List scan result alert findings

GET /api/v1/scan/{scanId}/alert/{pluginId}

List Scan Alert Findings

Get the specific scan findings associated with this scan and plugin.

This endpoint reports details of the Alert that was triggered from a scan, with details on how to address it and the scanned application paths that triggered the alert.

Scan Alerts by plugin return paginated results of the applicationScanAlertUri.

Alert Response

Calling this endpoint with a given scanId and pluginId returns an alertResponse object. This alert contains the paginated applicationAlertUris, identifying each path in the scanned host that triggered this alert.

Paginated response of the scan alert and paths associated with this finding.

Parameter	Default	Description
alert	{}	The meaningful scan alert finding.
category	""	The category of this finding.
applicationScanAlertUris	[]	Path uris that triggered this alert.
cheetsheet	""	external url to an OWASP cheatsheet for reference.
appHost	""	The host URI this alert was triggered for.
isEachRuleLocked	false	if the scan alert and uris cannot be triaged within the StackHawk Platform.
nextPageToken	""	pageToken to provide for the next page of results.
totalCount	0	total number of results.

Application Alert Uri

Represents a meaningful path-level finding in a scanned application.

Parameter	Default	Description
scan	{}	The underlying scan this application alert URI was found in.
pluginId	""	The id of the StackHawk/ZAP plugin that triggered this alert application alert URI.
uri	""	The URI of the path in the scanned application.
msgId	""	A unique identifier of the individual request/response pair that triggered this Alert.
requestMethod	""	The HTTP method used to find this path.
status	"UNKNOWN"	The Triaged status of this application alert.
matchedRuleNote	""	Message from the last time this alert was triaged.
matchedRuleLastUpdated	0	Timestamp of the last time this alert was updated.
appUriId	""	Unique identifier for this app x uri
alertUriId	""	Unique identifier for this alert x uri
matchedRuleUserId	""	The last user who triaged this alert.
ruleHistories	[]	The triage history of this application alert.
statusLink	""	Optional URL of external promotion tool linked to triaged alert.
findingHash	""	The SHA-256 finding hash — a stable identifier for this finding across scans.

See the Scan Results Analysis guide for further details on how to use these endpoints.

Requires read:scan permission.

Path parameters

scanIdstring · uuidrequired

UUID identifier for this StackHawk Scan.

pluginIdstringrequired

Identifier for the Plugin.

Query parameters

pageSizeinteger · int32

Pagination response size limit. A page size greater than 100 will be automatically reduced to 100 items.

default: 10

pageTokeninteger · int32

Pagination request page increment.

default: 0

Response

Paginated response of the scan alert and paths associated with this finding.

alert

application.ApplicationAlert

Hide child attributesShow child attributes

alert.alertStatusStats

application.AlertStatusStats[]

Statistical snapshot of alerts by status.

Hide child attributesShow child attributes

alert.alertStatusStats.alertStatus

enum<string>

Triage status of this scan alert.

5 available options

UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENT

alert.alertStatusStats.severityStats

object

A map of finding counts by severity ("High" "Medium" "Low")

alert.alertStatusStats.totalCount

integer<int32>

Total number of findings on paths

alert.cweId

string

The cwe id of this alert.

alert.description

string

A markdown flavored description of this alert.

alert.externalAlertsResult

sast.ExternalAlertsResult[] write-only

External findings associated with this alert.

