Start NowBlogsWatch NowContact Us

REST API Common Deployment Scenarios

Using GET Issues v5 API with False Positive Support

The GET Issues v5 API endpoint provides enhanced functionality over previous versions, including false positive support and improved filtering capabilities. This guide demonstrates how to use the v5 endpoint effectively.

Overview

The v5 issues endpoint (/api/rest/v5/issues) offers several key enhancements:

  • False Positive Support: Access fpDescription field for false positive information

  • Enhanced Metadata: Includes createdAt and fingerprintHash fields

  • Vulnerability Tags: Access vulnerabilityReportIssueTags array

  • Improved Filtering: Filter by fixReportId parameter for targeted queries

Step 1: Get Available Fix Reports (GET fix-reports v2)

First, retrieve all available fix reports to identify the ones you want to query:

curl -X GET "https://api.mobb.ai/api/rest/fix-reports" \
  -H "x-mobb-key: YOUR_API_KEY" \
  -H "Content-Type: application/json"

Sample Response:

{
  "getReportsApiV2": {
    "fixReport": [
      {
        "id": "f1fdee4c-9a62-4913-a179-18d07ec11a0e",
        "createdOn": "2024-01-10T23:41:53.650049+00:00",
        "expirationOn": "2024-01-24T23:41:53.650049+00:00",
        "createdByUser": {
          "email": "[email protected]",
          "id": "1f7ba60a-b4b8-4a08-91b9-d3a8c4af814d"
        },
        "vulnerabilityReport": {
          "vendor": "snyk",
          "project": {
            "id": "276cd1ed-64b7-496e-ad14-98eb6f55d5e0",
            "name": "My first project"
          }
        },
        "repo": {
          "name": "mobb-circleci-integration",
          "originalUrl": "https://github.com/antonychiu2/mobb-circleci-integration",
          "reference": "main"
        }
      }
    ]
  }
}

Step 2: Query Issues with Fix Report ID (GET issues v5)

Use the fix report ID from Step 1 to get issues with enhanced metadata and false positive information:

curl -X GET "https://api.mobb.ai/api/rest/v5/issues?fixReportId=f1fdee4c-9a62-4913-a179-18d07ec11a0e" \
  -H "x-mobb-key: YOUR_API_KEY" \
  -H "Content-Type: application/json"

Step 3: Understanding the v5 Response

The v5 response includes enhanced fields not available in previous versions:

Key New Fields:

  • fpDescription: Description when an issue is marked as false positive

  • createdAt: Timestamp when the issue was created

  • fingerprintHash: Unique fingerprint for the issue

  • vulnerabilityReportIssueTags: Array of tags associated with the issue

Sample v5 Response:

{
    "getIssuesApiV5": {
        "vulnerability_report_issue": [

            {
                "id": "dda692d7-0bd4-46b9-a978-3bbb09ac583f",
                "vendorInstanceId": null,
                "vendorIssueId": "371",
                "issueType": "browser.security.insecure-document-method",
                "severity": "error",
                "issueLanguage": "javascript",
                "state": "FalsePositive",
                "createdAt": "2025-10-22T19:10:24.36944+00:00",
                "fingerprintHash": "413f05ef11f75684c85c0d09f132770a",
                "vulnerabilityReportIssueTags": [
                    {
                        "vulnerability_report_issue_tag_value": "FALSE_POSITIVE"
                    }
                ],
                "fix": null,
                "fpDescription": "This issue is a false positive. This is not an XSS vulnerability. The code is setting innerHTML to a hardcoded constant value (wysihtml5.INVISIBLE_SPACE = '\\uFEFF') which is a Unicode zero-width no-break space character. There is no user-controlled input being inserted into the DOM - only a predefined, safe constant string. The value is not derived from any external source, user input, or dynamic data that could contain malicious content."
            }
        ],
        "hasNextPage": false
    }
}

Filtering Options

Filter by Specific Issue ID

curl -X GET "https://api.mobb.ai/api/rest/v5/issues?issueId=abc12345-e89b-12d3-a456-426614174003" \
  -H "x-mobb-key: YOUR_API_KEY"

Filter by Fix Report ID

curl -X GET "https://api.mobb.ai/api/rest/v5/issues?fixReportId=123e4567-e89b-12d3-a456-426614174000
  -H "x-mobb-key: YOUR_API_KEY"

Common Use Cases

  1. Quality Assurance: Review fpDescription to understand why issues were marked as false positives

  2. Issue Suppression for SAST Scanners: Use false positive descriptions to improve scanning accuracy

  3. Reporting: Generate reports showing false positive rates and reasons

  4. Issue Tracking: Track issue lifecycle with createdAt timestamps and fingerprintHash for deduplication

Best Practices for using GET issues v5

  • Use Fix Report ID Filtering: Always filter by fixReportId when querying specific fix reports to reduce the response size.

  • Handle Pagination: Check hasNextPage field and implement pagination for large result sets. If the result set exceeds 1000 entries, the response will be trucated with hasNextPage set to true. To obtain the full result set, the user will need to capture the last issueId and re-run the same API again by supplying the issueId to obtain the next 1000 results. Repeat until hasNextPage returns false.

  • The issue result sets are chronologically ordered from earliest to latest

PreviousMobb REST API GuideNextIntegrating with Issue Tracking Systems

Last updated

Was this helpful?