Reports
You can query for a report associated with an `Account` or a `Repository`. You can do so by querying for the `reports` field in the `Account` or `Repository` objects. `Account.reports` contains all the reports available for an `Account`. `Repository.reports` contains all the reports available for a `Repository`.
Reports provide aggregate compliance and trend data. Access them via account { reports { ... } } or repository { reports { ... } }. Available reports include OWASP Top 10, SANS Top 25, Code Health Trend, Issue Distribution, and more.
Fetching the OWASP Top 10 report for a repository
Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with a Repository.
Sample Request
query (
$name: String!
$login: String!
$vcsProvider: VCSProvider!
$startDate: Date!
$endDate: Date!
) {
repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
reports {
owaspTop10 {
key
title
currentValue
status
values(startDate: $startDate, endDate: $endDate) {
date
values {
key
value
}
}
trends {
label
value
changePercentage
}
securityIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
}
}
}Sample Response
{
"data": {
"repository": {
"reports": {
"owaspTop10": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 12,
"status": "FAILING",
"values": [
{
"date": "2022-12-09",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-10",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-11",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-12",
"values": [
{
"key": "count",
"value": 12
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": 13,
"changePercentage": -7.0
},
{
"label": "3 Months Ago",
"value": 14,
"changePercentage": -14.0
},
{
"label": "6 Months Ago",
"value": 14,
"changePercentage": -14.0
},
{
"label": "12 Months Ago",
"value": null,
"changePercentage": null
}
],
"securityIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 1,
"minor": 0,
"total": 1
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
}Fetching the OWASP Top 10 report for an account
Query:repository:report:owaspTop10 Query for fetching the OWASP Top 10 report associated with an Account.
Sample Request
query (
$login: String!
$vcsProvider: VCSProvider!
$startDate: Date!
$endDate: Date!
) {
account(login: $login, vcsProvider: $vcsProvider) {
reports {
owaspTop10 {
key
title
currentValue
status
values(startDate: $startDate, endDate: $endDate) {
date
values {
key
value
}
}
trends {
label
value
changePercentage
}
securityIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
}
}
}Sample Response
{
"data": {
"account": {
"reports": {
"owaspTop10": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 144,
"status": "FAILING",
"values": [
{
"date": "2022-12-09",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-10",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-11",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-12",
"values": [
{
"key": "count",
"value": 144
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": 35,
"changePercentage": 311.0
},
{
"label": "3 Months Ago",
"value": 35,
"changePercentage": 311.0
},
{
"label": "6 Months Ago",
"value": 22,
"changePercentage": 554.0
},
{
"label": "12 Months Ago",
"value": null,
"changePercentage": null
}
],
"securityIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 2,
"major": 28,
"minor": 2,
"total": 32
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 3,
"major": 8,
"minor": 8,
"total": 19
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 1,
"major": 37,
"minor": 1,
"total": 39
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 9,
"minor": 0,
"total": 9
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 1,
"major": 11,
"minor": 8,
"total": 20
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 63,
"major": 0,
"minor": 0,
"total": 63
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
}Fetching a report for a repository [Deprecated]
Query:repository:report field is deprecated in favor of Query:repository:reports field.
Query:repository:report Query for fetching a report associated with a Repository.
Sample Request
query($name: String!, $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
report(key: $reportKey) {
key
title
currentValue
status
historicalValues(startDate:$startDate, endDate:$endDate) {
date
values {
key
value
}
}
trends {
label
value
rate
}
... on ComplianceReport {
complianceIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
... on IssueDistributionReport {
issueDistributionByAnalyzer {
key
value
}
issueDistributionByCategory {
key
value
}
}
}
}
}Sample Response
{
"data": {
"repository": {
"report": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 15,
"status": "FAILING",
"historicalValues": [
{
"date": "2022-07-01",
"values": [
{
"key": "count",
"value": 15
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": null,
"rate": null
},
{
"label": "3 Months Ago",
"value": null,
"rate": null
},
{
"label": "6 Months Ago",
"value": null,
"rate": null
},
{
"label": "12 Months Ago",
"value": null,
"rate": null
}
],
"complianceIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 8,
"minor": 0,
"total": 8
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 1,
"minor": 0,
"total": 1
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}Fetching a report for an account [Deprecated]
Query:account:report field is deprecated in favor of Query:account:reports field.
Query:account:report Query for fetching a report associated with an Account.
