Skip to main content
Please sign-in to start using Help Center features

Fortify Hosted how to fix an FCLI: Batch Process Issue Tag Updates Across All AppVersions - ErrorCode -20021

Christopher Mendoza
  • Updated

 

Description:

When using Fortify CLI (fcli) to update issue analysis tags across multiple AppVersions, a common error may occur during the batch POST operation:

 

Could not find specified resource of type Issue: ResponseCode 400, errorcode -20021

 

This typically indicates an invalid or incorrectly referenced issue resource, often due to:

  • Incorrect customTagGuid or issueId
  • Missing permissions
  • Wrong AppVersion context

./fcli ssc rest call -X POST /api/v1/projectversions/01/issues/action?silent=true -d '{"type":"AUDIT_ISSUE","values":{"issues":[{"id":12345,"revision":0},{"id":12345,"revision":0}],"customTagAudit":[{"customTagGuid":"ABC2364f-dcd4-49e6-861d-f8d3f35168b","newCustomTagIndex":3}],"comment":"test comment","hasTagComment":false}}' --session default

 

Solution:

  1. Run the CLI as Administrator:
    Some operations require elevated privileges. Always run the CLI with Administrator rights to ensure proper access to Fortify SSC resources.
     
  2. Get the Correct AppVersion ID:
    Replace 12345 with your actual AppVersion ID:

    fcli ssc issue list-filters --av=<yourAppVersionId> --store=issue_filters_list

    E,g:
    fcli ssc issue list-filters --av=12345--store=issue_filters_list

     
  3. Open the generated file:
    The CLI output may be long, so check the saved JSON:

    .fortify/fcli/state/vars/issue_filters_list/contents.json


    Look for the correct filter or tag you're trying to apply: Valid customTagGuid:
  4. Use this command to identify untagged issues: 

    fcli ssc issue list --filter='CUSTOMTAG[<customTagGuid>]:' --av=<yourAppVersionId> -o 'expr={id}\n'

    This outputs a list of issue IDs with no assigned value for the specified tag.

  5. Verify Issue Existence and Permissions:
    Ensure the issue ID or reference you're targeting exists and that your user has permissions to modify it in the SSC UI.
     
  6. Use Valid JSON/Request Format:
    Invalid or malformed JSON payloads can also trigger this error. Check that your command/request uses the correct syntax and identifiers.
  7. Use the gathered values in this REST call (replace placeholders):
    bash:

    fcli ssc rest call -X POST "https://ssc.yourcompanyurl.fortifyhosted.com/api/v1/projectVersions/12345/issues/action?silent=true" -d '{"type":"AUDIT_ISSUE","values":{"issues":[{"id":1234567,"revision":0}],"customTagAudit":[{"customTagGuid":"ABC2364f-dcd4-49e6-861d-f8d3f351686b","newCustomTagIndex":5}],"comment":"test comment","hasTagComment":false}}' --session default

    ---

    - status: success

      message: Audit action completed

      values:

        data:

        - projectVersionId: 12345

          id: 1234567

          revision: 1

          suppressed: false

          issueInstanceId: BCDEBBA224FAC5DC0B6F167269EF4C3

          customTagValues:

          - customTagGuid: ABC2364f-dcd4-49e6-861d-f8d3f351686b

            newCustomTagIndex: 5

            autoApplied: false

    8. Success response:
     
    - status: success
    message: Audit action completed
    values:
        data:
            - projectVersionId: 12345
              id: 1234567
              revision: 1
             suppressed: false
             issueInstanceId: BCDBEBBA224FAC5DC0B6F167269EF4C3
             customTagValues:
                 - customTagGuid: ABC364f-dcd4-49e6-861d-f8d3f351686b
                   newCustomTagIndex: 5
                   autoApplied: false
     
     

 

Notes:

  • The error code -20021 indicates an invalid or missing issue reference. Usually, it's due to an incorrect customTagGuid or issueId.
  • Always validate AppVersion context when running commands, many SSC resources are scoped per AppVersion.
  • Inspect .fortify/fcli/state/vars/ to debug stored responses and avoid relying on unreliable browser-captured data.