Skip to main content

Fetching the OWASP Top 10 report for a repository

Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with a Repository.

Sample Request

query (
 	$name: String!
 	$login: String!
 	$vcsProvider: VCSProvider!
 	$startDate: Date!
 	$endDate: Date!
) {
 	repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
		reports {
 			owaspTop10 {
				key
				title
				currentValue
				status
				values(startDate: $startDate, endDate: $endDate) {
 					date
 					values {
						key
						value
 					}
				}
				trends {
 					label
 					value
 					changePercentage
				}
				securityIssueStats {
 					key
 					title
 					occurrence {
						critical
						major
						minor
						total
 					}
				}
 			}
		}
 	}
}

Sample Response

{
 	"data": {
		"repository": {
 			"reports": {
				"owaspTop10": {
 					"key": "OWASP_TOP_10",
 					"title": "OWASP Top 10",
 					"currentValue": 12,
 					"status": "FAILING",
 					"values": [
						{
 							"date": "2022-12-09",
 							"values": [
								{
 									"key": "count",
 									"value": 12
								}
 							]
						},
						{
 							"date": "2022-12-10",
 							"values": [
								{
 									"key": "count",
 									"value": 12
								}
 							]
						},
						{
 							"date": "2022-12-11",
 							"values": [
								{
 									"key": "count",
 									"value": 12
								}
 							]
						},
						{
 							"date": "2022-12-12",
 							"values": [
								{
 									"key": "count",
 									"value": 12
								}
 							]
						}
 					],
 					"trends": [
						{
 							"label": "1 Month Ago",
 							"value": 13,
 							"changePercentage": -7.0
						},
						{
 							"label": "3 Months Ago",
 							"value": 14,
 							"changePercentage": -14.0
						},
						{
 							"label": "6 Months Ago",
 							"value": 14,
 							"changePercentage": -14.0
						},
						{
 							"label": "12 Months Ago",
 							"value": null,
 							"changePercentage": null
						}
 					],
 					"securityIssueStats": [
						{
 							"key": "A01",
 							"title": "Broken Access Control",
 							"occurrence": {
								"critical": 0,
								"major": 0,
								"minor": 0,
								"total": 0
 							}
						},
						{
 							"key": "A02",
 							"title": "Cryptographic Failures",
 							"occurrence": {
								"critical": 0,
								"major": 0,
								"minor": 3,
								"total": 3
 							}
						},
						{
 							"key": "A03",
 							"title": "Injection",
 							"occurrence": {
								"critical": 0,
								"major": 2,
								"minor": 0,
								"total": 2
 							}
						},
						{
 							"key": "A04",
 							"title": "Insecure Design",
 							"occurrence": {
								"critical": 0,
								"major": 6,
								"minor": 0,
								"total": 6
 							}
						},
						{
 							"key": "A05",
 							"title": "Security Misconfiguration",
 							"occurrence": {
								"critical": 0,
								"major": 0,
								"minor": 3,
								"total": 3
 							}
						},
						{
 							"key": "A06",
 							"title": "Vulnerable and Outdate components",
 							"occurrence": {
								"critical": 0,
								"major": 3,
								"minor": 0,
								"total": 3
 							}
						},
						{
 							"key": "A07",
 							"title": "Identification and Authentication Failures",
 							"occurrence": {
								"critical": 0,
								"major": 1,
								"minor": 0,
								"total": 1
 							}
						},
						{
 							"key": "A08",
 							"title": "Software and Data Integrity Failures",
 							"occurrence": {
								"critical": 0,
								"major": 0,
								"minor": 0,
								"total": 0
 							}
						},
						{
 							"key": "A09",
 							"title": "Security Logging and Monitoring Failures",
 							"occurrence": {
								"critical": 0,
								"major": 0,
								"minor": 0,
								"total": 0
 							}
						},
						{
 							"key": "A10",
 							"title": "Server-Side Request Forgery (SSRF)",
 							"occurrence": {
								"critical": 0,
								"major": 0,
								"minor": 0,
								"total": 0
 							}
						}
 					]
				}
 			}
		}
 	}
}

Fetching the OWASP Top 10 report for an account

Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with an Account.

