Skip to main content
GET
/
v2
/
semgrep
/
issues
/
component
Get potential security issues associated with a single component This is the current method that accepts ComponentRequest for enhanced component identification Replaces the deprecated GetIssues method for single component queries
curl --request GET \
  --url https://api.example.com/v2/semgrep/issues/component
{
  "component": {
    "purl": "pkg:maven/org.apache.commons/commons-lang3",
    "version": "3.12.0",
    "requirement": "3.12.0",
    "files": [
      {
        "fileMD5": "a1b2c3d4e5f6",
        "path": "src/main/java/org/apache/commons/lang3/StringUtils.java",
        "issues": [
          {
            "ruleID": "java.lang.security.audit.sql-injection.sql-injection",
            "from": "284",
            "to": "286",
            "severity": "ERROR"
          }
        ]
      }
    ]
  },
  "status": {
    "status": "SUCCESS",
    "message": "Security analysis completed successfully"
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt

Use this file to discover all available pages before exploring further.

Query Parameters

purl
string
required

Package URL identifying the component to analyze.

requirement
string

Version constraint for component resolution when PURL lacks explicit version.

Response

A successful response.

Component issue response data (JSON payload) Contains security issues detected by Semgrep analysis for a single component. This is the current response format that replaces the deprecated SemgrepResponse.

component
Information about a component and its security issues · object
status
object

Detailed response details.