Get Scan Findings

curl -X GET "https://api.heimdall.dev/api/scans/550e8400-e29b-41d4-a716-446655440000/findings?severity=critical&page=1&per_page=10" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

{
  "success": true,
  "data": {
    "items": [
      {
        "id": "3f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1c",
        "scan_id": "550e8400-e29b-41d4-a716-446655440000",
        "repo_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
        "source": "ai",
        "status": "open",
        "severity": "critical",
        "confidence": "high",
        "title": "SQL Injection in user authentication",
        "description": "User input is directly concatenated into SQL query without sanitization",
        "cwe_id": "CWE-89",
        "cve_id": null,
        "file_path": "src/auth/login.rs",
        "line_start": 42,
        "line_end": 45,
        "code_snippet": "let query = format!(\"SELECT * FROM users WHERE email = '{}'\", email);",
        "suggested_patch": "Use parameterized queries: sqlx::query!(\"SELECT * FROM users WHERE email = $1\", email)",
        "poc_exploit_json": {
          "payload": "' OR '1'='1",
          "description": "Authentication bypass via boolean injection"
        },
        "poc_validated": true,
        "fingerprint": "abc123def456",
        "agent_reasoning": "Direct string concatenation in SQL query creates SQL injection vulnerability",
        "created_at": "2026-03-12T10:05:23Z",
        "updated_at": "2026-03-12T10:05:23Z"
      }
    ],
    "total": 5,
    "page": 1,
    "per_page": 10,
    "total_pages": 1
  }
}

GET

api

scans

{id}

findings

curl -X GET "https://api.heimdall.dev/api/scans/550e8400-e29b-41d4-a716-446655440000/findings?severity=critical&page=1&per_page=10" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

{
  "success": true,
  "data": {
    "items": [
      {
        "id": "3f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1c",
        "scan_id": "550e8400-e29b-41d4-a716-446655440000",
        "repo_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
        "source": "ai",
        "status": "open",
        "severity": "critical",
        "confidence": "high",
        "title": "SQL Injection in user authentication",
        "description": "User input is directly concatenated into SQL query without sanitization",
        "cwe_id": "CWE-89",
        "cve_id": null,
        "file_path": "src/auth/login.rs",
        "line_start": 42,
        "line_end": 45,
        "code_snippet": "let query = format!(\"SELECT * FROM users WHERE email = '{}'\", email);",
        "suggested_patch": "Use parameterized queries: sqlx::query!(\"SELECT * FROM users WHERE email = $1\", email)",
        "poc_exploit_json": {
          "payload": "' OR '1'='1",
          "description": "Authentication bypass via boolean injection"
        },
        "poc_validated": true,
        "fingerprint": "abc123def456",
        "agent_reasoning": "Direct string concatenation in SQL query creates SQL injection vulnerability",
        "created_at": "2026-03-12T10:05:23Z",
        "updated_at": "2026-03-12T10:05:23Z"
      }
    ],
    "total": 5,
    "page": 1,
    "per_page": 10,
    "total_pages": 1
  }
}

Path Parameters

string

required

The unique identifier (UUID) of the scan

Query Parameters

severity

string

Filter findings by severity level. Possible values:

critical - Critical severity vulnerabilities
high - High severity vulnerabilities
medium - Medium severity vulnerabilities
low - Low severity vulnerabilities

status

string

Filter findings by status. Possible values:

open - Newly discovered findings
confirmed - Manually confirmed as valid
dismissed - Dismissed by user
false_positive - Marked as false positive
fixed - Vulnerability has been fixed

page

integer

default:"1"

Page number for pagination (minimum: 1)

per_page

integer

default:"25"

Number of items per page (minimum: 1, maximum: 100)

Response

Returns a paginated list of findings:

items

array

Array of finding objects

Show Finding Object

string

Unique identifier (UUID) of the finding

scan_id

string

ID of the scan that discovered this finding

repo_id

string

ID of the repository

source

string

Source of the finding: ai, static, or dependencies

status

string

Current status of the finding

severity

string

Severity level: critical, high, medium, or low

confidence

string

Confidence level: high, medium, or low

title

string

Brief title describing the vulnerability

description

string

Detailed description of the vulnerability

cwe_id

string

Common Weakness Enumeration identifier (e.g., “CWE-89”)

cve_id

string

Common Vulnerabilities and Exposures identifier (e.g., “CVE-2024-1234”)

file_path

string

Path to the vulnerable file

line_start

integer

Starting line number of the vulnerability

line_end

integer

Ending line number of the vulnerability

code_snippet

string

Code snippet showing the vulnerability

suggested_patch

string

AI-generated patch suggestion

poc_exploit_json

object

Proof-of-concept exploit details (JSON)

poc_validated

boolean

Whether the PoC exploit has been validated

fingerprint

string

Unique fingerprint for deduplication

agent_reasoning

string

AI agent’s reasoning for flagging this finding

created_at

string

ISO 8601 timestamp when the finding was created

updated_at

string

ISO 8601 timestamp when the finding was last updated

total

integer

Total number of findings matching the filters

page

integer

Current page number

per_page

integer

Number of items per page

total_pages

integer

Total number of pages available

curl -X GET "https://api.heimdall.dev/api/scans/550e8400-e29b-41d4-a716-446655440000/findings?severity=critical&page=1&per_page=10" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

{
  "success": true,
  "data": {
    "items": [
      {
        "id": "3f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1c",
        "scan_id": "550e8400-e29b-41d4-a716-446655440000",
        "repo_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
        "source": "ai",
        "status": "open",
        "severity": "critical",
        "confidence": "high",
        "title": "SQL Injection in user authentication",
        "description": "User input is directly concatenated into SQL query without sanitization",
        "cwe_id": "CWE-89",
        "cve_id": null,
        "file_path": "src/auth/login.rs",
        "line_start": 42,
        "line_end": 45,
        "code_snippet": "let query = format!(\"SELECT * FROM users WHERE email = '{}'\", email);",
        "suggested_patch": "Use parameterized queries: sqlx::query!(\"SELECT * FROM users WHERE email = $1\", email)",
        "poc_exploit_json": {
          "payload": "' OR '1'='1",
          "description": "Authentication bypass via boolean injection"
        },
        "poc_validated": true,
        "fingerprint": "abc123def456",
        "agent_reasoning": "Direct string concatenation in SQL query creates SQL injection vulnerability",
        "created_at": "2026-03-12T10:05:23Z",
        "updated_at": "2026-03-12T10:05:23Z"
      }
    ],
    "total": 5,
    "page": 1,
    "per_page": 10,
    "total_pages": 1
  }
}

Cancel Scan

Get Threat Model

⌘I

Build docs developers (and LLMs) love

Get started for free Talk to us

Authentication

Repositories

Scans

Findings

Settings

Webhooks

Get Scan Findings

Path Parameters

Query Parameters

Response

Build docs developers (and LLMs) love

Authentication

Repositories

Scans

Findings

Settings

Webhooks

​Path Parameters

​Query Parameters

​Response

Build docs developers (and LLMs) love

Path Parameters

Query Parameters

Response