Reports

You can query for a report associated with an Account or a Repository. You can do so by querying for the reports field in the Account or Repository objects. Account.reports contains all the reports available for an Account. Repository.reports contains all the reports available for a Repository.

Fetching the OWASP Top 10 report for a repository

Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with a Repository.

Sample Request

query (
    $name: String!
    $login: String!
    $vcsProvider: VCSProvider!
    $startDate: Date!
    $endDate: Date!
) {
    repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
        reports {
            owaspTop10 {
                key
                title
                currentValue
                status
                values(startDate: $startDate, endDate: $endDate) {
                    date
                    values {
                        key
                        value
                    }
                }
                trends {
                    label
                    value
                    changePercentage
                }
                securityIssueStats {
                    key
                    title
                    occurrence {
                        critical
                        major
                        minor
                        total
                    }
                }
            }
        }
    }
}

Sample Response

{
    "data": {
        "repository": {
            "reports": {
                "owaspTop10": {
                    "key": "OWASP_TOP_10",
                    "title": "OWASP Top 10",
                    "currentValue": 12,
                    "status": "FAILING",
                    "values": [
                        {
                            "date": "2022-12-09",
                            "values": [
                                {
                                    "key": "count",
                                    "value": 12
                                }
                            ]
                        },
                        {
                            "date": "2022-12-10",
                            "values": [
                                {
                                    "key": "count",
                                    "value": 12
                                }
                            ]
                        },
                        {
                            "date": "2022-12-11",
                            "values": [
                                {
                                    "key": "count",
                                    "value": 12
                                }
                            ]
                        },
                        {
                            "date": "2022-12-12",
                            "values": [
                                {
                                    "key": "count",
                                    "value": 12
                                }
                            ]
                        }
                    ],
                    "trends": [
                        {
                            "label": "1 Month Ago",
                            "value": 13,
                            "changePercentage": -7.0
                        },
                        {
                            "label": "3 Months Ago",
                            "value": 14,
                            "changePercentage": -14.0
                        },
                        {
                            "label": "6 Months Ago",
                            "value": 14,
                            "changePercentage": -14.0
                        },
                        {
                            "label": "12 Months Ago",
                            "value": null,
                            "changePercentage": null
                        }
                    ],
                    "securityIssueStats": [
                        {
                            "key": "A01",
                            "title": "Broken Access Control",
                            "occurrence": {
                                "critical": 0,
                                "major": 0,
                                "minor": 0,
                                "total": 0
                            }
                        },
                        {
                            "key": "A02",
                            "title": "Cryptographic Failures",
                            "occurrence": {
                                "critical": 0,
                                "major": 0,
                                "minor": 3,
                                "total": 3
                            }
                        },
                        {
                            "key": "A03",
                            "title": "Injection",
                            "occurrence": {
                                "critical": 0,
                                "major": 2,
                                "minor": 0,
                                "total": 2
                            }
                        },
                        {
                            "key": "A04",
                            "title": "Insecure Design",
                            "occurrence": {
                                "critical": 0,
                                "major": 6,
                                "minor": 0,
                                "total": 6
                            }
                        },
                        {
                            "key": "A05",
                            "title": "Security Misconfiguration",
                            "occurrence": {
                                "critical": 0,
                                "major": 0,
                                "minor": 3,
                                "total": 3
                            }
                        },
                        {
                            "key": "A06",
                            "title": "Vulnerable and Outdate components",
                            "occurrence": {
                                "critical": 0,
                                "major": 3,
                                "minor": 0,
                                "total": 3
                            }
                        },
                        {
                            "key": "A07",
                            "title": "Identification and Authentication Failures",
                            "occurrence": {
                                "critical": 0,
                                "major": 1,
                                "minor": 0,
                                "total": 1
                            }
                        },
                        {
                            "key": "A08",
                            "title": "Software and Data Integrity Failures",
                            "occurrence": {
                                "critical": 0,
                                "major": 0,
                                "minor": 0,
                                "total": 0
                            }
                        },
                        {
                            "key": "A09",
                            "title": "Security Logging and Monitoring Failures",
                            "occurrence": {
                                "critical": 0,
                                "major": 0,
                                "minor": 0,
                                "total": 0
                            }
                        },
                        {
                            "key": "A10",
                            "title": "Server-Side Request Forgery (SSRF)",
                            "occurrence": {
                                "critical": 0,
                                "major": 0,
                                "minor": 0,
                                "total": 0
                            }
                        }
                    ]
                }
            }
        }
    }
}

