List scan result alerts
/api/v1/scan/{scanId}/alerts List Scan Alerts
Lists the scan alerts associated with this scan.
A scan that has found vulnerabilities will report each finding by the HSTE Plugin that produced that finding.
An alert can be triggered multiple times, from different url paths. The pluginId associated with an alert is unique per HSTE plugin.
Scan Alerts are returned paginated and can be requested with the pagination parameters.
Application Alert
Calling this endpoint with a given scanId returns an array of one applicationScanResults object corresponding with that scan.
This applicationScanResults object will also include the populated applicationAlerts field, which is the paginated results of Scan alerts found in that scan.
The applicationAlerts also includes the pluginId identifying the Alert that triggered the scan.
Meaningful scan findings (also known as Alerts) contextual to a run of HawkScan.
| Parameter | Default | Description |
|---|---|---|
| scan | {} | The underlying scan this alert was found in. |
| pluginId | "" | The id of the Zap plugin that triggered this alert. |
| name | "" | The name of the Zap plugin this alert triggered for. |
| description | "" | A markdown flavored description of this alert. |
| severity | "" | The severity of this finding. One of "High" "Medium" or "Low". |
| references | [] | External urls and study references to understand this findings. |
| uriCount | 0 | The number of scanned urls that report this alert. |
| alertStatusStats | [] | Statistical snapshot of alerts by status. |
| externalAlertsResult | [] | External findings associated with this alert. |
| cweId | "" | The cwe id of this alert. |
The scan field is available from the applicationScanResults object, but is not populated on the applicationAlert.
Each applicationAlert includes a pluginId, which can be used to list the application alert findings.
See the Scan Results Analysis guide for further details on how to use these endpoints.
Requires
read:scanpermission.
Path parameters
scanIdstring · uuidrequiredUUID identifier for this StackHawk Scan.
Query parameters
pageSizeinteger · int32Pagination response size limit.
10pageTokeninteger · int32Pagination request page increment.
0sortFieldstringResource field to sort paginated response by.
2 available options
idnamesortDirstringPaginated results are sorted 'asc' or 'desc'.
2 available options
ascdescResponse
Paginated response of scan alerts.
found application scan alerts.
Hide child attributesShow child attributes
Hide child attributesShow child attributes
Statistics for findings of this scan by severity and triage status.
Hide child attributesShow child attributes
Triage status of this scan alert.
5 available options
UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENTA map of finding counts by severity ("High" "Medium" "Low")
Total number of findings on paths
The total number of findings from the scan.
The total number of unique findings across all paths in the scan.
The scanned host endpoint.
Scan findings contextual to this application and run of HawkScan.
Hide child attributesShow child attributes
Statistical snapshot of alerts by status.
Hide child attributesShow child attributes
Triage status of this scan alert.
5 available options
UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENTA map of finding counts by severity ("High" "Medium" "Low")
Total number of findings on paths
The cwe id of this alert.
A markdown flavored description of this alert.
External findings associated with this alert.
Hide child attributesShow child attributes
Hide child attributesShow child attributes
Hide child attributesShow child attributes
Hide child attributesShow child attributes
Hide child attributesShow child attributes
22 available options
UNKNOWNSLACKJIRADATADOGMSTEAMSWEBHOOKJIRA_SERVERSNYKGITHUBMERGE_AZURE_DEVOPS_BOARDSVANTAAZURE_DEVOPSBITBUCKETGITLABEMAILGITHUB_ENTERPRISEGITLAB_SELF_HOSTEDBITBUCKET_SELF_HOSTEDAZURE_DEVOPS_SELF_HOSTEDSEMGREPENDOR_LABSWIZ7 available options
UNKNOWNGITHUBGITLABAZURE_REPOSBITBUCKETSEMGREPENDOR_LABS22 available options
UNKNOWNSLACKJIRADATADOGMSTEAMSWEBHOOKJIRA_SERVERSNYKGITHUBMERGE_AZURE_DEVOPS_BOARDSVANTAAZURE_DEVOPSBITBUCKETGITLABEMAILGITHUB_ENTERPRISEGITLAB_SELF_HOSTEDBITBUCKET_SELF_HOSTEDAZURE_DEVOPS_SELF_HOSTEDSEMGREPENDOR_LABSWIZThe name of the Zap plugin this alert triggered for.
The id of the Zap plugin that triggered this alert.
External urls and study references to understand this findings.
**Deprecated** - 4/25/22
Hide child attributesShow child attributes
the UUID applicationId corresponding to the scanned application
the name of the corresponding scanned application
the name of the scanned environment
the UUID environmentId corresponding to the scanned environment
the UUID identifier of the StackHawk user that started this scan
The type of HawkScan execution (traditional, hosted, etc.)
