# Get Project Security Findings (Dependencies - SCA) Returns all security findings for a given project Endpoint: GET /api/v3.0/projects/{projectUuid}/dependencies/findings/security Version: 3.0 Security: bearer-key ## Query parameters: - `limit` (string) Specifies the maximum number of items to be returned in the response. - `cursor` (String) Parameter indicates the starting point for retrieving results, the first call doesn't include a cursor parameter in the request, the API response includes the first set of results along with a cursor pointing to the last item retrieved. ## Path parameters: - `projectUuid` (string, required) UUID of the project ## Response 200 fields (application/json): - `additionalData` (object) + : The total count of data points returned in an API response. Example: {"totalItems":"422","next":"http://someUrl?cursor=3","cursor":3} - `supportToken` (string) Example: "1171c60d" - `response` (array) - `response.uuid` (string) Example: "123e4567-e89b-12d3-a456-426655440000" - `response.name` (string) Identifier of the finding, changes based on finding type Example: "CVE-2021-42392" - `response.type` (string) Enum: "SECURITY_VULNERABILITY" - `response.component` (object) - `response.component.name` (string) Example: "dbus-1.10.24-13.el7_6.x86_64.rpm" - `response.component.description` (string) Example: "Component description" - `response.component.componentType` (string) - `response.component.libraryType` (string) Example: "REDHAT_PACKAGE_MODULE" - `response.component.rootLibrary` (boolean) - `response.component.references` (object) - `response.component.references.url` (string) Example: "https://www.gnupg.org/related_software/pinentry/98" - `response.component.references.homePage` (string) Example: "https://www.gnupg.org/related_software/pinentry/89" - `response.component.references.downloadLink` (string) Example: "https://www.gnupg.org/related_software/pinentry/09" - `response.component.references.issueUrl` (string) Example: "https://www.gnupg.org/related_software/pinentry/87" - `response.component.references.pomUrl` (string) Example: "https://www.gnupg.org/related_software/pinentry/76" - `response.component.references.scmUrl` (string) Example: "https://www.gnupg.org/related_software/pinentry/65" - `response.component.references.genericPackageIndex` (string) Example: "5" - `response.component.references.nugetGallery` (string) - `response.component.references.tags` (string) Example: "Important" - `response.component.references.copyright` (string) Example: "Copyright 2002-2015 g10 Code GmbH" - `response.component.references.hasNotice` (boolean) - `response.component.groupId` (string) Example: "org.springframework.boot" - `response.component.artifactId` (string) Example: "spring-boot" - `response.component.version` (string) Example: "3.0.5" - `response.component.path` (string) Example: "pom.xml" - `response.component.dependencyType` (string) Example: "Direct / Transitive" - `response.findingInfo` (object) - `response.findingInfo.status` (string) Enum: "ACTIVE", "IGNORED", "LIBRARY_REMOVED", "LIBRARY_IN_HOUSE", "LIBRARY_WHITELIST" - `response.findingInfo.comment` (object) - `response.findingInfo.comment.date` (string) - `response.findingInfo.comment.userEmail` (string) Example: "jon.smith@mail.com" - `response.findingInfo.comment.username` (string) Example: "jon" - `response.findingInfo.detectedAt` (string) - `response.findingInfo.modifiedAt` (string) - `response.project` (object) - `response.project.applicationName` (string) Example: "My Application" - `response.project.applicationUuid` (string) Example: "123e4567-e89b-12d3-a456-426655440000" - `response.application` (object) - `response.vulnerability` (object) - `response.vulnerability.score` (number) Example: 5 - `response.vulnerability.severity` (string) Enum: "HIGH", "MEDIUM", "LOW" - `response.vulnerability.publishDate` (string) - `response.vulnerability.modifiedDate` (string) - `response.vulnerability.vulnerabilityScoring` (array) - `response.vulnerability.vulnerabilityScoring.scoreMetadataVector` (string) Example: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" - `response.vulnerability.vulnerabilityScoring.extraData` (object) - `response.vulnerability.effectiveInfo` (object) - `response.vulnerability.effectiveInfo.referenceCount` (integer) - `response.vulnerability.effectiveInfo.shieldValue` (integer) RED(15), YELLOW(10), GREY(8), NO_SHIELD(6), GREEN(5) - `response.vulnerability.threatAssessment` (object) - `response.vulnerability.threatAssessment.exploitCodeMaturity` (string) Enum: "UNPROVEN", "POC_CODE", "FUNCTIONAL", "HIGH", "NOT_DEFINED" - `response.vulnerability.threatAssessment.epssPercentage` (number) Example: 0.8 - `response.topFix` (object) - `response.topFix.id` (integer) Example: 49422 - `response.topFix.origin` (string) Example: "WHITESOURCE_EXPERT" - `response.topFix.fixResolution` (string) Example: "3.0.24" - `response.topFix.message` (string) Example: "Upgrade to version" - `response.topFix.minimalFixVersionFromExtraData` (string) - `response.topFix.minimalAffectedVersionFromExtraData` (string) - `response.reachability` (string) Enum: "REACHABLE", "POTENTIALLY_REACHABLE", "UNREACHABLE" - `response.findingIntegration` (object) - `response.findingIntegration.issues` (array) - `response.findingIntegration.issues.issueStatus` (string) Example: "Open" - `response.findingIntegration.issues.issueTrackerType` (string) Example: "Jira-cloud" - `response.findingIntegration.issues.issueIdentifier` (string) Example: "projectA-22" - `response.exploitable` (boolean) Example: true ## Response 400 fields (*/*): - `supportToken` (string) Example: "1171c60d" - `retVal` (object) ## Response 403 fields (*/*): - `supportToken` (string) Example: "1171c60d" - `retVal` (object)