Fetching the OWASP Top 10 report for an account

Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with an Account.

Sample Request

query (
    $login: String!
    $vcsProvider: VCSProvider!
    $startDate: Date!
    $endDate: Date!
) {
    account(login: $login, vcsProvider: $vcsProvider) {
        reports {
            owaspTop10 {
                key
                title
                currentValue
                status
                values(startDate: $startDate, endDate: $endDate) {
                    date
                    values {
                        key
                        value
                    }
                }
                trends {
                    label
                    value
                    changePercentage
                }
                securityIssueStats {
                    key
                    title
                    occurrence {
                        critical
                        major
                        minor
                        total
                    }
                }
            }
        }
    }
}

Sample Response

{
    "data": {
        "account": {
            "reports": {
                "owaspTop10": {
                    "key": "OWASP_TOP_10",
                    "title": "OWASP Top 10",
                    "currentValue": 144,
                    "status": "FAILING",
                    "values": [
                        {
                            "date": "2022-12-09",
                            "values": [
                                {
                                    "key": "count",
                                    "value": 144
                                }
                            ]
                        },
                        {
                            "date": "2022-12-10",
                            "values": [
                                {
                                    "key": "count",
                                    "value": 144
                                }
                            ]
                        },
                        {
                            "date": "2022-12-11",
                            "values": [
                                {
                                    "key": "count",
                                    "value": 144
                                }
                            ]
                        },
                        {
                            "date": "2022-12-12",
                            "values": [
                                {
                                    "key": "count",
                                    "value": 144
                                }
                            ]
                        }
                    ],
                    "trends": [
                        {
                            "label": "1 Month Ago",
                            "value": 35,
                            "changePercentage": 311.0
                        },
                        {
                            "label": "3 Months Ago",
                            "value": 35,
                            "changePercentage": 311.0
                        },
                        {
                            "label": "6 Months Ago",
                            "value": 22,
                            "changePercentage": 554.0
                        },
                        {
                            "label": "12 Months Ago",
                            "value": null,
                            "changePercentage": null
                        }
                    ],
                    "securityIssueStats": [
                        {
                            "key": "A01",
                            "title": "Broken Access Control",
                            "occurrence": {
                                "critical": 2,
                                "major": 28,
                                "minor": 2,
                                "total": 32
                            }
                        },
                        {
                            "key": "A02",
                            "title": "Cryptographic Failures",
                            "occurrence": {
                                "critical": 3,
                                "major": 8,
                                "minor": 8,
                                "total": 19
                            }
                        },
                        {
                            "key": "A03",
                            "title": "Injection",
                            "occurrence": {
                                "critical": 1,
                                "major": 37,
                                "minor": 1,
                                "total": 39
                            }
                        },
                        {
                            "key": "A04",
                            "title": "Insecure Design",
                            "occurrence": {
                                "critical": 0,
                                "major": 9,
                                "minor": 0,
                                "total": 9
                            }
                        },
                        {
                            "key": "A05",
                            "title": "Security Misconfiguration",
                            "occurrence": {
                                "critical": 1,
                                "major": 11,
                                "minor": 8,
                                "total": 20
                            }
                        },
                        {
                            "key": "A06",
                            "title": "Vulnerable and Outdate components",
                            "occurrence": {
                                "critical": 0,
                                "major": 6,
                                "minor": 0,
                                "total": 6
                            }
                        },
                        {
                            "key": "A07",
                            "title": "Identification and Authentication Failures",
                            "occurrence": {
                                "critical": 0,
                                "major": 2,
                                "minor": 0,
                                "total": 2
                            }
                        },
                        {
                            "key": "A08",
                            "title": "Software and Data Integrity Failures",
                            "occurrence": {
                                "critical": 0,
                                "major": 0,
                                "minor": 0,
                                "total": 0
                            }
                        },
                        {
                            "key": "A09",
                            "title": "Security Logging and Monitoring Failures",
                            "occurrence": {
                                "critical": 63,
                                "major": 0,
                                "minor": 0,
                                "total": 63
                            }
                        },
                        {
                            "key": "A10",
                            "title": "Server-Side Request Forgery (SSRF)",
                            "occurrence": {
                                "critical": 0,
                                "major": 0,
                                "minor": 0,
                                "total": 0
                            }
                        }
                    ]
                }
            }
        }
    }
}

