StackHawk Documentation StackHawk Logo HawkDocs
api
scan results
bulk triage findings

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc

Bulk triage findings by hash

POST /api/v1/org/{orgId}/app/{appId}/env/{envId}/findings/triage

Bulk triage multiple findings by their finding hash within a single application environment.

Finding Hashes

Finding hashes are SHA-256 identifiers that uniquely identify a finding across scans. You can discover finding hashes from:

  • GET /api/v1/reports/org/{orgId}/findings — the findingHash field on each finding
  • GET /api/v1/scan/{scanId}/alert/{pluginId} — the findingHash field on each alert URI

Supported Statuses

  • FALSE_POSITIVE — Mark the finding as a false positive
  • RISK_ACCEPTED — Accept the risk of this finding
  • UNKNOWN — Clear the triage status, returning the finding to an untriaged state
  • ADD_COMMENT — Add a comment without changing the triage status

Limits

  • Maximum 100 actions per request
  • One request per organization/application/environment combination

Partial Success

The endpoint always returns HTTP 200 for valid requests. Individual action failures (e.g., finding hash not found) are reported per-result with success: false and an error message. Successful actions are still applied even if some fail.

Triage Behavior

  • Triaging a finding with a parameterized URI (e.g., /api/v1/users/{userId}) affects all literal URIs that map to that parameterized URI
  • Each environment has unique finding hashes — triage is per-environment
  • Once a triage rule is created, it applies to future scans automatically

Notes

  • The note field is optional. If omitted or blank, any existing note on the finding is preserved.
  • To explicitly update a note, include a non-empty note value with your triage action.

🧾 Audited This is recorded as ALERT_RULE_TRIAGED User Activity.

Requires write:triage permission.

Path parameters

orgIdstring · uuidrequired

UUID identifier for this StackHawk Organization.

appIdstring · uuidrequired

UUID identifier for this StackHawk Application.

envIdstring · uuidrequired

UUID identifier for this StackHawk Environment.

Body

actions
application.FindingTriageAction[]

The list of triage actions to apply.

Hide child attributesShow child attributes
actions.findingHash
string

The SHA-256 finding hash identifying the specific finding.

actions.note
string

Optional note explaining the triage decision.

actions.status
enum<string>

The triage action: FALSE_POSITIVE, RISK_ACCEPTED, UNKNOWN, or ADD_COMMENT.

5 available options
UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENT
applicationId
string

The application containing the findings.

environmentId
string

The environment where the findings were detected.

organizationId
string

The organization that owns the application.

userId
string write-only

The user performing the triage actions (inferred from API key, not user-supplied).

Response

Response from bulk triage — echoes the result of each requested action.

applicationId
string

The application ID.

environmentId
string

The environment ID.

organizationId
string

The organization ID.

results
application.FindingTriageResult[]

Results for each requested triage action, in the same order as the request.

Hide child attributesShow child attributes
results.error
string

Error message if the triage action failed (e.g., finding hash not found).

results.findingHash
string

The finding hash that was triaged.

results.note
string

The note on the finding after the action was applied.

results.status
enum<string>

The current triage status of this finding after the action was applied.

5 available options
UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENT
results.success
boolean

Whether the triage action succeeded.

results.updatedAt
string

Timestamp of when the triage was applied.

applicationId
string

The application ID.

environmentId
string

The environment ID.

organizationId
string

The organization ID.

results
application.FindingTriageResult[]

Results for each requested triage action, in the same order as the request.

Hide child attributesShow child attributes
results.error
string

Error message if the triage action failed (e.g., finding hash not found).

results.findingHash
string

The finding hash that was triaged.

results.note
string

The note on the finding after the action was applied.

results.status
enum<string>

The current triage status of this finding after the action was applied.

5 available options
UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENT
results.success
boolean

Whether the triage action succeeded.

results.updatedAt
string

Timestamp of when the triage was applied.

Bad Request

Unauthorized

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy