List security findings

GET

/security/findings

const url = 'https://shoehorn.example.com/api/v1/security/findings?severity=critical&status=open&limit=20';
const options = {method: 'GET'};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request GET \
  --url 'https://shoehorn.example.com/api/v1/security/findings?severity=critical&status=open&limit=20'

Returns security findings across all entities.

Parameters

Query Parameters

severity

string

Allowed values: critical high medium low info

entity_id

string

type

string

status

string

Allowed values: open acknowledged resolved false_positive

limit

integer

default: 20

cursor

string

Responses

200

Paginated security findings

application/json

object

findings

Array<object>

object

string format: uuid

entity_id

string

entity_name

string

type

E.g., missing_owner, no_readme, exposed_secret

string

severity

string

Allowed values: critical high medium low info

status

string

Allowed values: open acknowledged resolved false_positive

title

string

description

string

remediation

Suggested fix

string

source

E.g., scorecard, scanner, manual

string

created_at

string format: date-time

resolved_at

string format: date-time

pagination

object

total

integer

nextCursor

string

Example

{
  "findings": [
    {
      "severity": "critical",
      "status": "open"
    }
  ]
}