Sample Request

query (
 	$login: String!
 	$vcsProvider: VCSProvider!
 	$startDate: Date!
 	$endDate: Date!
) {
 	account(login: $login, vcsProvider: $vcsProvider) {
		reports {
 			owaspTop10 {
				key
				title
				currentValue
				status
				values(startDate: $startDate, endDate: $endDate) {
 					date
 					values {
						key
						value
 					}
				}
				trends {
 					label
 					value
 					changePercentage
				}
				securityIssueStats {
 					key
 					title
 					occurrence {
						critical
						major
						minor
						total
 					}
				}
 			}
		}
 	}
}

Sample Response

{
 	"data": {
		"account": {
 			"reports": {
				"owaspTop10": {
 					"key": "OWASP_TOP_10",
 					"title": "OWASP Top 10",
 					"currentValue": 144,
 					"status": "FAILING",
 					"values": [
						{
 							"date": "2022-12-09",
 							"values": [
								{
 									"key": "count",
 									"value": 144
								}
 							]
						},
						{
 							"date": "2022-12-10",
 							"values": [
								{
 									"key": "count",
 									"value": 144
								}
 							]
						},
						{
 							"date": "2022-12-11",
 							"values": [
								{
 									"key": "count",
 									"value": 144
								}
 							]
						},
						{
 							"date": "2022-12-12",
 							"values": [
								{
 									"key": "count",
 									"value": 144
								}
 							]
						}
 					],
 					"trends": [
						{
 							"label": "1 Month Ago",
 							"value": 35,
 							"changePercentage": 311.0
						},
						{
 							"label": "3 Months Ago",
 							"value": 35,
 							"changePercentage": 311.0
						},
						{
 							"label": "6 Months Ago",
 							"value": 22,
 							"changePercentage": 554.0
						},
						{
 							"label": "12 Months Ago",
 							"value": null,
 							"changePercentage": null
						}
 					],
 					"securityIssueStats": [
						{
 							"key": "A01",
 							"title": "Broken Access Control",
 							"occurrence": {
								"critical": 2,
								"major": 28,
								"minor": 2,
								"total": 32
 							}
						},
						{
 							"key": "A02",
 							"title": "Cryptographic Failures",
 							"occurrence": {
								"critical": 3,
								"major": 8,
								"minor": 8,
								"total": 19
 							}
						},
						{
 							"key": "A03",
 							"title": "Injection",
 							"occurrence": {
								"critical": 1,
								"major": 37,
								"minor": 1,
								"total": 39
 							}
						},
						{
 							"key": "A04",
 							"title": "Insecure Design",
 							"occurrence": {
								"critical": 0,
								"major": 9,
								"minor": 0,
								"total": 9
 							}
						},
						{
 							"key": "A05",
 							"title": "Security Misconfiguration",
 							"occurrence": {
								"critical": 1,
								"major": 11,
								"minor": 8,
								"total": 20
 							}
						},
						{
 							"key": "A06",
 							"title": "Vulnerable and Outdate components",
 							"occurrence": {
								"critical": 0,
								"major": 6,
								"minor": 0,
								"total": 6
 							}
						},
						{
 							"key": "A07",
 							"title": "Identification and Authentication Failures",
 							"occurrence": {
								"critical": 0,
								"major": 2,
								"minor": 0,
								"total": 2
 							}
						},
						{
 							"key": "A08",
 							"title": "Software and Data Integrity Failures",
 							"occurrence": {
								"critical": 0,
								"major": 0,
								"minor": 0,
								"total": 0
 							}
						},
						{
 							"key": "A09",
 							"title": "Security Logging and Monitoring Failures",
 							"occurrence": {
								"critical": 63,
								"major": 0,
								"minor": 0,
								"total": 63
 							}
						},
						{
 							"key": "A10",
 							"title": "Server-Side Request Forgery (SSRF)",
 							"occurrence": {
								"critical": 0,
								"major": 0,
								"minor": 0,
								"total": 0
 							}
						}
 					]
				}
 			}
		}
 	}
}

Fetching a report for a repository [Deprecated]

Query:repository:report field is deprecated in favor of Query:repository:reports field.
Query:repository:report Query for fetching a report associated with a Repository.

Sample Request

query($name: String!, $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
    repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
        report(key: $reportKey) {
            key
            title
            currentValue
            status
            historicalValues(startDate:$startDate, endDate:$endDate) {
                date
                values {
                    key
                    value
                }
            }
            trends {
                label
                value
                rate
            }

            ... on ComplianceReport {
                complianceIssueStats {
                    key
                    title
                    occurrence {
                        critical
                        major
                        minor
                        total
                    }
                }
            }

            ... on IssueDistributionReport {
                issueDistributionByAnalyzer {
                    key
                    value
                }
                issueDistributionByCategory {
                    key
                    value
                }
            }
        }
    }
}

Sample Response

{
  "data": {
    "repository": {
      "report": {
        "key": "OWASP_TOP_10",
        "title": "OWASP Top 10",
        "currentValue": 15,
        "status": "FAILING",
        "historicalValues": [
          {
            "date": "2022-07-01",
            "values": [
              {
                "key": "count",
                "value": 15
              }
            ]
          }
        ],
        "trends": [
          {
            "label": "1 Month Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "3 Months Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "6 Months Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "12 Months Ago",
            "value": null,
            "rate": null
          }
        ],
        "complianceIssueStats": [
          {
            "key": "A01",
            "title": "Broken Access Control",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          },
          {
            "key": "A02",
            "title": "Cryptographic Failures",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 3,
              "total": 3
            }
          },
          {
            "key": "A03",
            "title": "Injection",
            "occurrence": {
              "critical": 0,
              "major": 3,
              "minor": 0,
              "total": 3
            }
          },
          {
            "key": "A04",
            "title": "Insecure Design",
            "occurrence": {
              "critical": 0,
              "major": 8,
              "minor": 0,
              "total": 8
            }
          },
          {
            "key": "A05",
            "title": "Security Misconfiguration",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 3,
              "total": 3
            }
          },
          {
            "key": "A06",
            "title": "Vulnerable and Outdate components",
            "occurrence": {
              "critical": 0,
              "major": 3,
              "minor": 0,
              "total": 3
            }
          },
          {
            "key": "A07",
            "title": "Identification and Authentication Failures",
            "occurrence": {
              "critical": 0,
              "major": 1,
              "minor": 0,
              "total": 1
            }
          },
          {
            "key": "A08",
            "title": "Software and Data Integrity Failures",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          },
          {
            "key": "A09",
            "title": "Security Logging and Monitoring Failures",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          },
          {
            "key": "A10",
            "title": "Server-Side Request Forgery (SSRF)",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          }
        ]
      }
    }
  }
}

Fetching a report for an account [Deprecated]

Query:account:report field is deprecated in favor of Query:account:reports field.
Query:account:report Query for fetching a report associated with an Account.

