Skip to main content
GET
/
v1
/
findings
List findings
curl --request GET \
  --url https://api.app.chainloop.dev/v1/findings \
  --header 'Authorization: Bearer <token>'
{
  "pagination": {
    "total_count": 1,
    "page": 0,
    "total_pages": 5,
    "page_size": 6
  },
  "results": [
    {
      "severity": "FINDING_SEVERITY_UNSPECIFIED",
      "package_purl": "package_purl",
      "first_seen_at": "2000-01-23T04:56:07.000Z",
      "recommendation": "recommendation",
      "external_id": "external_id",
      "source": "source",
      "vulnerability": {
        "is_in_kev": true,
        "description": "description",
        "cvss_vectors": [
          "cvss_vectors",
          "cvss_vectors"
        ]
      },
      "finding_type": "FINDING_TYPE_UNSPECIFIED",
      "project_name": "project_name",
      "status_detail": "FINDING_STATUS_DETAIL_UNSPECIFIED",
      "resolution_reason": "FINDING_RESOLUTION_REASON_UNSPECIFIED",
      "project_version_name": "project_version_name",
      "fixed_version": "fixed_version",
      "artifact_ids": [
        "artifact_ids",
        "artifact_ids"
      ],
      "assessment_ids": [
        "assessment_ids",
        "assessment_ids"
      ],
      "id": "id",
      "effective_assessment_status": "ASSESSMENT_STATUS_UNSPECIFIED",
      "last_seen_at": "2000-01-23T04:56:07.000Z",
      "status": "FINDING_STATUS_UNSPECIFIED"
    },
    {
      "severity": "FINDING_SEVERITY_UNSPECIFIED",
      "package_purl": "package_purl",
      "first_seen_at": "2000-01-23T04:56:07.000Z",
      "recommendation": "recommendation",
      "external_id": "external_id",
      "source": "source",
      "vulnerability": {
        "is_in_kev": true,
        "description": "description",
        "cvss_vectors": [
          "cvss_vectors",
          "cvss_vectors"
        ]
      },
      "finding_type": "FINDING_TYPE_UNSPECIFIED",
      "project_name": "project_name",
      "status_detail": "FINDING_STATUS_DETAIL_UNSPECIFIED",
      "resolution_reason": "FINDING_RESOLUTION_REASON_UNSPECIFIED",
      "project_version_name": "project_version_name",
      "fixed_version": "fixed_version",
      "artifact_ids": [
        "artifact_ids",
        "artifact_ids"
      ],
      "assessment_ids": [
        "assessment_ids",
        "assessment_ids"
      ],
      "id": "id",
      "effective_assessment_status": "ASSESSMENT_STATUS_UNSPECIFIED",
      "last_seen_at": "2000-01-23T04:56:07.000Z",
      "status": "FINDING_STATUS_UNSPECIFIED"
    }
  ]
}

Authorizations

Authorization
string
header
required

Bearer token for authentication

Query Parameters

project_name
string

Filter by project name

Filter findings by project name

project_version_name
string

Filter by project version name

Filter findings by project version name

severity
enum<string>[]

Filter by severity levels

Filter by one or more severity levels

Available options:
FINDING_SEVERITY_UNSPECIFIED,
FINDING_SEVERITY_CRITICAL,
FINDING_SEVERITY_HIGH,
FINDING_SEVERITY_MEDIUM,
FINDING_SEVERITY_LOW,
FINDING_SEVERITY_INFO,
FINDING_SEVERITY_UNKNOWN
status
enum<string>[]

Filter by statuses

Filter by one or more statuses

  • FINDING_STATUS_OPEN: OPEN: newly detected finding, not yet triaged or acted upon
  • FINDING_STATUS_IN_PROGRESS: IN_PROGRESS: finding is being investigated or actively remediated
  • FINDING_STATUS_RESOLVED: RESOLVED: finding has been fixed, mitigated, or otherwise closed (see resolution_reason for details)
  • FINDING_STATUS_REJECTED: REJECTED: finding has been dismissed by an operator (e.g. false positive, risk accepted, out of scope)
Available options:
FINDING_STATUS_UNSPECIFIED,
FINDING_STATUS_OPEN,
FINDING_STATUS_IN_PROGRESS,
FINDING_STATUS_RESOLVED,
FINDING_STATUS_REJECTED
finding_type
enum<string>[]

Filter by finding types

Filter by one or more finding types

Available options:
FINDING_TYPE_UNSPECIFIED,
FINDING_TYPE_VULNERABILITY
is_in_kev
boolean

Filter by KEV membership

Filter by whether the finding is in the CISA KEV catalog

search
string

Search by external ID substring

Search findings by external ID (e.g. CVE identifier)

pagination.page
integer<int32>

The (zero-based) offset of the first item returned in the collection.

pagination.page_size
integer<int32>

The maximum number of entries to return. If the value exceeds the maximum, then the maximum value will be used.

sort_by
enum<string>
default:FINDING_LIST_SORT_BY_UNSPECIFIED

Sort field. Defaults to severity when not specified.

Available options:
FINDING_LIST_SORT_BY_UNSPECIFIED,
FINDING_LIST_SORT_BY_SEVERITY,
FINDING_LIST_SORT_BY_LAST_SEEN_AT,
FINDING_LIST_SORT_BY_FIRST_SEEN_AT,
FINDING_LIST_SORT_BY_CREATED_AT
sort_direction
enum<string>
default:FINDING_LIST_SORT_DIRECTION_UNSPECIFIED

Sort direction. Defaults to descending when not specified.

Available options:
FINDING_LIST_SORT_DIRECTION_UNSPECIFIED,
FINDING_LIST_SORT_DIRECTION_ASC,
FINDING_LIST_SORT_DIRECTION_DESC
is_assessed
boolean

Filter by assessment status: true = only findings with at least one linked assessment, false = only unassessed findings

Filter by whether the finding has been assessed

is_fixable
boolean

Filter by fixability: true = only findings with a fixed_version or recommendation, false = only without

Filter by whether the finding has a fix available (fixed_version or recommendation)

Response

A successful response.

Response for the List method

results
FindingListItem · object[]
pagination
OffsetPaginationResponse is used to return the pagination information · object
Example:
{
  "total_count": 1,
  "page": 0,
  "total_pages": 5,
  "page_size": 6
}