Skip to main content
PATCH
/
api
/
findings
/
{id}
/
status
Update Finding Status
curl --request PATCH \
  --url https://api.example.com/api/findings/{id}/status \
  --header 'Content-Type: application/json' \
  --data '
{
  "status": "<string>",
  "comment": "<string>"
}
'
{
  "success": true,
  "data": {}
}

Endpoint

Updates the status of a finding. This endpoint is used to track the lifecycle of security findings through various states.

Authentication

Requires a valid session token via:
  • Authorization: Bearer <token> header, or
  • heimdall_session cookie

Path Parameters

id
string
required
Finding ID (UUID)

Request Body

status
string
required
New status for the finding. Must be one of:
  • open - Finding is active and unresolved
  • confirmed - Finding has been confirmed as a real vulnerability
  • dismissed - Finding is being tracked but not prioritized
  • false_positive - Finding is not a real vulnerability
  • fixed - Finding has been remediated
comment
string
Optional comment explaining the status change

Example Request

curl -X PATCH https://heimdall.example.com/api/findings/01932e4a-7b2c-7890-abcd-1234567890ab/status \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "confirmed",
    "comment": "Verified the SQL injection vulnerability in production logs"
  }'

Response

Success Response

success
boolean
Always true for successful updates
data
object
Updated finding object with all fields
{
  "success": true,
  "data": {
    "id": "01932e4a-7b2c-7890-abcd-1234567890ab",
    "scan_id": "01932e49-1234-7890-abcd-1234567890ab",
    "title": "SQL Injection in login endpoint",
    "status": "confirmed",
    "severity": "critical",
    "confidence": "high",
    "source": "ai",
    "file_path": "src/routes/auth.rs",
    "line_start": 145,
    "line_end": 152,
    "description": "Unsanitized user input in SQL query...",
    "updated_at": "2026-03-12T15:30:00Z"
  }
}

Error Responses

{
  "success": false,
  "error": {
    "code": 400,
    "message": "Unsupported finding status: invalid_status"
  }
}

{
  "success": false,
  "error": {
    "code": 404,
    "message": "Finding '01932e4a-7b2c-7890-abcd-1234567890ab' not found"
  }
}

{
  "success": false,
  "error": {
    "code": 500,
    "message": "Failed to update finding status"
  }
}

Status Workflow

Typical finding lifecycle:

Events

Status changes automatically create a status_change event in the finding’s audit trail, accessible via the Get Finding Events endpoint.

Build docs developers (and LLMs) love

Get started for freeTalk to us