Sample Request

query( $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
    account( login: $login, vcsProvider: $vcsProvider) {
        report(key: $reportKey) {
            key
            title
            currentValue
            status
            historicalValues(startDate:$startDate, endDate:$endDate) {
                date
                values {
                    key
                    value
                }
            }
            trends {
                label
                value
                rate
            }

            ... on ComplianceReport {
                complianceIssueStats {
                    key
                    title
                    occurrence {
                        critical
                        major
                        minor
                        total
                    }
                }
            }

            ... on IssueDistributionReport {
                issueDistributionByAnalyzer {
                    key
                    value
                }
                issueDistributionByCategory {
                    key
                    value
                }
            }
        }
    }
}

Sample Response

{
  "data": {
    "account": {
      "report": {
        "key": "OWASP_TOP_10",
        "title": "OWASP Top 10",
        "currentValue": 138,
        "status": "FAILING",
        "historicalValues": [
          {
            "date": "2022-07-01",
            "values": [
              {
                "key": "count",
                "value": 138
              }
            ]
          }
        ],
        "trends": [
          {
            "label": "1 Month Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "3 Months Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "6 Months Ago",
            "value": null,
            "rate": null
          },
          {
            "label": "12 Months Ago",
            "value": null,
            "rate": null
          }
        ],
        "complianceIssueStats": [
          {
            "key": "A01",
            "title": "Broken Access Control",
            "occurrence": {
              "critical": 1,
              "major": 16,
              "minor": 2,
              "total": 19
            }
          },
          {
            "key": "A02",
            "title": "Cryptographic Failures",
            "occurrence": {
              "critical": 2,
              "major": 7,
              "minor": 8,
              "total": 17
            }
          },
          {
            "key": "A03",
            "title": "Injection",
            "occurrence": {
              "critical": 2,
              "major": 25,
              "minor": 2,
              "total": 29
            }
          },
          {
            "key": "A04",
            "title": "Insecure Design",
            "occurrence": {
              "critical": 0,
              "major": 13,
              "minor": 0,
              "total": 13
            }
          },
          {
            "key": "A05",
            "title": "Security Misconfiguration",
            "occurrence": {
              "critical": 2,
              "major": 11,
              "minor": 8,
              "total": 21
            }
          },
          {
            "key": "A06",
            "title": "Vulnerable and Outdate components",
            "occurrence": {
              "critical": 0,
              "major": 6,
              "minor": 0,
              "total": 6
            }
          },
          {
            "key": "A07",
            "title": "Identification and Authentication Failures",
            "occurrence": {
              "critical": 0,
              "major": 2,
              "minor": 0,
              "total": 2
            }
          },
          {
            "key": "A08",
            "title": "Software and Data Integrity Failures",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          },
          {
            "key": "A09",
            "title": "Security Logging and Monitoring Failures",
            "occurrence": {
              "critical": 63,
              "major": 0,
              "minor": 0,
              "total": 63
            }
          },
          {
            "key": "A10",
            "title": "Server-Side Request Forgery (SSRF)",
            "occurrence": {
              "critical": 0,
              "major": 0,
              "minor": 0,
              "total": 0
            }
          }
        ]
      }
    }
  }
}

Objects

AccountReportsNamespace

A namespace containing all the reports available in an Account.
FieldTypeDescription
owaspTop10OwaspTop10Report!The OWASP Top 10 report for a account.
sansTop25SansTop25Report!The SANS Top 25 report for a account.
codeHealthTrendCodeHealthTrendReport!The Code Health Trend report for a account.
issueDistributionIssueDistributionReport!The Issue Distribution report for a account.
issuesPreventedIssuesPreventedReport!The Issues Prevented report for a account.
issuesAutofixedIssuesAutofixedReport!The Issues Autofixed report for a account.

RepositoryReportsNamespace

A namespace containing all the reports available in a Repository.
FieldTypeDescription
owaspTop10OwaspTop10Report!The OWASP Top 10 report for a repository.
sansTop25SansTop25Report!The SANS Top 25 report for a repository.
codeHealthTrendCodeHealthTrendReport!The Code Health Trend report for a repository.
issueDistributionIssueDistributionReport!The Issue Distribution report for a repository.
issuesPreventedIssuesPreventedReport!The Issues Prevented report for a repository.
issuesAutofixedIssuesAutofixedReport!The Issues Autofixed report for a repository.