4 available options
HAWKSCAN_TYPE_SCANHAWKSCAN_TYPE_FLIGHTPATHHAWKSCAN_TYPE_HOSTEDHAWKSCAN_TYPE_CONFIGURATIONthe UUID identifier of this scan
Hide child attributesShow child attributes
If this scan is a result of a retest, this is the id of the scan it retested
a hash of the scanned repo git name
the current state of the running scan (STARTED / COMPLETED / ERROR)
4 available options
UNKNOWNCOMPLETEDERRORSTARTEDseconds since unix epoch timestamp of when the scan was started
the version of HawkScan used to scan this application
The severity of this finding. One of "High" "Medium" or "Low".
The number of scanned urls that report this alert.
A hash of the configuration used for this run of HawkScan.
External finding statistics contextual to this scan result.
Hide child attributesShow child attributes
22 available options
UNKNOWNSLACKJIRADATADOGMSTEAMSWEBHOOKJIRA_SERVERSNYKGITHUBMERGE_AZURE_DEVOPS_BOARDSVANTAAZURE_DEVOPSBITBUCKETGITLABEMAILGITHUB_ENTERPRISEGITLAB_SELF_HOSTEDBITBUCKET_SELF_HOSTEDAZURE_DEVOPS_SELF_HOSTEDSEMGREPENDOR_LABSWIZHide child attributesShow child attributes
Indicates completeness of a STARTED scan in the scan list. ERROR and COMPLETED scans report 100.
Named scan policy used for this run of HawkScan.
Hide child attributesShow child attributes
the UUID applicationId corresponding to the scanned application
the name of the corresponding scanned application
the name of the scanned environment
the UUID environmentId corresponding to the scanned environment
the UUID identifier of the StackHawk user that started this scan
The type of HawkScan execution (traditional, hosted, etc.)
4 available options
HAWKSCAN_TYPE_SCANHAWKSCAN_TYPE_FLIGHTPATHHAWKSCAN_TYPE_HOSTEDHAWKSCAN_TYPE_CONFIGURATIONthe UUID identifier of this scan
Hide child attributesShow child attributes
If this scan is a result of a retest, this is the id of the scan it retested
a hash of the scanned repo git name
the current state of the running scan (STARTED / COMPLETED / ERROR)
4 available options
UNKNOWNCOMPLETEDERRORSTARTEDseconds since unix epoch timestamp of when the scan was started
the version of HawkScan used to scan this application
Time in seconds the scan took to run.
Errors encountered from this run of HawkScan.
Hide child attributesShow child attributes
category of error identified in the scan
seconds since unix epoch of when the errorScan was found
a short message of the exception that occurred running HawkScan
expanded details and stacktrace surrounding the thrown exception in HawkScan
the raw HawkScan configuration string, employed when this error occurred
Hide child attributesShow child attributes
Hide child attributesShow child attributes
5 available options
UNKNOWNPENDINGRUNNINGCOMPLETEDSKIPPEDRecordings of scan counts made by severity and statistic.
Any tags associated with this scan result.
Hide child attributesShow child attributes
The keyword name.
An arbitrary value to associate with the keyword.
Seconds since unix epoch time of when this was run.
The number of urls scanned.
pageToken to provide for the next page of results.
total number of results.
found application scan alerts.
Hide child attributesShow child attributes
Hide child attributesShow child attributes
Statistics for findings of this scan by severity and triage status.
Hide child attributesShow child attributes
Triage status of this scan alert.
5 available options
UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENTA map of finding counts by severity ("High" "Medium" "Low")
Total number of findings on paths
The total number of findings from the scan.
The total number of unique findings across all paths in the scan.
The scanned host endpoint.
Scan findings contextual to this application and run of HawkScan.
Hide child attributesShow child attributes
Statistical snapshot of alerts by status.
Hide child attributesShow child attributes
Triage status of this scan alert.
5 available options
UNKNOWNFALSE_POSITIVERISK_ACCEPTEDPROMOTEDADD_COMMENTA map of finding counts by severity ("High" "Medium" "Low")
Total number of findings on paths
The cwe id of this alert.
A markdown flavored description of this alert.
External findings associated with this alert.