Fetching a report for a repository [Deprecated]

Query:repository:report field is deprecated in favor of Query:repository:reports field.

Query:repository:report Query for fetching a report associated with a Repository.

Sample Request

query($name: String!, $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
    repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
        report(key: $reportKey) {
            key
            title
            currentValue
            status
            historicalValues(startDate:$startDate, endDate:$endDate) {
                date
                values {
                    key
                    value
                }
            }
            trends {
                label
                value
                rate
            }

            ... on ComplianceReport {
                complianceIssueStats {
                    key
                    title
                    occurrence {
                        critical
                        major
                        minor
                        total
                    }
                }
            }

            ... on IssueDistributionReport {
                issueDistributionByAnalyzer {
                    key
                    value
                }
                issueDistributionByCategory {
                    key
                    value
                }
            }
        }
    }
}

Sample Response

{
  "data": {
    "repository": {
      "report": {
        "key": "OWASP_TOP_10",
        "title": "OWASP Top 10",
        "currentValue": 15,
        "status": "FAILING",
        "historicalValues": [
          {
            "date": "2022-07-01",
            "values": [
              {
                "key": "count",
                "value": 15
              }
            ]
          }
        ],
        "trends": [
          {
            "label": "1 Month Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "3 Months Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "6 Months Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "12 Months Ago",
            "value": null,
            "rate": null
          }
        ],
        "complianceIssueStats": [
          {
            "key": "A01",
            "title": "Broken Access Control",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          },
          {
            "key": "A02",
            "title": "Cryptographic Failures",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 3,
              "total": 3
            }
          },
          {
            "key": "A03",
            "title": "Injection",
            "occurrence": {
              "critical": 0,
              "major": 3,
              "minor": 0,
              "total": 3
            }
          },
          {
            "key": "A04",
            "title": "Insecure Design",
            "occurrence": {
              "critical": 0,
              "major": 8,
              "minor": 0,
              "total": 8
            }
          },
          {
            "key": "A05",
            "title": "Security Misconfiguration",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 3,
              "total": 3
            }
          },
          {
            "key": "A06",
            "title": "Vulnerable and Outdate components",
            "occurrence": {
              "critical": 0,
              "major": 3,
              "minor": 0,
              "total": 3
            }
          },
          {
            "key": "A07",
            "title": "Identification and Authentication Failures",
            "occurrence": {
              "critical": 0,
              "major": 1,
              "minor": 0,
              "total": 1
            }
          },
          {
            "key": "A08",
            "title": "Software and Data Integrity Failures",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          },
          {
            "key": "A09",
            "title": "Security Logging and Monitoring Failures",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          },
          {
            "key": "A10",
            "title": "Server-Side Request Forgery (SSRF)",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          }
        ]
      }
    }
  }
}

Fetching a report for an account [Deprecated]

Query:account:report field is deprecated in favor of Query:account:reports field.

Query:account:report Query for fetching a report associated with an Account.

