Reports
You can query for a report associated with an Account or a Repository. You can do so by querying for the reports field in the Account or Repository objects. Account.reports contains all the reports available for an Account. Repository.reports contains all the reports available for a Repository.
Fetching the OWASP Top 10 report for a repository
Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with a Repository.
Sample Request
query (
$name: String!
$login: String!
$vcsProvider: VCSProvider!
$startDate: Date!
$endDate: Date!
) {
repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
reports {
owaspTop10 {
key
title
currentValue
status
values(startDate: $startDate, endDate: $endDate) {
date
values {
key
value
}
}
trends {
label
value
changePercentage
}
securityIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
}
}
}
Sample Response
{
"data": {
"repository": {
"reports": {
"owaspTop10": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 12,
"status": "FAILING",
"values": [
{
"date": "2022-12-09",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-10",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-11",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-12",
"values": [
{
"key": "count",
"value": 12
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": 13,
"changePercentage": -7.0
},
{
"label": "3 Months Ago",
"value": 14,
"changePercentage": -14.0
},
{
"label": "6 Months Ago",
"value": 14,
"changePercentage": -14.0
},
{
"label": "12 Months Ago",
"value": null,
"changePercentage": null
}
],
"securityIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 1,
"minor": 0,
"total": 1
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
}
Fetching the OWASP Top 10 report for an account
Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with an Account.
Sample Request
query (
$login: String!
$vcsProvider: VCSProvider!
$startDate: Date!
$endDate: Date!
) {
account(login: $login, vcsProvider: $vcsProvider) {
reports {
owaspTop10 {
key
title
currentValue
status
values(startDate: $startDate, endDate: $endDate) {
date
values {
key
value
}
}
trends {
label
value
changePercentage
}
securityIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
}
}
}
Sample Response
{
"data": {
"account": {
"reports": {
"owaspTop10": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 144,
"status": "FAILING",
"values": [
{
"date": "2022-12-09",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-10",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-11",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-12",
"values": [
{
"key": "count",
"value": 144
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": 35,
"changePercentage": 311.0
},
{
"label": "3 Months Ago",
"value": 35,
"changePercentage": 311.0
},
{
"label": "6 Months Ago",
"value": 22,
"changePercentage": 554.0
},
{
"label": "12 Months Ago",
"value": null,
"changePercentage": null
}
],
"securityIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 2,
"major": 28,
"minor": 2,
"total": 32
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 3,
"major": 8,
"minor": 8,
"total": 19
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 1,
"major": 37,
"minor": 1,
"total": 39
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 9,
"minor": 0,
"total": 9
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 1,
"major": 11,
"minor": 8,
"total": 20
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 63,
"major": 0,
"minor": 0,
"total": 63
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
}
Fetching a report for a repository [Deprecated]
Query:repository:reportfield is deprecated in favor ofQuery:repository:reportsfield.
Query:repository:report Query for fetching a report associated with a Repository.
Sample Request
query($name: String!, $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
report(key: $reportKey) {
key
title
currentValue
status
historicalValues(startDate:$startDate, endDate:$endDate) {
date
values {
key
value
}
}
trends {
label
value
rate
}
... on ComplianceReport {
complianceIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
... on IssueDistributionReport {
issueDistributionByAnalyzer {
key
value
}
issueDistributionByCategory {
key
value
}
}
}
}
}
Sample Response
{
"data": {
"repository": {
"report": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 15,
"status": "FAILING",
"historicalValues": [
{
"date": "2022-07-01",
"values": [
{
"key": "count",
"value": 15
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": null,
"rate": null
},
{
"label": "3 Months Ago",
"value": null,
"rate": null
},
{
"label": "6 Months Ago",
"value": null,
"rate": null
},
{
"label": "12 Months Ago",
"value": null,
"rate": null
}
],
"complianceIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 8,
"minor": 0,
"total": 8
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 1,
"minor": 0,
"total": 1
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
Fetching a report for an account [Deprecated]
Query:account:reportfield is deprecated in favor ofQuery:account:reportsfield.
Query:account:report Query for fetching a report associated with an Account.
Sample Request
query( $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
account( login: $login, vcsProvider: $vcsProvider) {
report(key: $reportKey) {
key
title
currentValue
status
historicalValues(startDate:$startDate, endDate:$endDate) {
date
values {
key
value
}
}
trends {
label
value
rate
}
... on ComplianceReport {
complianceIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
... on IssueDistributionReport {
issueDistributionByAnalyzer {
key
value
}
issueDistributionByCategory {
key
value
}
}
}
}
}
Sample Response
{
"data": {
"account": {
"report": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 138,
"status": "FAILING",
"historicalValues": [
{
"date": "2022-07-01",
"values": [
{
"key": "count",
"value": 138
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": null,
"rate": null
},
{
"label": "3 Months Ago",
"value": null,
"rate": null
},
{
"label": "6 Months Ago",
"value": null,
"rate": null
},
{
"label": "12 Months Ago",
"value": null,
"rate": null
}
],
"complianceIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 1,
"major": 16,
"minor": 2,
"total": 19
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 2,
"major": 7,
"minor": 8,
"total": 17
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 2,
"major": 25,
"minor": 2,
"total": 29
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 13,
"minor": 0,
"total": 13
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 2,
"major": 11,
"minor": 8,
"total": 21
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 63,
"major": 0,
"minor": 0,
"total": 63
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
Objects
AccountReportsNamespace
A namespace containing all the reports available in an Account.
