> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List policy violations

> Returns policy violations for a repository with optional filters for status, enforcement mode, policy, target type, and reference.



## OpenAPI

````yaml https://app.cysmiq.com/docs/tenant/openapi.json get /{tenant_slug}/policy-violations
openapi: 3.1.0
info:
  title: Cysmiq
  version: v1
  description: Tenant API
servers:
  - url: https://app.cysmiq.com/api/v1
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Token
    description: Token introspection and authentication context.
  - name: Organizations
    description: Read-only organizational unit (org) data.
  - name: Repositories
    description: Read-only repository data.
  - name: Applications
    description: Read-only application data.
  - name: Scans
    description: Read-only scan status data for CI integrations.
  - name: Vulnerabilities
    description: Read-only vulnerability data for CI and reporting.
  - name: Policy Violations
    description: Read-only policy violation data for CI and reporting.
paths:
  /{tenant_slug}/policy-violations:
    get:
      tags:
        - Policy Violations
      summary: List policy violations
      description: >-
        Returns policy violations for a repository with optional filters for
        status, enforcement mode, policy, target type, and reference.
      operationId: listPolicyViolations
      parameters:
        - name: repo
          in: query
          required: true
          schema:
            type: string
            maxLength: 255
        - name: ref
          in: query
          schema:
            type:
              - string
              - 'null'
            maxLength: 255
        - name: status
          in: query
          schema:
            type:
              - string
              - 'null'
            maxLength: 255
        - name: enforcement
          in: query
          schema:
            type:
              - string
              - 'null'
            maxLength: 255
        - name: policy
          in: query
          schema:
            type:
              - string
              - 'null'
            maxLength: 255
        - name: target_type
          in: query
          schema:
            type:
              - string
              - 'null'
            maxLength: 255
        - name: limit
          in: query
          schema:
            type:
              - integer
              - 'null'
            minimum: 1
            maximum: 200
        - name: cursor
          in: query
          schema:
            type:
              - string
              - 'null'
        - name: tenant_slug
          in: path
          required: true
          description: Workspace slug for the tenant context.
          schema:
            type: string
          example: acme
      responses:
        '200':
          description: Policy violation list response.
          content:
            application/json:
              schema:
                type: object
                examples:
                  - repository:
                      id: repo_01hxyz
                      full_name: acme/widgets
                    reference:
                      ref: main
                      sha: a1b2c3d4
                    filters:
                      status:
                        - open
                        - pending_review
                      enforcement:
                        - block
                      policy:
                        - pol_vuln_sla
                      target_type:
                        - vulnerability
                    summary:
                      total: 1
                      by_status:
                        open: 1
                      by_target_type:
                        vulnerability: 1
                      by_enforcement_mode:
                        block: 1
                    items:
                      - id: pvl_01hxyz
                        status: open
                        enforcement_mode: block
                        blocking: true
                        due_at: '2026-02-01T00:00:00Z'
                        remaining_seconds: 604800
                        snoozed: false
                        snoozed_until: null
                        snooze_count: 0
                        first_seen_at: '2026-01-10T09:14:00Z'
                        last_seen_at: '2026-01-20T10:12:00Z'
                        resolved_at: null
                        metadata:
                          severity: high
                          cvss_score: 8.2
                          epss_score: 0.72
                          reference_ref: main
                          environment_key: prod
                        policy:
                          id: pol_01hxyz
                          key: vuln_high_sla
                          name: High Severity SLA
                          type: custom
                          status: active
                          target_type: vulnerability
                          enforcement_mode: block
                          severity: null
                        scope:
                          type: repo
                          id: repo_01hxyz
                          name: acme/widgets
                        target:
                          type: vulnerability
                          id: vc_01hxyz
                          title: Prototype Pollution in lodash
                          severity: high
                          status: open
                          vulnerability_type: dependency
                        rule: null
                    next_cursor: null
                properties:
                  repository:
                    type: object
                    properties:
                      id:
                        type: string
                      full_name:
                        type:
                          - string
                          - 'null'
                    required:
                      - id
                      - full_name
                  reference:
                    type:
                      - object
                      - 'null'
                    properties:
                      ref:
                        type: string
                      sha:
                        type: string
                    required:
                      - ref
                      - sha
                  filters:
                    type: object
                    properties:
                      status:
                        type: array
                        prefixItems:
                          - type: string
                          - type: string
                        minItems: 2
                        maxItems: 2
                        additionalItems: false
                      enforcement:
                        type:
                          - array
                          - 'null'
                        items:
                          type: string
                      policy:
                        type:
                          - array
                          - 'null'
                        items:
                          type: string
                      target_type:
                        type:
                          - array
                          - 'null'
                        items:
                          type: string
                    required:
                      - status
                      - enforcement
                      - policy
                      - target_type
                  summary:
                    type: object
                    properties:
                      total:
                        type: string
                      by_status:
                        type: string
                      by_target_type:
                        type: string
                      by_enforcement_mode:
                        type: string
                    required:
                      - total
                      - by_status
                      - by_target_type
                      - by_enforcement_mode
                  items:
                    type: array
                    items:
                      type: object
                      properties:
                        id:
                          type: string
                        status:
                          type: string
                        enforcement_mode:
                          type:
                            - string
                            - 'null'
                        blocking:
                          type: boolean