Sample Request

query( $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
    account( login: $login, vcsProvider: $vcsProvider) {
        report(key: $reportKey) {
            key
            title
            currentValue
            status
            historicalValues(startDate:$startDate, endDate:$endDate) {
                date
                values {
                    key
                    value
                }
            }
            trends {
                label
                value
                rate
            }

            ... on ComplianceReport {
                complianceIssueStats {
                    key
                    title
                    occurrence {
                        critical
                        major
                        minor
                        total
                    }
                }
            }

            ... on IssueDistributionReport {
                issueDistributionByAnalyzer {
                    key
                    value
                }
                issueDistributionByCategory {
                    key
                    value
                }
            }
        }
    }
}

Sample Response

{
  "data": {
    "account": {
      "report": {
        "key": "OWASP_TOP_10",
        "title": "OWASP Top 10",
        "currentValue": 138,
        "status": "FAILING",
        "historicalValues": [
          {
            "date": "2022-07-01",
            "values": [
              {
                "key": "count",
                "value": 138
              }
            ]
          }
        ],
        "trends": [
          {
            "label": "1 Month Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "3 Months Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "6 Months Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "12 Months Ago",
            "value": null,
            "rate": null
          }
        ],
        "complianceIssueStats": [
          {
            "key": "A01",
            "title": "Broken Access Control",
            "occurrence": {
              "critical": 1,
              "major": 16,
              "minor": 2,
              "total": 19
            }
          },
          {
            "key": "A02",
            "title": "Cryptographic Failures",
            "occurrence": {
              "critical": 2,
              "major": 7,
              "minor": 8,
              "total": 17
            }
          },
          {
            "key": "A03",
            "title": "Injection",
            "occurrence": {
              "critical": 2,
              "major": 25,
              "minor": 2,
              "total": 29
            }
          },
          {
            "key": "A04",
            "title": "Insecure Design",
            "occurrence": {
              "critical": 0,
              "major": 13,
              "minor": 0,
              "total": 13
            }
          },
          {
            "key": "A05",
            "title": "Security Misconfiguration",
            "occurrence": {
              "critical": 2,
              "major": 11,
              "minor": 8,
              "total": 21
            }
          },
          {
            "key": "A06",
            "title": "Vulnerable and Outdate components",
            "occurrence": {
              "critical": 0,
              "major": 6,
              "minor": 0,
              "total": 6
            }
          },
          {
            "key": "A07",
            "title": "Identification and Authentication Failures",
            "occurrence": {
              "critical": 0,
              "major": 2,
              "minor": 0,
              "total": 2
            }
          },
          {
            "key": "A08",
            "title": "Software and Data Integrity Failures",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          },
          {
            "key": "A09",
            "title": "Security Logging and Monitoring Failures",
            "occurrence": {
              "critical": 63,
              "major": 0,
              "minor": 0,
              "total": 63
            }
          },
          {
            "key": "A10",
            "title": "Server-Side Request Forgery (SSRF)",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          }
        ]
      }
    }
  }
}

Objects

AccountReportsNamespace

A namespace containing all the reports available in an Account.

Field Type Description
owaspTop10 OwaspTop10Report! The OWASP Top 10 report for an account.
sansTop25 SansTop25Report! The SANS Top 25 report for an account.
codeCoverage CodeCoverageReport! The Code Coverage report for an account.
codeHealthTrend CodeHealthTrendReport! The Code Health Trend report for an account.
issueDistribution IssueDistributionReport! The Issue Distribution report for an account.
issuesPrevented IssuesPreventedReport! The Issues Prevented report for an account.
issuesAutofixed IssuesAutofixedReport! The Issues Autofixed report for an account.

RepositoryReportsNamespace

A namespace containing all the reports available in a Repository.