| Field | Type | Description |
|---|---|---|
| owaspTop10 | OwaspTop10Report! | The OWASP Top 10 report for an account. |
| sansTop25 | SansTop25Report! | The SANS Top 25 report for an account. |
| codeCoverage | CodeCoverageReport! | The Code Coverage report for an account. |
| codeHealthTrend | CodeHealthTrendReport! | The Code Health Trend report for an account. |
| issueDistribution | IssueDistributionReport! | The Issue Distribution report for an account. |
| issuesPrevented | IssuesPreventedReport! | The Issues Prevented report for an account. |
| issuesAutofixed | IssuesAutofixedReport! | The Issues Autofixed report for an account. |
RepositoryReportsNamespace
A namespace containing all the reports available in a Repository.
| Field | Type | Description |
|---|---|---|
| owaspTop10 | OwaspTop10Report! | The OWASP Top 10 report for a repository. |
| sansTop25 | SansTop25Report! | The SANS Top 25 report for a repository. |
| codeHealthTrend | CodeHealthTrendReport! | The Code Health Trend report for a repository. |
| issueDistribution | IssueDistributionReport! | The Issue Distribution report for a repository. |
| issuesPrevented | IssuesPreventedReport! | The Issues Prevented report for a repository. |
| issuesAutofixed | IssuesAutofixedReport! | The Issues Autofixed report for a repository. |
OwaspTop10Report
Represents the OWASP Top 10 report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| status | ReportStatus! | The status of the report. |
| securityIssueStats | [SecurityIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
SansTop25Report
Represents the SANS Top 25 report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| status | ReportStatus! | The status of the report. |
| securityIssueStats | [SecurityIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
CodeCoverageReport
Represents the Code Coverage report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| repositories | CodeCoverageReportRepositoryConnection | The list of repositories along with their code coverage metric values. |
| q | String | The query param to search the repositories by name. |
| sortKey | CodeCoverageReportRepositorySortKey | An enum to sort the list of repositories by. |
| offset | Int | The count of repositories to skip. |
| before | String | A cursor to be used with last for backward pagination. |
| after | String | The number of items to forward paginate. |
| last | Int | The number of items to backward paginate. |
CodeHealthTrendReport
Represents the Code Health Trend report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
IssueDistributionReport
Represents the Issue Distribution report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| issueDistributionByAnalyzer | IssueDistribution! | Distribution of issues by analyzer. |
| issueDistributionByCategory | IssueDistribution! | Distribution of issues by category. |
IssuesPreventedReport
Represents the Issues Prevented report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| issueDistributionByAnalyzer | IssueDistribution! | Distribution of issues by analyzer. |
| issueDistributionByCategory | IssueDistribution! | Distribution of issues by category. |
IssuesAutofixedReport
Represents the Issues Autofixed report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
ReportValueItem
Represents the list of values recorded for a report on a specific date.
| Field | Type | Description |
|---|---|---|
| date | Date! | The date the values were recorded on. |
| values | ReportValue | The list of values recorded. |
ReportValue
Represents a recorded value in a report.
IssueDistribution
SecurityIssueStat
| Field | Type | Description |
|---|---|---|
| key | String! | The key of the security issue. |
| title | String! | Title of the security issue. |
| occurrence | SeverityDistribution! | Denotes the count of occurrences of various security issues. |
SeverityDistribution
CodeCoverageReportRepositoryConnection
| Field | Type | Description |
|---|---|---|
| pageInfo | PageInfo! | Pagination data for this connection. |
| edges | [CodeCoverageReportRepositoryEdge]! | Contains the nodes in this connection. |
| totalCount | Int | The total count of the nodes. |
CodeCoverageReportRepositoryEdge
| Field | Type | Description |
|---|---|---|
| node | CodeCoverageReportRepository |
The CodeCoverageReportRepository object.
|
| cursor | [String]! | The cursor to be used for pagination. |
CodeCoverageReportRepository
| Field | Type | Description |
|---|---|---|
| name | [String]! | The name of the repository. |
| id | [ID]! | The ID of the repository. |
| lcvMetricValue | [Float] | The LCV metric value for the repository. |
| bcvMetricValue | [Float] | The BCV metric value for the repository. |
| isLcvPassing | [Boolean] | Whether the LCV value is passing the threshold set for the metric. |
| isBcvPassing | [Boolean] | Whether the BCV value is passing the threshold set for the metric. |
Trend
Compares the report value across different time periods.
Deprecated
The following GraphQL interfaces & objects have been deprecated and will be removed soon.
Interfaces
Report
Represents the report associated with an Account or Repository.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | This is an enum that is used to uniquely identify a report. |
| title | String! | Title of the report. |
| currentValue | Int! | The current value of the reported statistic. |
| historicalValues | [HistoricalValueItem]! | The historical data of the report. |
| startDate | Date! | The start date for the historical values. |
| endDate | Date! | The end date for the historical values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
Objects
ComplianceReport
Represents a compliance report. Currently there are two compliance reports - OWASP_TOP_10 and SANS_TOP_25.
Implements the Report interface.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | This is an enum that is used to uniquely identify a report. |
| title | String! | Title of the report. |
| currentValue | Int! | The current value of the reported statistic. |
| historicalValues | [HistoricalValueItem]! | The historical data of the report. |
| startDate | Date! | The start date for the historical values. |
| endDate | Date! | The end date for the historical values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| complianceIssueStats | [ComplianceIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
ComplianceIssueStat
| Field | Type | Description |
|---|---|---|
| key | String! | The key of the compliance issue. |
| title | String! | Title of the compliance issue. |
| occurrence | ComplianceIssueOccurrenceCount! | Denotes the count of occurences of various compliance issues. |
ComplianceIssueOccurrenceCount
HistoricalValue
HistoricalValueItem
| Field | Type | Description |
|---|---|---|
| date | Date! | Date of the recorded value. |
| values | [HistoricalValue]! | A list of values recorded on the associated date. |
Updated 12 months ago