Alerts
Retrieves a list of advanced security alerts for a repository.
Table Specific Information
Select
This table is only available if AzureDevOpsServiceAPI is set to 7.2 or above.The provider uses the Azure DevOps API to process WHERE clause conditions built with the following columns and operators:
- AlertId supports the '=', 'in' operators.
- AlertType supports the '=' operator.
- Confidence supports the '=', 'in' operators.
- GitRef supports the '=' operator.
- LastSeenDate supports the '>', '>=', '<=', '<' operators.
- ProjectId supports the '=' operator.
- RepositoryId supports the '=' operator.
- Severity supports the '=', 'in' operators.
- State supports the '=', 'in' operators.
- DependencyName supports the '=' operator.
- HasLinkedWorkItems supports the '=' operator.
- IsTriaged supports the '=' operator.
- Keywords supports the '=' operator.
- LicenseName supports the '=' operator.
- ModifiedSince supports the '=' operator.
- OnlyDefaultBranch supports the '=' operator.
- PhaseId supports the '=' operator.
- PhaseName supports the '=' operator.
- PipelineId supports the '=' operator.
- PipelineName supports the '=' operator.
- RuleId supports the '=' operator.
- RuleName supports the '=' operator.
- ToolName supports the '=' operator.
- Validity supports the '=' operator.
- Expand supports the '=' operator.
For example:
SELECT * FROM Alerts WHERE AlertId='2'
Columns
| Name | Type | References | Description |
| AlertId [KEY] | Long | Identifier for the alert. It is unique within Azure DevOps organization. | |
| AlertType | String | Type of the alert.
The allowed values are unknown, dependency, secret, code. | |
| Confidence | String | Confidence level of the alert.
The allowed values are high, other. | |
| DismissalId | Long | Unique ID for the dismissal. | |
| DismissalMessage | String | Informational message attached to the dismissal. | |
| DismissalStateChangedBy | String | The UUID of the identity that dismissed the alert. | |
| DismissalStateChangedByDescriptor | String | The descriptor of the identity that dismissed the alert. | |
| DismissalStateChangedByDisplayName | String | The display name of the identity that dismissed the alert. | |
| DismissalStateChangedByUrl | String | The URL of the identity that dismissed the alert. | |
| DismissalType | String | Reason for the dismissal. Possible values: unknown, fixed, acceptedRisk, falsePositive, agreedToGuidance, toolUpgrade, notDistributed. | |
| FirstSeenDate | Datetime | The first time the service has seen this issue reported in an analysis instance. | |
| FixedDate | Datetime | The time the service has seen this issue fixed in an analysis instance. | |
| GitRef | String | Reference to a git object, e.g. branch ref. | |
| HasTrustedSourceOrigin | Boolean | Indicates whether the alert comes from a SARIF uploaded by a trusted source. | |
| IntroducedDate | Datetime | The first time the vulnerability was introduced. | |
| LastSeenDate | Datetime | The last time the service has seen this issue reported in an analysis instance. | |
| LogicalLocations | String | Logical locations for the alert, such as components or dependencies. | |
| PhysicalLocations | String | Physical locations for the alert, such as file paths and line numbers. | |
| ProjectId | String | Identifier of the project where the alert was detected. | |
| Relations | String | Relations between this alert and other artifacts, such as linked work items. | |
| RepositoryId | String | Identifier of the repository where the alert was detected. | |
| RepositoryUrl | String | Repository URL where the alert was detected. | |
| Severity | String | Severity of the alert.
The allowed values are low, medium, high, critical, note, warning, error, undefined. | |
| State | String | The computed state of the alert based on results from all analysis configurations.
The allowed values are unknown, active, dismissed, fixed, autoDismissed. | |
| Title | String | The title of the alert. Maximum 256 characters, plain text only. | |
| Tools | String | Tools that have detected this issue. | |
| TruncatedSecret | String | A truncated/obfuscated version of the secret pertaining to the alert, if applicable. | |
| ValidityDetailsLastCheckedDate | Datetime | The last date the validity of the alert was checked. | |
| ValidityDetailsStatus | String | The validity status of the alert. Possible values: none, unknown, active, inactive. Only applicable to secret alerts. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements, and offer a more granular control over the tuples that are returned from the data source. Unless otherwise specified, only the = operator is permitted when filtering on pseudocolumns.
| Name | Type | Description | |
| DependencyName | String | If provided, only alerts for this dependency are returned. Not applicable for secret alerts. | |
| HasLinkedWorkItems | Boolean | If provided, filters alerts based on whether they have linked work items. Not applicable for secret and dependency scanning alerts. | |
| IsTriaged | Boolean | If provided, only return alerts that have been triaged. | |
| Keywords | String | If provided, only return alerts whose titles match this pattern. | |
| LicenseName | String | If provided, only alerts for dependencies with this license name are returned. Not applicable for secret alerts. | |
| ModifiedSince | Datetime | If provided, only return alerts that were modified since this date. | |
| OnlyDefaultBranch | Boolean | If true, only return alerts found on the default branch of the repository. Ignored if GitRef is provided. Not applicable for secret alerts. | |
| PhaseId | String | If provided with CriteriaPipelineName, only return alerts detected in this pipeline phase (by ID). Not applicable for secret alerts. | |
| PhaseName | String | If provided with CriteriaPipelineName, only return alerts detected in this pipeline phase (by name). Not applicable for secret alerts. | |
| PipelineId | Integer | If provided, only return alerts detected in this pipeline. | |
| PipelineName | String | If provided, only return alerts detected in this pipeline. Not applicable for secret alerts. | |
| RuleId | String | If provided, only return alerts for this rule ID. | |
| RuleName | String | If provided, only return alerts for this rule name. | |
| ToolName | String | If provided, only return alerts detected by this tool. | |
| Validity | String | If provided, only return alerts with this validity status. Only applicable for secret alerts. Possible values: none, unknown, active, inactive. | |
| Expand | String | Expand options for the alert list response.
The allowed values are none, minimal. |