Field Type Description
owaspTop10 OwaspTop10Report! The OWASP Top 10 report for a repository.
sansTop25 SansTop25Report! The SANS Top 25 report for a repository.
codeHealthTrend CodeHealthTrendReport! The Code Health Trend report for a repository.
issueDistribution IssueDistributionReport! The Issue Distribution report for a repository.
issuesPrevented IssuesPreventedReport! The Issues Prevented report for a repository.
issuesAutofixed IssuesAutofixedReport! The Issues Autofixed report for a repository.

OwaspTop10Report

Represents the OWASP Top 10 report.

Field Type Description
key ReportKey! An enum that uniquely identifies a report.
title String! The title of the report.
currentValue Int The current value of the reported statistic.
values [ReportValueItem]! The values of the report between the given start and end dates.
startDate Date! The start date for the values.
endDate Date! The end date for the values.
trends [Trend]! The trends across 1 month, 3 month, 6 month and 12 months.
status ReportStatus! The status of the report.
securityIssueStats [SecurityIssueStat]! This contains all data regarding the occurrences of the compliance issues.

SansTop25Report

Represents the SANS Top 25 report.

Field Type Description
key ReportKey! An enum that uniquely identifies a report.
title String! The title of the report.
currentValue Int The current value of the reported statistic.
values [ReportValueItem]! The values of the report between the given start and end dates.
startDate Date! The start date for the values.
endDate Date! The end date for the values.
trends [Trend]! The trends across 1 month, 3 month, 6 month and 12 months.
status ReportStatus! The status of the report.
securityIssueStats [SecurityIssueStat]! This contains all data regarding the occurrences of the compliance issues.

CodeCoverageReport

Represents the Code Coverage report.

Field Type Description
key ReportKey! An enum that uniquely identifies a report.
title String! The title of the report.
repositories CodeCoverageReportRepositoryConnection The list of repositories along with their code coverage metric values.
q String The query param to search the repositories by name.
sortKey CodeCoverageReportRepositorySortKey An enum to sort the list of repositories by.
offset Int The count of repositories to skip.
before String A cursor to be used with last for backward pagination.
after String The number of items to forward paginate.
last Int The number of items to backward paginate.

CodeHealthTrendReport

Represents the Code Health Trend report.

Field Type Description
key ReportKey! An enum that uniquely identifies a report.
title String! The title of the report.
currentValue Int The current value of the reported statistic.
values [ReportValueItem]! The values of the report between the given start and end dates.
startDate Date! The start date for the values.
endDate Date! The end date for the values.
trends [Trend]! The trends across 1 month, 3 month, 6 month and 12 months.

IssueDistributionReport

Represents the Issue Distribution report.

Field Type Description
key ReportKey! An enum that uniquely identifies a report.
title String! The title of the report.
currentValue Int The current value of the reported statistic.
values [ReportValueItem]! The values of the report between the given start and end dates.
startDate Date! The start date for the values.
endDate Date! The end date for the values.
trends [Trend]! The trends across 1 month, 3 month, 6 month and 12 months.
issueDistributionByAnalyzer IssueDistribution! Distribution of issues by analyzer.
issueDistributionByCategory IssueDistribution! Distribution of issues by category.

IssuesPreventedReport

Represents the Issues Prevented report.

Field Type Description
key ReportKey! An enum that uniquely identifies a report.
title String! The title of the report.
currentValue Int The current value of the reported statistic.
values [ReportValueItem]! The values of the report between the given start and end dates.
startDate Date! The start date for the values.
endDate Date! The end date for the values.
trends [Trend]! The trends across 1 month, 3 month, 6 month and 12 months.
issueDistributionByAnalyzer IssueDistribution! Distribution of issues by analyzer.
issueDistributionByCategory IssueDistribution! Distribution of issues by category.

IssuesAutofixedReport

Represents the Issues Autofixed report.

Field Type Description
key ReportKey! An enum that uniquely identifies a report.
title String! The title of the report.
currentValue Int The current value of the reported statistic.
values [ReportValueItem]! The values of the report between the given start and end dates.
startDate Date! The start date for the values.
endDate Date! The end date for the values.
trends [Trend]! The trends across 1 month, 3 month, 6 month and 12 months.

