POST /repositories/{workspace}/{repo_slug}/commit/{commit}/reports/{reportId}/annotations
Bulk upload of annotations. Annotations are individual findings that have been identified as part of a report, for example, a line of code that represents a vulnerability. These annotations can be attached to a specific file and even a specific line in that file, however, that is optional. Annotations are not mandatory and a report can contain up to 1000 annotations.
Add the annotations you want to upload as objects in a JSON array and make sure each annotation has the external_id field set to a unique value. If you want to use an existing id from your own system, we recommend prefixing it with your system's name to avoid collisions, for example, mySystem-annotation001. The external id can later be used to identify the report as an alternative to the generated UUID. You can upload up to 100 annotations per POST request.
Sample cURL request:
curl --location 'https://api.bitbucket.org/2.0/repositories/<username>/<reposity-name>/commit/<commit-hash>/reports/mysystem-001/annotations' \
--header 'Content-Type: application/json' \
--data-raw '[
{
"external_id": "mysystem-annotation001",
"title": "Security scan report",
"annotation_type": "VULNERABILITY",
"summary": "This line represents a security threat.",
"severity": "HIGH",
"path": "my-service/src/main/java/com/myCompany/mysystem/logic/Main.java",
"line": 42
},
{
"external_id": "mySystem-annotation002",
"title": "Bug report",
"annotation_type": "BUG",
"result": "FAILED",
"summary": "This line might introduce a bug.",
"severity": "MEDIUM",
"path": "my-service/src/main/java/com/myCompany/mysystem/logic/Helper.java",
"line": 13
}
]'
Possible field values:
annotation_type: VULNERABILITY, CODE_SMELL, BUG result: PASSED, FAILED, IGNORED, SKIPPED severity: HIGH, MEDIUM, LOW, CRITICAL
Please refer to the Code Insights documentation for more information.
Servers
- https://api.bitbucket.org/2.0
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
commit |
String | Yes |
The commit for which to retrieve reports. |
repo_slug |
String | Yes |
The repository. |
workspace |
String | Yes |
This can either be the workspace ID (slug) or the workspace UUID surrounded by curly-braces, for example |
reportId |
String | Yes |
Uuid or external-if of the report for which to get annotations for. |
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
[] |
Array | Yes | |
[].external_id |
String | No |
ID of the annotation provided by the annotation creator. It can be used to identify the annotation as an alternative to it's generated uuid. It is not used by Bitbucket, but only by the annotation creator for updating or deleting this specific annotation. Needs to be unique. |
[].uuid |
String | No |
The UUID that can be used to identify the annotation. |
[].created_on |
String | No |
The timestamp when the report was created. |
[].path |
String | No |
The path of the file on which this annotation should be placed. This is the path of the file relative to the git repository. If no path is provided, then it will appear in the overview modal on all pull requests where the tip of the branch is the given commit, regardless of which files were modified. |
[].annotation_type |
String | No |
The type of the report. Possible values:
|
[].details |
String | No |
The details to show to users when clicking on the annotation. |
[].severity |
String | No |
The severity of the annotation. Possible values:
|
[].type |
String | Yes | |
[].line |
Integer | No |
The line number that the annotation should belong to. If no line number is provided, then it will default to 0 and in a pull request it will appear at the top of the file specified by the path field. |
[].updated_on |
String | No |
The timestamp when the report was updated. |
[].summary |
String | No |
The message to display to users. |
[].link |
String | No |
A URL linking to the annotation in an external tool. |
[].result |
String | No |
The state of the report. May be set to PENDING and later updated. Possible values:
|
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.