Hide child attributesShow child attributes

alert.externalAlertsResult.externalAlerts

sast.ExternalAlert[]

Hide child attributesShow child attributes

alert.externalAlertsResult.externalAlerts.codeRegion

sast.CodeRegion

Hide child attributesShow child attributes

alert.externalAlertsResult.externalAlerts.codeRegion.endColumn

integer<int32>

alert.externalAlertsResult.externalAlerts.codeRegion.endLine

integer<int32>

alert.externalAlertsResult.externalAlerts.codeRegion.startColumn

integer<int32>

alert.externalAlertsResult.externalAlerts.codeRegion.startLine

integer<int32>

alert.externalAlertsResult.externalAlerts.codeSnippet

sast.CodeSnippet

Hide child attributesShow child attributes

alert.externalAlertsResult.externalAlerts.codeSnippet.lines

sast.CodeLine[]

Hide child attributesShow child attributes

alert.externalAlertsResult.externalAlerts.codeSnippet.lines.number

integer<int32>

alert.externalAlertsResult.externalAlerts.codeSnippet.lines.text

string

alert.externalAlertsResult.externalAlerts.cweId

string

alert.externalAlertsResult.externalAlerts.description

string

alert.externalAlertsResult.externalAlerts.filePath

string

alert.externalAlertsResult.externalAlerts.fileUrl

string

alert.externalAlertsResult.externalAlerts.id

string

alert.externalAlertsResult.externalAlerts.integrationType

enum<string>

22 available options

UNKNOWNSLACKJIRADATADOGMSTEAMSWEBHOOKJIRA_SERVERSNYKGITHUBMERGE_AZURE_DEVOPS_BOARDSVANTAAZURE_DEVOPSBITBUCKETGITLABEMAILGITHUB_ENTERPRISEGITLAB_SELF_HOSTEDBITBUCKET_SELF_HOSTEDAZURE_DEVOPS_SELF_HOSTEDSEMGREPENDOR_LABSWIZ

alert.externalAlertsResult.externalAlerts.issueUrl

string

alert.externalAlertsResult.externalAlerts.origin

enum<string>

7 available options

UNKNOWNGITHUBGITLABAZURE_REPOSBITBUCKETSEMGREPENDOR_LABS

alert.externalAlertsResult.externalAlerts.severity

string

alert.externalAlertsResult.externalAlerts.title

string

alert.externalAlertsResult.integrationType

enum<string>

22 available options

alert.externalAlertsResult.isAllExternalAlerts

boolean

alert.externalAlertsResult.projectUrl

string

alert.name

string

The name of the Zap plugin this alert triggered for.

alert.pluginId

string

The id of the Zap plugin that triggered this alert.

alert.references

string[]

External urls and study references to understand this findings.

alert.requestMethod

string write-only deprecated

**Deprecated** - 4/25/22

alert.scan

scanresults.Scan

Hide child attributesShow child attributes

alert.scan.applicationId

string

the UUID applicationId corresponding to the scanned application

alert.scan.applicationName

string

the name of the corresponding scanned application

alert.scan.env

string

the name of the scanned environment

alert.scan.envId

string

the UUID environmentId corresponding to the scanned environment

alert.scan.externalUserId

string

the UUID identifier of the StackHawk user that started this scan

alert.scan.hawkScanType

enum<string>

The type of HawkScan execution (traditional, hosted, etc.)

4 available options

HAWKSCAN_TYPE_SCANHAWKSCAN_TYPE_FLIGHTPATHHAWKSCAN_TYPE_HOSTEDHAWKSCAN_TYPE_CONFIGURATION

alert.scan.id

string

the UUID identifier of this scan

alert.scan.metadata

scanresults.MetaData

Hide child attributesShow child attributes

alert.scan.metadata.tags

object

alert.scan.parentScanId

string

If this scan is a result of a retest, this is the id of the scan it retested

alert.scan.repoId

string

a hash of the scanned repo git name

alert.scan.status

enum<string>

the current state of the running scan (STARTED / COMPLETED / ERROR)

4 available options

UNKNOWNCOMPLETEDERRORSTARTED

alert.scan.timestamp

integer<int64>

seconds since unix epoch timestamp of when the scan was started

alert.scan.version

string

the version of HawkScan used to scan this application

alert.severity

string

The severity of this finding. One of "High" "Medium" or "Low".

alert.uriCount

integer<int32>

The number of scanned urls that report this alert.

appHost

string

The host URI this alert was triggered for.

applicationScanAlertUris

application.ApplicationAlertUri[]

Path uris that triggered this alert.