Sample Request
query( $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
account( login: $login, vcsProvider: $vcsProvider) {
report(key: $reportKey) {
key
title
currentValue
status
historicalValues(startDate:$startDate, endDate:$endDate) {
date
values {
key
value
}
}
trends {
label
value
rate
}
... on ComplianceReport {
complianceIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
... on IssueDistributionReport {
issueDistributionByAnalyzer {
key
value
}
issueDistributionByCategory {
key
value
}
}
}
}
}Sample Response
{
"data": {
"account": {
"report": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 138,
"status": "FAILING",
"historicalValues": [
{
"date": "2022-07-01",
"values": [
{
"key": "count",
"value": 138
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": null,
"rate": null
},
{
"label": "3 Months Ago",
"value": null,
"rate": null
},
{
"label": "6 Months Ago",
"value": null,
"rate": null
},
{
"label": "12 Months Ago",
"value": null,
"rate": null
}
],
"complianceIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 1,
"major": 16,
"minor": 2,
"total": 19
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 2,
"major": 7,
"minor": 8,
"total": 17
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 2,
"major": 25,
"minor": 2,
"total": 29
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 13,
"minor": 0,
"total": 13
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 2,
"major": 11,
"minor": 8,
"total": 21
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 63,
"major": 0,
"minor": 0,
"total": 63
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}Objects
AccountReportsNamespace
A namespace containing all the reports available in an Account.
| Field | Type | Description |
|---|---|---|
| owaspTop10 | OwaspTop10Report! | The OWASP Top 10 report for a account. |
| sansTop25 | SansTop25Report! | The SANS Top 25 report for a account. |
| codeHealthTrend | CodeHealthTrendReport! | The Code Health Trend report for a account. |
| issueDistribution | IssueDistributionReport! | The Issue Distribution report for a account. |
| issuesPrevented | IssuesPreventedReport! | The Issues Prevented report for a account. |
| issuesAutofixed | IssuesAutofixedReport! | The Issues Autofixed report for a account. |
| misraC | MisraCReport! | The MISRA C report for an account. |
| codeCoverage | CodeCoverageReport! | The Code Coverage report for an account. |
RepositoryReportsNamespace
A namespace containing all the reports available in a Repository.
| Field | Type | Description |
|---|---|---|
| owaspTop10 | OwaspTop10Report! | The OWASP Top 10 report for a repository. |
| sansTop25 | SansTop25Report! | The SANS Top 25 report for a repository. |
| codeHealthTrend | CodeHealthTrendReport! | The Code Health Trend report for a repository. |
| issueDistribution | IssueDistributionReport! | The Issue Distribution report for a repository. |
| issuesPrevented | IssuesPreventedReport! | The Issues Prevented report for a repository. |
| issuesAutofixed | IssuesAutofixedReport! | The Issues Autofixed report for a repository. |
| misraC | MisraCReport! | The MISRA C report for a repository. |
OwaspTop10Report
Represents the OWASP Top 10 report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| status | ReportStatus! | The status of the report. |
| securityIssueStats | [SecurityIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
SansTop25Report
Represents the SANS Top 25 report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| status | ReportStatus! | The status of the report. |
| securityIssueStats | [SecurityIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
CodeCoverageReport
Represents the Code Coverage report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| repositories | CodeCoverageReportRepositoryConnection | The list of repositories along with their code coverage metric values. |
| q | String | The query param to search the repositories by name. |
| sortKey | CodeCoverageReportRepositorySortKey | An enum to sort the list of repositories by. |
| offset | Int | The count of repositories to skip. |
| before | String | A cursor to be used with last for backward pagination. |
| after | String | The number of items to forward paginate. |
| last | Int | The number of items to backward paginate. |
CodeHealthTrendReport
Represents the Code Health Trend report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
IssueDistributionReport
Represents the Issue Distribution report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| issueDistributionByAnalyzer | IssueDistribution! | Distribution of issues by analyzer. |
| issueDistributionByCategory | IssueDistribution! | Distribution of issues by category. |
IssuesPreventedReport
Represents the Issues Prevented report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
IssuesAutofixedReport
Represents the Issues Autofixed report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
MisraCReport
Represents the MISRA C compliance report.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | An enum that uniquely identifies a report. |
| title | String! | The title of the report. |
| currentValue | Int | The current value of the reported statistic. |
| values | [ReportValueItem]! | The values of the report between the given start and end dates. |
| startDate | Date! | The start date for the values. |
| endDate | Date! | The end date for the values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| status | ReportStatus! | The status of the report. |
| securityIssueStats | [SecurityIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
ReportValueItem
Represents the list of values recorded for a report on a specific date.
| Field | Type | Description |
|---|---|---|
| date | Date! | The date the values were recorded on. |
| values | ReportValue | The list of values recorded. |
ReportValue
Represents a recorded value in a report.