ReportValueItem

Represents the list of values recorded for a report on a specific date.

Field Type Description
date Date! The date the values were recorded on.
values ReportValue The list of values recorded.

ReportValue

Represents a recorded value in a report.

Field Type Description
key String! The key to identify the recorded value
value Int The recorded value.

IssueDistribution

Field Type Description
key String! Key representing the category/type of issue.
value Int! Number of issues in the category/type of issue.

SecurityIssueStat

Field Type Description
key String! The key of the security issue.
title String! Title of the security issue.
occurrence SeverityDistribution! Denotes the count of occurrences of various security issues.

SeverityDistribution

Field Type Description
critical Int Number of security issues categorized as critical.
major Int Number of security issues categorized as major.
minor Int Number of security issues categorized as minor.
major Int! Total number of security issues.

CodeCoverageReportRepositoryConnection

Field Type Description
pageInfo PageInfo! Pagination data for this connection.
edges [CodeCoverageReportRepositoryEdge]! Contains the nodes in this connection.
totalCount Int The total count of the nodes.

CodeCoverageReportRepositoryEdge

Field Type Description
node CodeCoverageReportRepository The CodeCoverageReportRepository object.
cursor [String]! The cursor to be used for pagination.

CodeCoverageReportRepository

Field Type Description
name [String]! The name of the repository.
id [ID]! The ID of the repository.
lcvMetricValue [Float] The LCV metric value for the repository.
bcvMetricValue [Float] The BCV metric value for the repository.
isLcvPassing [Boolean] Whether the LCV value is passing the threshold set for the metric.
isBcvPassing [Boolean] Whether the BCV value is passing the threshold set for the metric.

Trend

Compares the report value across different time periods.

Field Type Description
label String! A label for the trend. For example: "1 Month Ago"
value Int! The value of the trend.
changePercentage Float! The rate of change compared to the current value.

Deprecated

The following GraphQL interfaces & objects have been deprecated and will be removed soon.

Interfaces

Report

Represents the report associated with an Account or Repository.

Field Type Description
key ReportKey! This is an enum that is used to uniquely identify a report.
title String! Title of the report.
currentValue Int! The current value of the reported statistic.
historicalValues [HistoricalValueItem]! The historical data of the report.
startDate Date! The start date for the historical values.
endDate Date! The end date for the historical values.
trends [Trend]! The trends across 1 month, 3 month, 6 month and 12 months.

Objects

ComplianceReport

Represents a compliance report. Currently there are two compliance reports - OWASP_TOP_10 and SANS_TOP_25.

Implements the Report interface.

Field Type Description
key ReportKey! This is an enum that is used to uniquely identify a report.
title String! Title of the report.
currentValue Int! The current value of the reported statistic.
historicalValues [HistoricalValueItem]! The historical data of the report.
startDate Date! The start date for the historical values.
endDate Date! The end date for the historical values.
trends [Trend]! The trends across 1 month, 3 month, 6 month and 12 months.
complianceIssueStats [ComplianceIssueStat]! This contains all data regarding the occurrences of the compliance issues.

ComplianceIssueStat

Field Type Description
key String! The key of the compliance issue.
title String! Title of the compliance issue.
occurrence ComplianceIssueOccurrenceCount! Denotes the count of occurences of various compliance issues.

ComplianceIssueOccurrenceCount

Field Type Description
critical Int Number of compliance issues categorized as critical.
major Int Number of compliance issues categorized as major.
minor Int Number of compliance issues categorized as minor.
major Int! Total number of compliance issues.

HistoricalValue

Field Type Description
key String! The key to uniquely identify the recorded value.
value Int! The value of the recorded value.

HistoricalValueItem

Field Type Description
date Date! Date of the recorded value.
values [HistoricalValue]! A list of values recorded on the associated date.