Hide child attributesShow child attributes

applicationScanAlertUris.alertUriId

string

Unique identifier for this alert x uri

applicationScanAlertUris.appUriId

string

Unique identifier for this app x uri

applicationScanAlertUris.findingHash

string

The SHA-256 finding hash — a stable identifier for this finding across scans.

applicationScanAlertUris.matchedRuleLastUpdated

integer<int64>

Timestamp of the last time this alert was updated.

applicationScanAlertUris.matchedRuleNote

string

Message from the last time this alert was triaged.

applicationScanAlertUris.matchedRuleUserId

string

The last user who triaged this alert.

applicationScanAlertUris.msgId

string

A unique identifier of the individual request/response pair that triggered this Alert.

applicationScanAlertUris.pluginId

string

The id of the StackHawk/ZAP plugin that triggered this alert application alert URI.

applicationScanAlertUris.requestMethod

string deprecated

The HTTP method used to find this path.

applicationScanAlertUris.ruleHistories

application.AlertRuleHistory[]

The triage history of this application alert.

Hide child attributesShow child attributes

applicationScanAlertUris.ruleHistories.newResult

enum<string>

5 available options

UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENT

applicationScanAlertUris.ruleHistories.note

string

applicationScanAlertUris.ruleHistories.oldResult

enum<string>

5 available options

UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENT

applicationScanAlertUris.ruleHistories.operation

enum<string>

3 available options

CREATEUPDATEDELETE

applicationScanAlertUris.ruleHistories.ruleEffectiveDate

integer<int64>

applicationScanAlertUris.ruleHistories.timestamp

integer<int64>

applicationScanAlertUris.ruleHistories.userId

string

applicationScanAlertUris.scan

scanresults.Scan

Hide child attributesShow child attributes

applicationScanAlertUris.scan.applicationId

string

the UUID applicationId corresponding to the scanned application

applicationScanAlertUris.scan.applicationName

string

the name of the corresponding scanned application

applicationScanAlertUris.scan.env

string

the name of the scanned environment

applicationScanAlertUris.scan.envId

string

the UUID environmentId corresponding to the scanned environment

applicationScanAlertUris.scan.externalUserId

string

the UUID identifier of the StackHawk user that started this scan

applicationScanAlertUris.scan.hawkScanType

enum<string>

The type of HawkScan execution (traditional, hosted, etc.)

4 available options

HAWKSCAN_TYPE_SCANHAWKSCAN_TYPE_FLIGHTPATHHAWKSCAN_TYPE_HOSTEDHAWKSCAN_TYPE_CONFIGURATION

applicationScanAlertUris.scan.id

string

the UUID identifier of this scan

applicationScanAlertUris.scan.metadata

scanresults.MetaData

Hide child attributesShow child attributes

applicationScanAlertUris.scan.metadata.tags

object

applicationScanAlertUris.scan.parentScanId

string

If this scan is a result of a retest, this is the id of the scan it retested

applicationScanAlertUris.scan.repoId

string

a hash of the scanned repo git name

applicationScanAlertUris.scan.status

enum<string>

the current state of the running scan (STARTED / COMPLETED / ERROR)

4 available options

UNKNOWNCOMPLETEDERRORSTARTED

applicationScanAlertUris.scan.timestamp

integer<int64>

seconds since unix epoch timestamp of when the scan was started

applicationScanAlertUris.scan.version

string

the version of HawkScan used to scan this application

applicationScanAlertUris.status

enum<string>

The Triaged status of this application alert.

5 available options

UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENT

applicationScanAlertUris.statusLink

string

Optional URL of external promotion tool linked to triaged alert.

applicationScanAlertUris.uri

string

The URI of the path in the scanned application.

List Scan Alert Findings

Alert Response

Application Alert Uri

Path parameters

Query parameters

Response

Your privacy settings