Table: semgrep_sca_finding
Semgrep findings from the Semgrep SCA (Supply Chain) module.
Examples
List all SCA findings
select id, state, repository, triage_state, severity, confidence, rulefrom semgrep_sca_finding;Group SCA findings by severity for repository gabrielsoltz/steampipe-plugin-semgrep
select count(*) as findings, severityfrom semgrep_sca_findingwhere repository ->> 'name' = 'gabrielsoltz/steampipe-plugin-semgrep'group by severity;Schema for semgrep_sca_finding
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| categories | jsonb | The categories of the finding as classified by the associated rule metdata. | |
| confidence | text | Confidence of the finding, derived from the rule that triggered it. | |
| created_at | timestamp with time zone | The timestamp when this finding was created. | |
| deployment_slug | text | = | Sanitized machine-readable name of the deployment. |
| epss_score | jsonb | Expected Probability and Severity score of the finding. | |
| external_ticket | jsonb | External ticket associated with finding. | |
| first_seen_scan_id | bigint | Unique ID of the Semgrep scan that first identified this finding. | |
| fix_recommendation | jsonb | Fix recommendation for the finding. | |
| found_dependency | jsonb | The dependency that was found to be vulnerable. | |
| id | text | Unique ID of this finding. | |
| line_of_code_url | text | The source URL including file and line number.. | |
| location | jsonb | Location of the record in a file, as reported by Semgrep. If null, then the information does not exist or lacks integrity (older or broken scans). | |
| match_based_id | text | ID calculated based on a finding's file path, rule id, and the rule index. | |
| reachability | text | Reachability of the finding. | |
| reachable_conditions | text | Reachability conditions of the finding. | |
| ref | text | External reference to the source of this finding (e.g. PR). | |
| relevant_since | timestamp with time zone | The timestamp when this finding was detected by Semgrep (the first time, or when reintroduced). | |
| repository | jsonb | Which repository is this finding a part of, defined via name. | |
| rule | jsonb | Rule that applies to this finding. | |
| severity | text | Severity of the finding, derived from the rule that triggered it. Low is equivalent to INFO, Medium to WARNING, and High to ERROR. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| state | text | The finding's resolution state. Managed only by changes detected at scan time, the state is combined with triage_state to ultimately determine a final status which is exposed in the UI and API. | |
| state_updated_at | timestamp with time zone | When this issue's state (resolution state) was last updated, as distinct from when the issue was triaged (triaged_at). | |
| status | text | The finding's status as exposed in the UI. Status is a derived property combining information from the finding state and triage_state. The triage_state can be used to override the scan state if the finding is still detected. | |
| syntactic_id | text | ID calculated based on a finding's file path, rule identifier and matched code, and index. | |
| triage_comment | text | The detailed comment provided during triage. | |
| triage_reason | text | Reason provided when this issue was triaged. | |
| triage_state | text | The finding's triage state. Set by the user and used along with state to generate the final status viewable in the UI. | |
| triaged_at | timestamp with time zone | When the finding was triaged. | |
| usage | jsonb | Usage of the dependency that was found to be vulnerable. | |
| vulnerability_identifier | text | Identifier of the vulnerability that this finding is associated with. |