Get Scan Findings

curl -X GET "https://api.heimdall.dev/api/scans/550e8400-e29b-41d4-a716-446655440000/findings?severity=critical&page=1&per_page=10" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

{
  "success": true,
  "data": {
    "items": [
      {
        "id": "3f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1c",
        "scan_id": "550e8400-e29b-41d4-a716-446655440000",
        "repo_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
        "source": "ai",
        "status": "open",
        "severity": "critical",
        "confidence": "high",
        "title": "SQL Injection in user authentication",
        "description": "User input is directly concatenated into SQL query without sanitization",
        "cwe_id": "CWE-89",
        "cve_id": null,
        "file_path": "src/auth/login.rs",
        "line_start": 42,
        "line_end": 45,
        "code_snippet": "let query = format!(\"SELECT * FROM users WHERE email = '{}'\", email);",
        "suggested_patch": "Use parameterized queries: sqlx::query!(\"SELECT * FROM users WHERE email = $1\", email)",
        "poc_exploit_json": {
          "payload": "' OR '1'='1",
          "description": "Authentication bypass via boolean injection"
        },
        "poc_validated": true,
        "fingerprint": "abc123def456",
        "agent_reasoning": "Direct string concatenation in SQL query creates SQL injection vulnerability",
        "created_at": "2026-03-12T10:05:23Z",
        "updated_at": "2026-03-12T10:05:23Z"
      }
    ],
    "total": 5,
    "page": 1,
    "per_page": 10,
    "total_pages": 1
  }
}

GET

api

scans

{id}

findings

curl -X GET "https://api.heimdall.dev/api/scans/550e8400-e29b-41d4-a716-446655440000/findings?severity=critical&page=1&per_page=10" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

{
  "success": true,
  "data": {
    "items": [
      {
        "id": "3f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1c",
        "scan_id": "550e8400-e29b-41d4-a716-446655440000",
        "repo_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
        "source": "ai",
        "status": "open",
        "severity": "critical",
        "confidence": "high",
        "title": "SQL Injection in user authentication",
        "description": "User input is directly concatenated into SQL query without sanitization",
        "cwe_id": "CWE-89",
        "cve_id": null,
        "file_path": "src/auth/login.rs",
        "line_start": 42,
        "line_end": 45,
        "code_snippet": "let query = format!(\"SELECT * FROM users WHERE email = '{}'\", email);",
        "suggested_patch": "Use parameterized queries: sqlx::query!(\"SELECT * FROM users WHERE email = $1\", email)",
        "poc_exploit_json": {
          "payload": "' OR '1'='1",
          "description": "Authentication bypass via boolean injection"
        },
        "poc_validated": true,
        "fingerprint": "abc123def456",
        "agent_reasoning": "Direct string concatenation in SQL query creates SQL injection vulnerability",
        "created_at": "2026-03-12T10:05:23Z",
        "updated_at": "2026-03-12T10:05:23Z"
      }
    ],
    "total": 5,
    "page": 1,
    "per_page": 10,
    "total_pages": 1
  }
}

Path Parameters

string

required

The unique identifier (UUID) of the scan

Query Parameters

severity

string

Filter findings by severity level. Possible values:

critical - Critical severity vulnerabilities
high - High severity vulnerabilities
medium - Medium severity vulnerabilities
low - Low severity vulnerabilities

status

string

Filter findings by status. Possible values:

open - Newly discovered findings
confirmed - Manually confirmed as valid
dismissed - Dismissed by user
false_positive - Marked as false positive
fixed - Vulnerability has been fixed

page

integer

default:"1"

Page number for pagination (minimum: 1)

per_page

integer

default:"25"

Number of items per page (minimum: 1, maximum: 100)

Response

Returns a paginated list of findings:

items

array

Array of finding objects

Show Finding Object

string

Unique identifier (UUID) of the finding

scan_id

string

ID of the scan that discovered this finding

repo_id

string

ID of the repository

source

string

Source of the finding: ai, static, or dependencies

status

string

Current status of the finding

severity

string

Severity level: critical, high, medium, or low

confidence

string

Confidence level: high, medium, or low

title

string

Brief title describing the vulnerability

description

string

Detailed description of the vulnerability

cwe_id

string

Common Weakness Enumeration identifier (e.g., “CWE-89”)

cve_id

string

Common Vulnerabilities and Exposures identifier (e.g., “CVE-2024-1234”)

file_path

string

Path to the vulnerable file

line_start

integer

Starting line number of the vulnerability

line_end

integer

Ending line number of the vulnerability

code_snippet

string

Code snippet showing the vulnerability

suggested_patch

string

AI-generated patch suggestion

poc_exploit_json

object

Proof-of-concept exploit details (JSON)

poc_validated

boolean

Whether the PoC exploit has been validated

fingerprint

string

Unique fingerprint for deduplication

agent_reasoning

string

AI agent’s reasoning for flagging this finding

created_at

string

ISO 8601 timestamp when the finding was created

updated_at

string

ISO 8601 timestamp when the finding was last updated

total

integer

Total number of findings matching the filters

page

integer

Current page number

per_page

integer

Number of items per page

total_pages

integer

Total number of pages available

curl -X GET "https://api.heimdall.dev/api/scans/550e8400-e29b-41d4-a716-446655440000/findings?severity=critical&page=1&per_page=10" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

{
  "success": true,
  "data": {
    "items": [
      {
        "id": "3f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1c",
        "scan_id": "550e8400-e29b-41d4-a716-446655440000",
        "repo_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
        "source": "ai",
        "status": "open",
        "severity": "critical",
        "confidence": "high",
        "title": "SQL Injection in user authentication",
        "description": "User input is directly concatenated into SQL query without sanitization",
        "cwe_id": "CWE-89",
        "cve_id": null,
        "file_path": "src/auth/login.rs",
        "line_start": 42,
        "line_end": 45,
        "code_snippet": "let query = format!(\"SELECT * FROM users WHERE email = '{}'\", email);",
        "suggested_patch": "Use parameterized queries: sqlx::query!(\"SELECT * FROM users WHERE email = $1\", email)",
        "poc_exploit_json": {
          "payload": "' OR '1'='1",
          "description": "Authentication bypass via boolean injection"
        },
        "poc_validated": true,
        "fingerprint": "abc123def456",
        "agent_reasoning": "Direct string concatenation in SQL query creates SQL injection vulnerability",
        "created_at": "2026-03-12T10:05:23Z",
        "updated_at": "2026-03-12T10:05:23Z"
      }
    ],
    "total": 5,
    "page": 1,
    "per_page": 10,
    "total_pages": 1
  }
}

Cancel Scan

Get Threat Model

⌘I

Authentication

Repositories

Scans

Findings

Settings

Webhooks

Get Scan Findings

Path Parameters

Query Parameters

Response

Authentication

Repositories

Scans

Findings

Settings

Webhooks

Documentation Index

​Path Parameters

​Query Parameters

​Response

Path Parameters

Query Parameters

Response