Skip to main content
GET
/
v2
/
semgrep
/
issues
/
component
Get potential security issues associated with a single component This is the current method that accepts ComponentRequest for enhanced component identification Replaces the deprecated GetIssues method for single component queries
curl --request GET \
  --url https://api.example.com/v2/semgrep/issues/component
{
  "component": {
    "purl": "pkg:maven/org.apache.commons/commons-lang3",
    "version": "3.12.0",
    "requirement": "3.12.0",
    "files": [
      {
        "fileMD5": "a1b2c3d4e5f6",
        "path": "src/main/java/org/apache/commons/lang3/StringUtils.java",
        "issues": [
          {
            "ruleID": "java.lang.security.audit.sql-injection.sql-injection",
            "from": "284",
            "to": "286",
            "severity": "ERROR"
          }
        ]
      }
    ]
  },
  "status": {
    "status": "SUCCESS",
    "message": "Security analysis completed successfully"
  }
}

Query Parameters

purl
string
required

Package URL identifying the component to analyze.

requirement
string

Version constraint for component resolution when PURL lacks explicit version.

Response

A successful response.

Component issue response data (JSON payload) Contains security issues detected by Semgrep analysis for a single component. This is the current response format that replaces the deprecated SemgrepResponse.

component
Information about a component and its security issues · object
status
object

Detailed response details.