Get Scan Details - API

/rest/{version}/scans/{scanId}

Descriptor	Value
HTTP Method	GET
Description	Retrieves scan information.
Required Permission	Read Access (Any Role)
Version Introduced	2.3.0
Changes in 2.5.0.2	Added "originalFileNames" field to response.
Changes in 2.5.1	Added the updatedDate field to the response. This field is present when using older REST versions as well.
Changes in 2.7	Added scan metadata information to the REST call response.
Changes in 2.8	Added Pagination parameters "page" and "pageSize" to all versions of this call. Findings are now sorted by severity, then scanner vulnerability type name, then path.

Request Header Parameters

Parameter	Value	Required	Description
Accept	String	Yes	A value of ‘application/json’ must be provided.

Request GET Parameters

Parameter	Value	Required	Description
page	Integer	No	Which page of findings to retrieve of size "pageSize". Defaults to 1 if not provided.
pageSize	Integer	No	How many findings to retrieve per "page". Defaults to 10000 if not provided and cannot be greater than 10000.

Sample Call:

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" http://localhost:8080/threadfix/rest/latest/scans/1?page=2&pageSize=20

Sample Output:

{
    "message": "",
    "success": true,
    "responseCode": -1,
    "object": {
        "id": 30,
        "importTime": 1309962639000,
		"updatedDate": 1309962639000,
        "numberClosedVulnerabilities": 0,
        "numberNewVulnerabilities": 13,
        "numberOldVulnerabilities": 0,
        "numberResurfacedVulnerabilities": 0,
        "numberTotalVulnerabilities": 13,
        "numberRepeatResults": 0,
        "numberRepeatFindings": 0,
        "numberInfoVulnerabilities": 2,
        "numberLowVulnerabilities": 0,
        "numberMediumVulnerabilities": 6,
        "numberHighVulnerabilities": 5,
        "numberCriticalVulnerabilities": 0,
        "findings": [
            {
                "id": 25007,
                "longDescription": null,
                "attackString": null,
                "attackRequest": "",
                "attackResponse": "",
                "nativeId": "b0f20dd0cf08dbea8da5744fcbdd1ebf",
                "displayId": null,
                "surfaceLocation": {
                    "id": 25007,
                    "parameter": "username",
                    "path": "/demo/SQLI2.php"
                },
                "sourceFileLocation": null,
                "dataFlowElements": [],
				"findingCves": [],
                "calculatedUrlPath": "/demo/SQLI2.php",
                "calculatedFilePath": "",
                "dependency": null,
                "severity": "High",
                "vulnerabilityType": "SQL injection vulnerability"
            },
            {
                "id": 25008,
                "longDescription": null,
                "attackString": null,
                "attackRequest": "",
                "attackResponse": "",
                "nativeId": "766f606f9e293342f98fe53e704d2875",
                "displayId": null,
                "surfaceLocation": {
                    "id": 25008,
                    "parameter": "username",
                    "path": "/demo/XPathInjection2.php"
                },
                "sourceFileLocation": null,
                "dataFlowElements": [],
                "calculatedUrlPath": "/demo/XPathInjection2.php",
                "calculatedFilePath": "",
                "dependency": null,
                "severity": "Medium",
                "vulnerabilityType": "XPATH injection vulnerability"
            },
            ///... Omitted findings for brevity
        ],
        "originalFileNames": [
            "w3af-demo-site.xml",
            "w3af-demo-site-2.xml"
        ],
		"scanMetadata": [],
        "originalFileNames": [],
        "scannerName": "w3af",
        "numberUnassignedVulnerabilities": 0,
    }
}