Code issues over time
Returns the count of day-aggregated issue statuses (Opened Earlier, open today, Fix Pending, Fixed, Suppressed) for the last 30 days.
You can set the
startDate parameters in the request body to filter the results.
Vulnerability data is not included in the response of this endpoint.
Use the Top CVSS Score Vulnerabilities endpoint to retrieve the riskiest vulnerabilities.
- IaC: Filter value to retrieve issues with Infrastructure-as-Code (IaC or iac) templates and scripts that provision and manage cloud resources. Prisma Cloud detects issues such as misconfigurations and security risks within the code that deploys and manages the infrastructure.
- Vulnerability: Filter value to retrieve findings related to known security vulnerabilities in open-source packages used in applications. These findings highlight potential weaknesses that could be exploited by attackers.
- BuildIntegrity: Filter value to retrieve findings related to the integrity and security of the build pipeline or the software supply chain. These findings include checks for unauthorized or insecure dependencies, insecure artifact storage, or other issues that could compromise the integrity of the software build process.
- Secrets: Filter value to retrieve findings related to the handling and management of sensitive information, such as API keys, passwords, or cryptographic keys, within code files. Address these findings to ensure that secrets are properly protected and not exposed in the code or configurations.
- Licenses: Filter value to retrieve issues related to the non-compliance with license requirements. Open source packages typically include a license that is either restrictive or permissive. Prisma Cloud, by default, identifies and flags instances where open-source software components do not include a license, or are carrying an undesired one. Specifically, licenses not approved by the Open Source Initiative (OSI) or not recognized by the Software Package Data Exchange (SPDX) fall under this undesired category.
- Critical: Critical severity indicates a high-risk vulnerability or misconfiguration that could lead to significant security breaches or data leaks. These issues require immediate attention and remediation.
- High: High severity indicates a significant security issue that has the potential to be exploited or result in significant damage if left unaddressed. These findings should be addressed as a priority.
- Medium: Medium severity indicates issues that pose a potential security risk that are less severe than Critical and High. Remediation of these issues should be prioritized, but they may not require immediate attention.
- Low: Low severity indicates issues that have a minimal impact on security or are relatively low-risk. While they may not pose an immediate threat, it is still recommended to address them to maintain a robust security posture.
- Info: Info severity is used for informational findings or recommendations that do not pose an immediate security risk but provide helpful guidance, best practices, or suggestions for optimization. These findings can be considered as part of ongoing security hygiene efforts.
Possible values: [
The repositories filter enables you to retrieve issues related to one or more repositories.
You must provide the UUIDs of the repositories that you want to include in the filter.
To retrieve the UUID of a repository use the List repository list endpoint.
id field of the response has the UUID of the repository).
Possible values: [
The severity level of the vulnerability or misconfiguration.
(applicable to Code issues over time, and Pull Requests over Time): The start date filter enables you to retrieve issues from a given date. Provide a date earlier than the current date in the ISO 8601 format.
VCS Scan Issues Over Time
- Example (from schema)
- Array [
A date in ISO 8601 format. The response includes data for every single day starting from the given
Number of fix pending issues on a given date.
Number of fixed issues till a given date.
Number of open issues on a given date.
Number of open issues added on a given date.
Number of suppressed issues on a given date.
The time when the last scan was triggered.
Customer has no permitted accounts
Request arguments validation error
Failed to get vcs scan issues over time