IssueDistribution
| Field | Type | Description |
|---|---|---|
| key | String! | Key representing the category/type of issue. |
| value | Int! | Number of issues in the category/type of issue. |
SecurityIssueStat
| Field | Type | Description |
|---|---|---|
| key | String! | The key of the security issue. |
| title | String! | Title of the security issue. |
| occurrence | SeverityDistribution! | Denotes the count of occurrences of various security issues. |
SeverityDistribution
| Field | Type | Description |
|---|---|---|
| critical | Int | Number of security issues categorized as critical. |
| major | Int | Number of security issues categorized as major. |
| minor | Int | Number of security issues categorized as minor. |
| total | Int! | Total number of security issues. |
CodeCoverageReportRepositoryConnection
| Field | Type | Description |
|---|---|---|
| pageInfo | PageInfo! | Pagination data for this connection. |
| edges | [CodeCoverageReportRepositoryEdge]! | Contains the nodes in this connection. |
| totalCount | Int | The total count of the nodes. |
CodeCoverageReportRepositoryEdge
| Field | Type | Description |
|---|---|---|
| node | CodeCoverageReportRepository | The CodeCoverageReportRepository object. |
| cursor | [String]! | The cursor to be used for pagination. |
CodeCoverageReportRepository
| Field | Type | Description |
|---|---|---|
| name | [String]! | The name of the repository. |
| id | [ID]! | The ID of the repository. |
| lcvMetricValue | [Float] | The LCV metric value for the repository. |
| bcvMetricValue | [Float] | The BCV metric value for the repository. |
| isLcvPassing | [Boolean] | Whether the LCV value is passing the threshold set for the metric. |
| isBcvPassing | [Boolean] | Whether the BCV value is passing the threshold set for the metric. |
Trend
Compares the report value across different time periods.
| Field | Type | Description |
|---|---|---|
| label | String! | A label for the trend. For example: "1 Month Ago" |
| value | Int! | The value of the trend. |
| changePercentage | Float! | The rate of change compared to the current value. |
Deprecated
The following GraphQL interfaces & objects have been deprecated and will be removed soon.
Interfaces
Report
Represents the report associated with an Account or Repository.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | This is an enum that is used to uniquely identify a report. |
| title | String! | Title of the report. |
| currentValue | Int! | The current value of the reported statistic. |
| historicalValues | [HistoricalValueItem]! | The historical data of the report. |
| startDate | Date! | The start date for the historical values. |
| endDate | Date! | The end date for the historical values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
Objects
ComplianceReport
Represents a compliance report. Currently there are two compliance reports - OWASP_TOP_10 and SANS_TOP_25.
Implements the Report interface.
| Field | Type | Description |
|---|---|---|
| key | ReportKey! | This is an enum that is used to uniquely identify a report. |
| title | String! | Title of the report. |
| currentValue | Int! | The current value of the reported statistic. |
| historicalValues | [HistoricalValueItem]! | The historical data of the report. |
| startDate | Date! | The start date for the historical values. |
| endDate | Date! | The end date for the historical values. |
| trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
| complianceIssueStats | [ComplianceIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
ComplianceIssueStat
| Field | Type | Description |
|---|---|---|
| key | String! | The key of the compliance issue. |
| title | String! | Title of the compliance issue. |
| occurrence | ComplianceIssueOccurrenceCount! | Denotes the count of occurences of various compliance issues. |
ComplianceIssueOccurrenceCount
| Field | Type | Description |
|---|---|---|
| critical | Int | Number of compliance issues categorized as critical. |
| major | Int | Number of compliance issues categorized as major. |
| minor | Int | Number of compliance issues categorized as minor. |
| total | Int! | Total number of compliance issues. |
HistoricalValue
| Field | Type | Description |
|---|---|---|
| key | String! | The key to uniquely identify the recorded value. |
| value | Int! | The value of the recorded value. |
HistoricalValueItem
| Field | Type | Description |
|---|---|---|
| date | Date! | Date of the recorded value. |
| values | [HistoricalValue]! | A list of values recorded on the associated date. |