Hide child attributesShow child attributes
Hide child attributesShow child attributes
Hide child attributesShow child attributes
Hide child attributesShow child attributes
Hide child attributesShow child attributes
22 available options
UNKNOWNSLACKJIRADATADOGMSTEAMSWEBHOOKJIRA_SERVERSNYKGITHUBMERGE_AZURE_DEVOPS_BOARDSVANTAAZURE_DEVOPSBITBUCKETGITLABEMAILGITHUB_ENTERPRISEGITLAB_SELF_HOSTEDBITBUCKET_SELF_HOSTEDAZURE_DEVOPS_SELF_HOSTEDSEMGREPENDOR_LABSWIZ7 available options
UNKNOWNGITHUBGITLABAZURE_REPOSBITBUCKETSEMGREPENDOR_LABS22 available options
UNKNOWNSLACKJIRADATADOGMSTEAMSWEBHOOKJIRA_SERVERSNYKGITHUBMERGE_AZURE_DEVOPS_BOARDSVANTAAZURE_DEVOPSBITBUCKETGITLABEMAILGITHUB_ENTERPRISEGITLAB_SELF_HOSTEDBITBUCKET_SELF_HOSTEDAZURE_DEVOPS_SELF_HOSTEDSEMGREPENDOR_LABSWIZThe name of the Zap plugin this alert triggered for.
The id of the Zap plugin that triggered this alert.
External urls and study references to understand this findings.
**Deprecated** - 4/25/22
Hide child attributesShow child attributes
the UUID applicationId corresponding to the scanned application
the name of the corresponding scanned application
the name of the scanned environment
the UUID environmentId corresponding to the scanned environment
the UUID identifier of the StackHawk user that started this scan
The type of HawkScan execution (traditional, hosted, etc.)
4 available options
HAWKSCAN_TYPE_SCANHAWKSCAN_TYPE_FLIGHTPATHHAWKSCAN_TYPE_HOSTEDHAWKSCAN_TYPE_CONFIGURATIONthe UUID identifier of this scan
Hide child attributesShow child attributes
If this scan is a result of a retest, this is the id of the scan it retested
a hash of the scanned repo git name
the current state of the running scan (STARTED / COMPLETED / ERROR)
4 available options
UNKNOWNCOMPLETEDERRORSTARTEDseconds since unix epoch timestamp of when the scan was started
the version of HawkScan used to scan this application
The severity of this finding. One of "High" "Medium" or "Low".
The number of scanned urls that report this alert.
A hash of the configuration used for this run of HawkScan.
External finding statistics contextual to this scan result.
Hide child attributesShow child attributes
22 available options
UNKNOWNSLACKJIRADATADOGMSTEAMSWEBHOOKJIRA_SERVERSNYKGITHUBMERGE_AZURE_DEVOPS_BOARDSVANTAAZURE_DEVOPSBITBUCKETGITLABEMAILGITHUB_ENTERPRISEGITLAB_SELF_HOSTEDBITBUCKET_SELF_HOSTEDAZURE_DEVOPS_SELF_HOSTEDSEMGREPENDOR_LABSWIZHide child attributesShow child attributes
Indicates completeness of a STARTED scan in the scan list. ERROR and COMPLETED scans report 100.
Named scan policy used for this run of HawkScan.
Hide child attributesShow child attributes
the UUID applicationId corresponding to the scanned application
the name of the corresponding scanned application
the name of the scanned environment
the UUID environmentId corresponding to the scanned environment
the UUID identifier of the StackHawk user that started this scan
The type of HawkScan execution (traditional, hosted, etc.)
4 available options
HAWKSCAN_TYPE_SCANHAWKSCAN_TYPE_FLIGHTPATHHAWKSCAN_TYPE_HOSTEDHAWKSCAN_TYPE_CONFIGURATIONthe UUID identifier of this scan
Hide child attributesShow child attributes
If this scan is a result of a retest, this is the id of the scan it retested
a hash of the scanned repo git name
the current state of the running scan (STARTED / COMPLETED / ERROR)
4 available options
UNKNOWNCOMPLETEDERRORSTARTEDseconds since unix epoch timestamp of when the scan was started
the version of HawkScan used to scan this application
Time in seconds the scan took to run.
Errors encountered from this run of HawkScan.
Hide child attributesShow child attributes
category of error identified in the scan
seconds since unix epoch of when the errorScan was found
a short message of the exception that occurred running HawkScan
expanded details and stacktrace surrounding the thrown exception in HawkScan
the raw HawkScan configuration string, employed when this error occurred
Hide child attributesShow child attributes
Hide child attributesShow child attributes
5 available options
UNKNOWNPENDINGRUNNINGCOMPLETEDSKIPPEDRecordings of scan counts made by severity and statistic.
Any tags associated with this scan result.
Hide child attributesShow child attributes
The keyword name.
An arbitrary value to associate with the keyword.
Seconds since unix epoch time of when this was run.
The number of urls scanned.
pageToken to provide for the next page of results.
total number of results.
Unauthorized