                        due_at:
                          type: string
                        remaining_seconds:
                          type: string
                        snoozed:
                          anyOf:
                            - type: string
                            - type: boolean
                        snoozed_until:
                          type: string
                        snooze_count:
                          type: string
                        first_seen_at:
                          type: string
                        last_seen_at:
                          type: string
                        resolved_at:
                          type: string
                        metadata:
                          anyOf:
                            - type: string
                            - type: array
                              items:
                                type: string
                              minItems: 0
                              maxItems: 0
                              additionalItems: false
                        policy:
                          type:
                            - object
                            - 'null'
                          properties:
                            id:
                              type: string
                            key:
                              type: string
                            name:
                              type: string
                            type:
                              type: string
                            status:
                              type: string
                            target_type:
                              type: string
                            enforcement_mode:
                              type: string
                            severity:
                              type: string
                            config:
                              type: string
                            condition:
                              type: string
                            actions:
                              type: string
                          required:
                            - id
                            - key
                            - name
                            - type
                            - status
                            - target_type
                            - enforcement_mode
                            - severity
                            - config
                            - condition
                            - actions
                        scope:
                          type: object
                          properties:
                            type:
                              type: string
                            id:
                              type: string
                            name:
                              type: string
                          required:
                            - type
                            - id
                            - name
                        target:
                          anyOf:
                            - type: object
                              properties:
                                type:
                                  type: string
                                id:
                                  type: string
                              required:
                                - type
                                - id
                            - type: object
                              properties:
                                type:
                                  type: string
                                id:
                                  type: string
                                analysis_type:
                                  type: string
                                vulnerable_at:
                                  type: string
                                vulnerable_reason:
                                  type: string
                              required:
                                - type
                                - id
                                - analysis_type
                                - vulnerable_at
                                - vulnerable_reason
                            - type: object
                              properties:
                                type:
                                  type: string
                                id:
                                  type: string
                                provider:
                                  type: string
                                exploitable_at:
                                  type: string
                                vulnerable_at:
                                  type: string
                                manual_override:
                                  type: string
                              required:
                                - type
                                - id
                                - provider
                                - exploitable_at
                                - vulnerable_at
                                - manual_override
                            - type: object
                              properties:
                                type:
                                  type: string
                                id:
                                  type: string
                                name:
                                  type: string
                                asset_type:
                                  type: string
                              required:
                                - type
                                - id
                                - name
                                - asset_type
                            - type: object
                              properties:
                                type:
                                  type: string
                                id:
                                  type: string
                                display_name:
                                  type: string
                                manifest_type:
                                  type: string
                                language:
                                  type: string
                                manifest_file:
                                  type: string
                                lock_file:
                                  type: string
                                group_key:
                                  type: string
                                uses_grouped_identity:
                                  type: boolean
                              required:
                                - type
                                - id
                                - display_name
                                - manifest_type
                                - language
                                - manifest_file
                                - lock_file
                                - group_key
                                - uses_grouped_identity
                            - type: object
                              properties:
                                type:
                                  type: string
                                id:
                                  type: string
                                purl:
                                  type: string
                                version:
                                  type: string
                                package_id:
                                  type: string
                              required:
                                - type
                                - id
                                - purl
                                - version
                                - package_id
                            - type: object
                              properties:
                                type:
                                  type: string
                                id:
                                  type: string
                                purl:
                                  type: string
                                package_type:
                                  type: string
                                namespace:
                                  type: string
                                name:
                                  type: string
                              required:
                                - type