OwaspTop10Report

Represents the OWASP Top 10 report.
FieldTypeDescription
keyReportKey!An enum that uniquely identifies a report.
titleString!The title of the report.
currentValueIntThe current value of the reported statistic.
values[ReportValueItem]!The values of the report between the given start and end dates.
startDateDate!The start date for the values.
endDateDate!The end date for the values.
trends[Trend]!The trends across 1 month, 3 month, 6 month and 12 months.
statusReportStatus!The status of the report.
securityIssueStats[SecurityIssueStat]!This contains all data regarding the occurrences of the compliance issues.

SansTop25Report

Represents the SANS Top 25 report.
FieldTypeDescription
keyReportKey!An enum that uniquely identifies a report.
titleString!The title of the report.
currentValueIntThe current value of the reported statistic.
values[ReportValueItem]!The values of the report between the given start and end dates.
startDateDate!The start date for the values.
endDateDate!The end date for the values.
trends[Trend]!The trends across 1 month, 3 month, 6 month and 12 months.
statusReportStatus!The status of the report.
securityIssueStats[SecurityIssueStat]!This contains all data regarding the occurrences of the compliance issues.

CodeCoverageReport

Represents the Code Coverage report.
FieldTypeDescription
keyReportKey!An enum that uniquely identifies a report.
titleString!The title of the report.
repositoriesCodeCoverageReportRepositoryConnectionThe list of repositories along with their code coverage metric values.
qStringThe query param to search the repositories by name.
sortKeyCodeCoverageReportRepositorySortKeyAn enum to sort the list of repositories by.
offsetIntThe count of repositories to skip.
beforeStringA cursor to be used with last for backward pagination.
afterStringThe number of items to forward paginate.
lastIntThe number of items to backward paginate.

CodeHealthTrendReport

Represents the Code Health Trend report.
FieldTypeDescription
keyReportKey!An enum that uniquely identifies a report.
titleString!The title of the report.
currentValueIntThe current value of the reported statistic.
values[ReportValueItem]!The values of the report between the given start and end dates.
startDateDate!The start date for the values.
endDateDate!The end date for the values.
trends[Trend]!The trends across 1 month, 3 month, 6 month and 12 months.

IssueDistributionReport

Represents the Issue Distribution report.
FieldTypeDescription
keyReportKey!An enum that uniquely identifies a report.
titleString!The title of the report.
currentValueIntThe current value of the reported statistic.
values[ReportValueItem]!The values of the report between the given start and end dates.
startDateDate!The start date for the values.
endDateDate!The end date for the values.
trends[Trend]!The trends across 1 month, 3 month, 6 month and 12 months.
issueDistributionByAnalyzerIssueDistribution!Distribution of issues by analyzer.
issueDistributionByCategoryIssueDistribution!Distribution of issues by category.

IssuesPreventedReport

Represents the Issues Prevented report.
FieldTypeDescription
keyReportKey!An enum that uniquely identifies a report.
titleString!The title of the report.
currentValueIntThe current value of the reported statistic.
values[ReportValueItem]!The values of the report between the given start and end dates.
startDateDate!The start date for the values.
endDateDate!The end date for the values.
trends[Trend]!The trends across 1 month, 3 month, 6 month and 12 months.
issueDistributionByAnalyzerIssueDistribution!Distribution of issues by analyzer.
issueDistributionByCategoryIssueDistribution!Distribution of issues by category.

IssuesAutofixedReport

Represents the Issues Autofixed report.
FieldTypeDescription
keyReportKey!An enum that uniquely identifies a report.
titleString!The title of the report.
currentValueIntThe current value of the reported statistic.
values[ReportValueItem]!The values of the report between the given start and end dates.
startDateDate!The start date for the values.
endDateDate!The end date for the values.
trends[Trend]!The trends across 1 month, 3 month, 6 month and 12 months.

ReportValueItem

Represents the list of values recorded for a report on a specific date.
FieldTypeDescription
dateDate!The date the values were recorded on.
valuesReportValueThe list of values recorded.

