-
Notifications
You must be signed in to change notification settings - Fork 0
issues
Purplemet CI edited this page Apr 28, 2026
·
5 revisions
Purplemet tracks security issues across all your sites. Use the issues commands to list, triage, and collaborate on findings.
purplemet-cli issues list [flags]Lists issues across all your sites.
| Flag | Default | Description |
|---|---|---|
--limit |
100 |
Maximum issues to return (0 for all) |
--severity |
— | Filter by severity: critical, high, medium, low, info
|
--status |
— | Filter by status: OPEN, IGNORED, FIXED
|
--json |
false |
JSON output |
Example:
# List all open high/critical issues
purplemet-cli issues list --severity high --status OPEN
# JSON output for scripting
purplemet-cli issues list --json --limit 0 | jq '.[] | select(.severity == "CRITICAL")'Output columns:
| Column | Description |
|---|---|
| ID | Unique issue ID (use as input for issues ignore / issues activate) |
| SEVERITY | CRITICAL, HIGH, MEDIUM, LOW, INFO |
| STATUS | OPEN, IGNORED, FIXED |
| NAME | CVE identifier or vulnerability name |
| TECHNOLOGY | Affected technology and version |
| TYPE | Issue category (e.g. SSL_TLS_PROTOCOLS, HTTP_HEADERS) |
Each issue in JSON output contains:
| Field | Type | Description |
|---|---|---|
id |
string | Unique issue ID |
siteId |
string | Site UUID |
siteUrl |
string | Site URL |
severity |
string | Severity level |
type |
string | Issue type |
name |
string | CVE or issue name |
description |
string | Detailed description |
reference |
string | External reference URL |
cweId |
string | CWE identifier |
cweName |
string | CWE name |
exploitMaturity |
string |
ATTACKED if actively exploited |
status |
string | OPEN, IGNORED, FIXED |
technologyName |
string | Affected technology |
technologyVersion |
string | Affected version |
technologyCategory |
string | Technology category |
commentCnt |
int | Number of comments |
firstDetectedAt |
int | First detection (unix ms) |
lastDetectedAt |
int | Last detection (unix ms) |
details.cvss3Score |
float | CVSS v3 score |
details.cvss3Vector |
string | CVSS v3 vector |
details.epssScore |
float | EPSS score (0–1) |
Mark issues as ignored with a reason. Ignored issues are always excluded from gate evaluation — an acknowledged risk should not re-fail a pipeline.
purplemet-cli issues ignore <issueId> [id...] --reason <reason> [flags]| Flag | Required | Description |
|---|---|---|
--reason |
Yes | Reason for ignoring |
--comments |
No | Additional notes |
--snooze |
No | Snooze until date (YYYY-MM-DD) — re-activates automatically |
Valid reasons (enum defined by the Purplemet API):
RISK_ACCEPTED, NOT_APPLICABLE, FIX_IN_PROGRESS, BACKPORTING, FALSE_POSITIVE
Refer to the official Purplemet documentation for the authoritative semantics of each reason.
Examples:
# Ignore a single issue
purplemet-cli issues ignore abc123 --reason RISK_ACCEPTED --comments "Low impact for our use case"
# Ignore multiple issues at once
purplemet-cli issues ignore abc123 def456 ghi789 --reason NOT_APPLICABLE
# Snooze an issue until a fix is expected
purplemet-cli issues ignore abc123 --reason FIX_IN_PROGRESS --snooze 2025-06-01Re-activate previously ignored issues:
purplemet-cli issues activate <issueId> [id...]Examples:
# Re-activate one issue
purplemet-cli issues activate abc123
# Re-activate multiple issues
purplemet-cli issues activate abc123 def456Collaborate on issues by adding comments.
purplemet-cli issues comment list <issueId> [--limit 100]purplemet-cli issues comment create <issueId> --contents "Investigated — this is a known upstream issue, tracking in JIRA-1234"purplemet-cli issues comment update <issueId> <commentId> --contents "Updated: fix deployed in v2.3.1"purplemet-cli issues comment delete <issueId> <commentId>A typical triage workflow:
# 1. List critical and high issues
purplemet-cli issues list --severity high --status OPEN
# 2. Investigate a specific issue (check the reference URL)
purplemet-cli issues list --json | jq '.[] | select(.id == "abc123") | {name, description, reference}'
# 3. Accept the risk for a low-impact issue
purplemet-cli issues ignore abc123 --reason RISK_ACCEPTED --comments "Internal-only endpoint, no user data"
# 4. Mark an issue as fix in progress
purplemet-cli issues ignore def456 --reason FIX_IN_PROGRESS --snooze 2025-07-01 --comments "PR #42 pending review"
# 5. Run analysis (ignored issues are automatically excluded from gates)
purplemet-cli analyze https://app.com --json --fail-on-severity high