Alerts
Retrieves a list of advanced security alerts for a repository.
Table Specific Information
Select
This table is only available if AzureDevOpsServiceAPI is set to 7.2 or above.The add-in uses the Azure DevOps API to process WHERE clause conditions built with the following columns and operators:
- AlertId supports the '=', 'in' operators.
- AlertType supports the '=' operator.
- Confidence supports the '=', 'in' operators.
- GitRef supports the '=' operator.
- LastSeenDate supports the '>', '>=', '<=', '<' operators.
- ProjectId supports the '=' operator.
- RepositoryId supports the '=' operator.
- Severity supports the '=', 'in' operators.
- State supports the '=', 'in' operators.
- DependencyName supports the '=' operator.
- HasLinkedWorkItems supports the '=' operator.
- IsTriaged supports the '=' operator.
- Keywords supports the '=' operator.
- LicenseName supports the '=' operator.
- ModifiedSince supports the '=' operator.
- OnlyDefaultBranch supports the '=' operator.
- PhaseId supports the '=' operator.
- PhaseName supports the '=' operator.
- PipelineId supports the '=' operator.
- PipelineName supports the '=' operator.
- RuleId supports the '=' operator.
- RuleName supports the '=' operator.
- ToolName supports the '=' operator.
- Validity supports the '=' operator.
- Expand supports the '=' operator.
For example:
SELECT * FROM Alerts WHERE AlertId='2'
Columns
| Name | Type | References | Description |
| AlertId [KEY] | Long | Identifier for the alert. It is unique within Azure DevOps organization. | |
| AlertType | String | Type of the alert.
The allowed values are unknown, dependency, secret, code. | |
| Confidence | String | Confidence level of the alert.
The allowed values are high, other. | |
| DismissalId | Long | Unique ID for the dismissal. | |
| DismissalMessage | String | Informational message attached to the dismissal. | |
| DismissalStateChangedBy | String | The UUID of the identity that dismissed the alert. | |
| DismissalStateChangedByDescriptor | String | The descriptor of the identity that dismissed the alert. | |
| DismissalStateChangedByDisplayName | String | The display name of the identity that dismissed the alert. | |
| DismissalStateChangedByUrl | String | The URL of the identity that dismissed the alert. | |
| DismissalType | String | Reason for the dismissal. Possible values: unknown, fixed, acceptedRisk, falsePositive, agreedToGuidance, toolUpgrade, notDistributed. | |
| FirstSeenDate | Datetime | The first time the service has seen this issue reported in an analysis instance. | |
| FixedDate | Datetime | The time the service has seen this issue fixed in an analysis instance. | |
| GitRef | String | Reference to a git object, e.g. branch ref. | |
| HasTrustedSourceOrigin | Boolean | Indicates whether the alert comes from a SARIF uploaded by a trusted source. | |
| IntroducedDate | Datetime | The first time the vulnerability was introduced. | |
| LastSeenDate | Datetime | The last time the service has seen this issue reported in an analysis instance. | |
| LogicalLocations | String | Logical locations for the alert, such as components or dependencies. | |
| PhysicalLocations | String | Physical locations for the alert, such as file paths and line numbers. | |
| ProjectId | String | Identifier of the project where the alert was detected. | |
| Relations | String | Relations between this alert and other artifacts, such as linked work items. | |
| RepositoryId | String | Identifier of the repository where the alert was detected. | |
| RepositoryUrl | String | Repository URL where the alert was detected. | |
| Severity | String | Severity of the alert.
The allowed values are low, medium, high, critical, note, warning, error, undefined. | |
| State | String | The computed state of the alert based on results from all analysis configurations.
The allowed values are unknown, active, dismissed, fixed, autoDismissed. | |
| Title | String | The title of the alert. Maximum 256 characters, plain text only. | |
| Tools | String | Tools that have detected this issue. | |
| TruncatedSecret | String | A truncated/obfuscated version of the secret pertaining to the alert, if applicable. | |
| ValidityDetailsLastCheckedDate | Datetime | The last date the validity of the alert was checked. | |
| ValidityDetailsStatus | String | The validity status of the alert. Possible values: none, unknown, active, inactive. Only applicable to secret alerts. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements, and offer a more granular control over the tuples that are returned from the data source. Unless otherwise specified, only the = operator is permitted when filtering on pseudocolumns.
| Name | Type | Description | |
| DependencyName | String | If provided, only alerts for this dependency are returned. Not applicable for secret alerts. | |
| HasLinkedWorkItems | Boolean | If provided, filters alerts based on whether they have linked work items. Not applicable for secret and dependency scanning alerts. | |
| IsTriaged | Boolean | If provided, only return alerts that have been triaged. | |
| Keywords | String | If provided, only return alerts whose titles match this pattern. | |
| LicenseName | String | If provided, only alerts for dependencies with this license name are returned. Not applicable for secret alerts. | |
| ModifiedSince | Datetime | If provided, only return alerts that were modified since this date. | |
| OnlyDefaultBranch | Boolean | If true, only return alerts found on the default branch of the repository. Ignored if GitRef is provided. Not applicable for secret alerts. | |
| PhaseId | String | If provided with CriteriaPipelineName, only return alerts detected in this pipeline phase (by ID). Not applicable for secret alerts. | |
| PhaseName | String | If provided with CriteriaPipelineName, only return alerts detected in this pipeline phase (by name). Not applicable for secret alerts. | |
| PipelineId | Integer | If provided, only return alerts detected in this pipeline. | |
| PipelineName | String | If provided, only return alerts detected in this pipeline. Not applicable for secret alerts. | |
| RuleId | String | If provided, only return alerts for this rule ID. | |
| RuleName | String | If provided, only return alerts for this rule name. | |
| ToolName | String | If provided, only return alerts detected by this tool. | |
| Validity | String | If provided, only return alerts with this validity status. Only applicable for secret alerts. Possible values: none, unknown, active, inactive. | |
| Expand | String | Expand options for the alert list response.
The allowed values are none, minimal. |