                                - id
                                - purl
                                - package_type
                                - namespace
                                - name
                            - type: object
                              properties:
                                type:
                                  type: string
                                id:
                                  type: string
                                title:
                                  type: string
                                severity:
                                  type: string
                                status:
                                  type: string
                                vulnerability_type:
                                  type: string
                              required:
                                - type
                                - id
                                - title
                                - severity
                                - status
                                - vulnerability_type
                            - type: array
                              items: {}
                        rule:
                          type:
                            - object
                            - 'null'
                          properties:
                            type:
                              type: string
                            id:
                              type: string
                          required:
                            - type
                            - id
                      required:
                        - id
                        - status
                        - enforcement_mode
                        - blocking
                        - due_at
                        - remaining_seconds
                        - snoozed
                        - snoozed_until
                        - snooze_count
                        - first_seen_at
                        - last_seen_at
                        - resolved_at
                        - metadata
                        - policy
                        - scope
                        - target
                        - rule
                  next_cursor:
                    type: string
                required:
                  - repository
                  - reference
                  - filters
                  - summary
                  - items
                  - next_cursor
              example:
                repository:
                  id: repo_01hxyz
                  full_name: acme/widgets
                reference:
                  ref: main
                  sha: a1b2c3d4
                filters:
                  status:
                    - open
                    - pending_review
                  enforcement:
                    - block
                  policy:
                    - pol_vuln_sla
                  target_type:
                    - vulnerability
                summary:
                  total: 1
                  by_status:
                    open: 1
                  by_target_type:
                    vulnerability: 1
                  by_enforcement_mode:
                    block: 1
                items:
                  - id: pvl_01hxyz
                    status: open
                    enforcement_mode: block
                    blocking: true
                    due_at: '2026-02-01T00:00:00Z'
                    remaining_seconds: 604800
                    snoozed: false
                    snoozed_until: null
                    snooze_count: 0
                    first_seen_at: '2026-01-10T09:14:00Z'
                    last_seen_at: '2026-01-20T10:12:00Z'
                    resolved_at: null
                    metadata:
                      severity: high
                      cvss_score: 8.2
                      epss_score: 0.72
                      reference_ref: main
                      environment_key: prod
                    policy:
                      id: pol_01hxyz
                      key: vuln_high_sla
                      name: High Severity SLA
                      type: custom
                      status: active
                      target_type: vulnerability
                      enforcement_mode: block
                      severity: null
                    scope:
                      type: repo
                      id: repo_01hxyz
                      name: acme/widgets
                    target:
                      type: vulnerability
                      id: vc_01hxyz
                      title: Prototype Pollution in lodash
                      severity: high
                      status: open
                      vulnerability_type: dependency
                    rule: null
                next_cursor: null
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
        '422':
          $ref: '#/components/responses/ValidationFailedError'
        '429':
          $ref: '#/components/responses/RateLimitedError'
        '500':
          $ref: '#/components/responses/InternalError'
        '503':
          $ref: '#/components/responses/ServiceUnavailableError'
components:
  responses:
    UnauthorizedError:
      description: Authentication is required or the token is invalid.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          examples:
            authenticationRequired:
              value:
                code: AUTHENTICATION_REQUIRED
                message: Unauthenticated.
    ForbiddenError:
      description: The token is authenticated but not permitted for this tenant or action.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          examples:
            tokenInvalidForTenant:
              value:
                code: TOKEN_INVALID_FOR_TENANT
                message: Token not valid for this tenant.
            tokenAbilityDenied:
              value:
                code: TOKEN_ABILITY_DENIED
                message: Forbidden.
    NotFoundError:
      description: The workspace or requested resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          examples:
            tenantNotFound:
              value:
                code: TENANT_NOT_FOUND
                message: Workspace not found
            resourceNotFound:
              value:
                code: RESOURCE_NOT_FOUND
                message: Not found.
    ValidationFailedError:
      description: >-
        The request could not be processed because validation failed or filter
        values were unsupported.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          examples:
            validationFailed:
              value:
                code: VALIDATION_FAILED
                message: The given data was invalid.
                details:
                  errors:
                    severity:
                      - The selected severity is invalid.
            invalidFilterValue:
              value:
                code: INVALID_FILTER_VALUE
                message: 'Invalid filter value(s): critical'
                details:
                  invalid_values:
                    - critical
    RateLimitedError:
      description: The request exceeded the tenant API rate limit.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          examples:
            rateLimited:
              value:
                code: RATE_LIMITED
                message: Too Many Attempts.
    InternalError:
      description: The server encountered an unexpected error.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          examples:
            internalError:
              value:
                code: INTERNAL_ERROR
                message: Internal server error
    ServiceUnavailableError:
      description: The workspace or service is temporarily unavailable.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          examples:
            serviceUnavailable:
              value:
                code: SERVICE_UNAVAILABLE
                message: Service Unavailable
  schemas:
    ApiError:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: Machine-readable error code.
        message:
          type: string
          description: Human-readable error message.
        details:
          type: object
          description: Optional structured error details.
          additionalProperties: true
  securitySchemes:
    bearerAuth:
      type: http
      description: 'Use a Cysmiq API token in the Authorization header: Bearer {token}.'
      scheme: bearer
      bearerFormat: Token

````