[Question]: How to get the vulnerabilities of "Code Analysis"

[AjayJagan]

I have a project, which has some code analysis vulnerabilities.
when I do
project.issueset_aggregated.all()
it returns IssueSetAggregated(issues=[])

when I look at the issueCountsBySeverity
issueCountsBySeverity=IssueCounts(low=31, medium=22, high=30, critical=0)

I need to understand why it is not capturing these issues.
Any help is appreciated.

[ig596]

It doesn't look like this is implemented in the codebase presently. You can try calling the old endpoint directly and manually overriding the project attribute with the response cast into the proper model.

Which API version Client are you using?
Here is the relevant API call from the old version
But its not fully implemented in the code Client Get Issues

It appears to me that the new API doesn't support pulling issues from the project at this time.

The Project object from the new API only has the counts not the actual issues.

ProjectManager
IssueSetAggregatedManager

[AjayJagan]

Which API version Client are you using? -> pysnyk==0.9.19

[AjayJagan]

any update on this 😅

[borys-wisniewski]

@AjayJagan

you can do it that way:

def get_snyk_issues_by_code_analysis(org_id, project_id, authorization):
base_url = 'https://api.snyk.io'
url = f'{base_url}/rest/orgs/{org_id}/issues'
params = {
'version': '2024-04-29',
'limit': 100,
'scan_item.id': project_id,
'scan_item.type': 'project',
'status': 'open'
}
headers = {
'accept': 'application/vnd.api+json',
'authorization': authorization
}
vulnerabilites = []

while url:
    response = requests.get(url, params=params, headers=headers)
    if response.status_code == 200:
        data = response.json()
        issues = [
            {
                'id': issue_data.get('attributes', {}).get('key'),
                'title': issue_data.get('attributes', {}).get('title'),
                'status': issue_data.get('attributes', {}).get('status'),
                'created_at': issue_data.get('attributes', {}).get('created_at')
            }
            for issue_data in data.get('data', [])
        ]
        vulnerabilites.extend(issues)
        next_link = data.get('links', {}).get('next')
        url = f'{base_url}{next_link}' if next_link else None
        params = {}  
    else:
        logging.error(f'Error: {response.status_code}')
        return None

return vulnerabilites

[AjayJagan]

This is exactly what I am doing currently 😄 . But I wondered if it could be added to the pysnyk library.