
| key |
ReportKey! |
An enum that uniquely identifies a report. |
| title |
String! |
The title of the report. |
| currentValue |
Int |
The current value of the reported statistic. |
| values |
[ReportValueItem]! |
The values of the report between the given start and end dates. |
| startDate |
Date! |
The start date for the values. |
| endDate |
Date! |
The end date for the values. |
| trends |
[Trend]! |
The trends across 1 month, 3 month, 6 month and 12 months. |
| status |
ReportStatus! |
The status of the report. |
| securityIssueStats |
[SecurityIssueStat]! |
This contains all data regarding the occurrences of the compliance issues.
|
CodeCoverageReport
Represents the Code Coverage report.
| Field |
Type |
Description |
| key |
ReportKey! |
An enum that uniquely identifies a report. |
| title |
String! |
The title of the report. |
| repositories |
CodeCoverageReportRepositoryConnection |
The list of repositories along with their code coverage metric values. |
| q |
String |
The query param to search the repositories by name. |
| sortKey |
CodeCoverageReportRepositorySortKey |
An enum to sort the list of repositories by. |
| offset |
Int |
The count of repositories to skip. |
| before |
String |
A cursor to be used with last for backward pagination. |
| after |
String |
The number of items to forward paginate. |
| last |
Int |
The number of items to backward paginate. |
CodeHealthTrendReport
Represents the Code Health Trend report.
| Field |
Type |
Description |
| key |
ReportKey! |
An enum that uniquely identifies a report. |
| title |
String! |
The title of the report. |
| currentValue |
Int |
The current value of the reported statistic. |
| values |
[ReportValueItem]! |
The values of the report between the given start and end dates. |
| startDate |
Date! |
The start date for the values. |
| endDate |
Date! |
The end date for the values. |
| trends |
[Trend]! |
The trends across 1 month, 3 month, 6 month and 12 months. |
IssueDistributionReport
Represents the Issue Distribution report.
| Field |
Type |
Description |
| key |
ReportKey! |
An enum that uniquely identifies a report. |
| title |
String! |
The title of the report. |
| currentValue |
Int |
The current value of the reported statistic. |
| values |
[ReportValueItem]! |
The values of the report between the given start and end dates. |
| startDate |
Date! |
The start date for the values. |
| endDate |
Date! |
The end date for the values. |
| trends |
[Trend]! |
The trends across 1 month, 3 month, 6 month and 12 months. |
| issueDistributionByAnalyzer |
IssueDistribution! |
Distribution of issues by analyzer.
|
| issueDistributionByCategory |
IssueDistribution! |
Distribution of issues by category.
|
IssuesPreventedReport
Represents the Issues Prevented report.
| Field |
Type |
Description |
| key |
ReportKey! |
An enum that uniquely identifies a report. |
| title |
String! |
The title of the report. |
| currentValue |
Int |
The current value of the reported statistic. |
| values |
[ReportValueItem]! |
The values of the report between the given start and end dates. |
| startDate |
Date! |
The start date for the values. |
| endDate |
Date! |
The end date for the values. |
| trends |
[Trend]! |
The trends across 1 month, 3 month, 6 month and 12 months. |
| issueDistributionByAnalyzer |
IssueDistribution! |
Distribution of issues by analyzer.
|
| issueDistributionByCategory |
IssueDistribution! |
Distribution of issues by category.
|
IssuesAutofixedReport
Represents the Issues Autofixed report.
| Field |
Type |
Description |
| key |
ReportKey! |
An enum that uniquely identifies a report. |
| title |
String! |
The title of the report. |
| currentValue |
Int |
The current value of the reported statistic. |
| values |
[ReportValueItem]! |
The values of the report between the given start and end dates. |
| startDate |
Date! |
The start date for the values. |
| endDate |
Date! |
The end date for the values. |
| trends |
[Trend]! |
The trends across 1 month, 3 month, 6 month and 12 months. |
ReportValueItem
Represents the list of values recorded for a report on a specific date.
| Field |
Type |
Description |
| date |
Date! |
The date the values were recorded on.
|
| values |
ReportValue |
The list of values recorded.
|
ReportValue
Represents a recorded value in a report.