ReportValue

Represents a recorded value in a report.
FieldTypeDescription
keyString!The key to identify the recorded value
valueIntThe recorded value.

IssueDistribution

FieldTypeDescription
keyString!Key representing the category/type of issue.
valueInt!Number of issues in the category/type of issue.

SecurityIssueStat

FieldTypeDescription
keyString!The key of the security issue.
titleString!Title of the security issue.
occurrenceSeverityDistribution!Denotes the count of occurrences of various security issues.

SeverityDistribution

FieldTypeDescription
criticalIntNumber of security issues categorized as critical.
majorIntNumber of security issues categorized as major.
minorIntNumber of security issues categorized as minor.
majorInt!Total number of security issues.

CodeCoverageReportRepositoryConnection

FieldTypeDescription
pageInfoPageInfo!Pagination data for this connection.
edges[CodeCoverageReportRepositoryEdge]!Contains the nodes in this connection.
totalCountIntThe total count of the nodes.

CodeCoverageReportRepositoryEdge

FieldTypeDescription
nodeCodeCoverageReportRepositoryThe CodeCoverageReportRepository object.
cursor[String]!The cursor to be used for pagination.

CodeCoverageReportRepository

FieldTypeDescription
name[String]!The name of the repository.
id[ID]!The ID of the repository.
lcvMetricValue[Float]The LCV metric value for the repository.
bcvMetricValue[Float]The BCV metric value for the repository.
isLcvPassing[Boolean]Whether the LCV value is passing the threshold set for the metric.
isBcvPassing[Boolean]Whether the BCV value is passing the threshold set for the metric.

Trend

Compares the report value across different time periods.
FieldTypeDescription
labelString!A label for the trend. For example: “1 Month Ago”
valueInt!The value of the trend.
changePercentageFloat!The rate of change compared to the current value.

Deprecated

The following GraphQL interfaces & objects have been deprecated and will be removed soon.

Interfaces

Report

Represents the report associated with an Account or Repository.
FieldTypeDescription
keyReportKey!This is an enum that is used to uniquely identify a report.
titleString!Title of the report.
currentValueInt!The current value of the reported statistic.
historicalValues[HistoricalValueItem]!The historical data of the report.
startDateDate!The start date for the historical values.
endDateDate!The end date for the historical values.
trends[Trend]!The trends across 1 month, 3 month, 6 month and 12 months.

Objects

ComplianceReport

Represents a compliance report. Currently there are two compliance reports - OWASP_TOP_10 and SANS_TOP_25. Implements the Report interface.
FieldTypeDescription
keyReportKey!This is an enum that is used to uniquely identify a report.
titleString!Title of the report.
currentValueInt!The current value of the reported statistic.
historicalValues[HistoricalValueItem]!The historical data of the report.
startDateDate!The start date for the historical values.
endDateDate!The end date for the historical values.
trends[Trend]!The trends across 1 month, 3 month, 6 month and 12 months.
complianceIssueStats[ComplianceIssueStat]!This contains all data regarding the occurrences of the compliance issues.

ComplianceIssueStat

FieldTypeDescription
keyString!The key of the compliance issue.
titleString!Title of the compliance issue.
occurrenceComplianceIssueOccurrenceCount!Denotes the count of occurences of various compliance issues.

ComplianceIssueOccurrenceCount

FieldTypeDescription
criticalIntNumber of compliance issues categorized as critical.
majorIntNumber of compliance issues categorized as major.
minorIntNumber of compliance issues categorized as minor.
majorInt!Total number of compliance issues.

HistoricalValue

FieldTypeDescription
keyString!The key to uniquely identify the recorded value.
valueInt!The value of the recorded value.

HistoricalValueItem

FieldTypeDescription
dateDate!Date of the recorded value.
values[HistoricalValue]!A list of values recorded on the associated date.