Why
Reconciling "RG header shows N unresolved issues but Σ per-project counts
come out higher" is a common support workflow. The answer is usually a mix
of (a) cross-project revision-level dedup and (b) issues ignored at the RG
scope. fossapi can't do either side of this today.
Two server endpoints are relevant:
GET /api/project_group/{rg_id}/release/{release_id}/issues — active
issues only (full per-issue records). Useful for diffing by logical key.
GET /api/v2/issues/revisions with scope[type]=releaseGroup — the
rollup-by-revision endpoint the webapp uses on the RG dashboard. This is
the only way to retrieve the RG-scoped ignored set.
Current workaround
# Active issues (detailed)
curl -sH "Authorization: Bearer $FOSSA_API_KEY" \
"https://app.fossa.com/api/project_group/1234/release/5678/issues"
# Ignored issues (rollup-by-revision, UI endpoint)
curl -sH "Authorization: Bearer $FOSSA_API_KEY" \
"https://app.fossa.com/api/v2/issues/revisions?\
category=licensing&status=ignored\
&scope[type]=releaseGroup&scope[id]=1234&scope[release]=5678\
&sort=issue_count_desc&page=1&count=200"
Rollup response shape:
{
"revisions": [
{
"revisionId": "mvn+example:pkg$1.0.0",
"dependencyName": "Example Package",
"issueCount": 3,
"projectCount": 5,
"type": {"policy_flag": 3},
"depth": {"transitive": 5}
}
]
}
Notable limitation on the v1 endpoint: no query param exposes ignored
issues. Tested ?status=ignored, ?showIgnored=true, ?ignored=true,
?includeResolved=true, ?apply_resolutions=false — all return the
identical active-only set. So you can't reconcile counts using v1 alone.
Proposed CLI surface
# Detailed active issues (v1 shape):
fossapi list release-group-issues <rg_id> [--release <id>] \
[--category licensing|vulnerability|quality] [--json]
# Rollup including ignored (v2 shape):
fossapi list release-group-issue-rollup <rg_id> [--release <id>] \
--status active|ignored|all \
[--category licensing|vulnerability|quality] [--json]
Repro
# "How many issues are ignored at the RG level for RG 1234's latest release?"
# Today: two-step curl + JSON grouping by hand.
# Desired:
fossapi list release-group-issue-rollup 1234 --status ignored --json \
| jq '[.revisions[].issueCount] | add'
Why
Reconciling "RG header shows N unresolved issues but Σ per-project counts
come out higher" is a common support workflow. The answer is usually a mix
of (a) cross-project revision-level dedup and (b) issues ignored at the RG
scope. fossapi can't do either side of this today.
Two server endpoints are relevant:
GET /api/project_group/{rg_id}/release/{release_id}/issues— activeissues only (full per-issue records). Useful for diffing by logical key.
GET /api/v2/issues/revisionswithscope[type]=releaseGroup— therollup-by-revision endpoint the webapp uses on the RG dashboard. This is
the only way to retrieve the RG-scoped ignored set.
Current workaround
Rollup response shape:
{ "revisions": [ { "revisionId": "mvn+example:pkg$1.0.0", "dependencyName": "Example Package", "issueCount": 3, "projectCount": 5, "type": {"policy_flag": 3}, "depth": {"transitive": 5} } ] }Notable limitation on the v1 endpoint: no query param exposes ignored
issues. Tested
?status=ignored,?showIgnored=true,?ignored=true,?includeResolved=true,?apply_resolutions=false— all return theidentical active-only set. So you can't reconcile counts using v1 alone.
Proposed CLI surface
Repro