| Field |
Type |
Description |
| key |
String! |
The key to identify the recorded value
|
| value |
Int |
The recorded value.
|
IssueDistribution
| Field |
Type |
Description |
| key |
String! |
Key representing the category/type of issue.
|
| value |
Int! |
Number of issues in the category/type of issue.
|
SecurityIssueStat
| Field |
Type |
Description |
| key |
String! |
The key of the security issue.
|
| title |
String! |
Title of the security issue.
|
| occurrence |
SeverityDistribution! |
Denotes the count of occurrences of various security issues.
|
SeverityDistribution
| Field |
Type |
Description |
| critical |
Int |
Number of security issues categorized as critical.
|
| major |
Int |
Number of security issues categorized as major.
|
| minor |
Int |
Number of security issues categorized as minor.
|
| major |
Int! |
Total number of security issues.
|
CodeCoverageReportRepositoryConnection
CodeCoverageReportRepositoryEdge
CodeCoverageReportRepository
| Field |
Type |
Description |
| name |
[String]! |
The name of the repository.
|
| id |
[ID]! |
The ID of the repository.
|
| lcvMetricValue |
[Float] |
The LCV metric value for the repository.
|
| bcvMetricValue |
[Float] |
The BCV metric value for the repository.
|
| isLcvPassing |
[Boolean] |
Whether the LCV value is passing the threshold set for the metric.
|
| isBcvPassing |
[Boolean] |
Whether the BCV value is passing the threshold set for the metric.
|
Trend
Compares the report value across different time periods.
| Field |
Type |
Description |
| label |
String! |
A label for the trend. For example: "1 Month Ago"
|
| value |
Int! |
The value of the trend.
|
| changePercentage |
Float! |
The rate of change compared to the current value.
|
Deprecated
The following GraphQL interfaces & objects have been deprecated and will be removed soon.
Interfaces
Report
Represents the report associated with an Account or Repository.
| Field |
Type |
Description |
| key |
ReportKey! |
This is an enum that is used to uniquely identify a report.
|
| title |
String! |
Title of the report. |
| currentValue |
Int! |
The current value of the reported statistic. |
| historicalValues |
[HistoricalValueItem]! |
The historical data of the report. |
| startDate |
Date! |
The start date for the historical values. |
| endDate |
Date! |
The end date for the historical values. |
| trends |
[Trend]! |
The trends across 1 month, 3 month, 6 month and 12 months. |
Objects
ComplianceReport
Represents a compliance report. Currently there are two compliance reports - OWASP_TOP_10 and SANS_TOP_25.
Implements the Report interface.
| Field |
Type |
Description |
| key |
ReportKey! |
This is an enum that is used to uniquely identify a report.
|
| title |
String! |
Title of the report. |
| currentValue |
Int! |
The current value of the reported statistic. |
| historicalValues |
[HistoricalValueItem]! |
The historical data of the report. |
| startDate |
Date! |
The start date for the historical values. |
| endDate |
Date! |
The end date for the historical values. |
| trends |
[Trend]! |
The trends across 1 month, 3 month, 6 month and 12 months. |
| complianceIssueStats |
[ComplianceIssueStat]! |
This contains all data regarding the occurrences of the compliance issues.
|
ComplianceIssueStat
| Field |
Type |
Description |
| key |
String! |
The key of the compliance issue.
|
| title |
String! |
Title of the compliance issue.
|
| occurrence |
ComplianceIssueOccurrenceCount! |
Denotes the count of occurences of various compliance issues.
|
ComplianceIssueOccurrenceCount
| Field |
Type |
Description |
| critical |
Int |
Number of compliance issues categorized as critical.
|
| major |
Int |
Number of compliance issues categorized as major.
|
| minor |
Int |
Number of compliance issues categorized as minor.
|
| major |
Int! |
Total number of compliance issues.
|
HistoricalValue
| Field |
Type |
Description |
| key |
String! |
The key to uniquely identify the recorded value.
|
| value |
Int! |
The value of the recorded value.
|
HistoricalValueItem
| Field |
Type |
Description |
| date |
Date! |
Date of the recorded value.
|
| values |
[HistoricalValue]! |
A list of values recorded on the associated date.
|